Trainings at Security Fest 2025

Security Fest 2025 is proud to present two training sessions,held by the good people from in.security!

Here you'll find teasers and some information about the trainings.

Both trainings will be held on June 2-3, 2025, near the main venue of Security Fest in Gothenburg, Sweden.

Purchasing a training ticket will also give you access to the conference on June 4-5, 2025.

Further details and registration will be available soon!

Hacking Enterprises — 2025 Red Edition

Our 2025 revision is a major update — a new lab built from the ground up with new and exciting content! Hacking Enterprises is the natural counterpart to our popular Defending Enterprises course.

In this multi-layered offensive engagement, you will fully compromise a simulated enterprise in this immersive hands-on course that covers a multitude of TTP's. Using modern techniques and focusing on exploiting configuration weaknesses rather than throwing traditional exploits, your logical thinking and creativity will definitely be put to the test!

During this realistic threat emulation, you'll perform OSINT reconnaissance to identify both technical and human initial access vectors for a fictional organisation. After phishing, you'll identify multiple networks, some easily accessible, others not so. Targeting modern operating systems including Windows Server 2025 on a modern enterprise VDI environment, you'll implant and establish C2, but manual techniques will always be emphasised so you're equipped with the knowledge to work without reliance on frameworks.

With real-world challenges, you'll perform hands-on exercises including exploitative phishing against simulated users, overcoming network egress restrictions to establish C2, tackle IPv6, perform proxying, pivoting and tunnelling, subvert AMSI, AV and AWL, perform active user attacks and credential harvesting, passphrase cracking, lateral movement, MSSQL and ADCS abuse, abusing domain trusts, performing Microsoft Entra attacks, persistence and much more!

With 14 hands-on exercises you'll gain real-world experience in the following areas:

  • Exploitative phishing
  • C2 infrastructure and beacon deployment
  • IPv6 discovery, enumeration and exploitation
  • Pivoting, routing, tunnelling and SOCKS proxies
  • Abusing CI/CD platforms
  • Active user attacks, coercion, privilege escalation and credential harvesting
  • Bypassing AWL
  • P@ssphras3 cracking
  • Active Directory Certificate Services (AD CS) abuse
  • MSSQL linked server discovery, execution and exploitation
  • Lateral movement for domain trust exploitation
  • Entra IMDS exploitation for secret stealing
  • ... and much more!

We know 2 days isn't a lot of time, so you'll also get 14-days FREE lab time after class, Discord access for support and access to a post-training CTF containing hosts and networks not seen during training!

Hacking Enterprises 2025 Red Edition

 

 

Defending Enterprises — 2025 Edition

Updated for 2025, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.

You'll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA's and IOC's from a live enterprise breach executed by the trainers in real time.

Whether you're new to Kusto Query Language (KQL) or a seasoned pro, there's plenty for you in the 2-days! Yes, we're using Microsoft Sentinel, but the underlying threat detection theory, logic and threat hunting approach is transferable into your own environments, whatever your preferred platform.

We look at the top 10+ methods we use in offensive engagements and show how these can be caught, along with numerous other examples and methods that go above and beyond these common TTPs!

This training goes beyond threat hunting as we peek into the world of detection engineering and the processes involved in converting logic into alerts!

With 14 hands-on exercises, many of which also featuring extra time and bonus content, you'll gain real-world experience in the following areas:

  • MITRE ATT&CK, CAR and D3fend frameworks
  • Introduction to Kusto Query Language (KQL)
  • Reviewing popular phishing attacks and living off the land techniques
  • Locating C2 traffic and beaconing activity
  • Detecting persistence activities
  • Digging into credential exploitation (Kerberoasting, Pass-the-Hash, Pass-the-Ticket, DCSync)
  • Reviewing Active Directory Certificate Services (ADCS) attacks
  • Identifying lateral movement (WinRM, SMB)
  • Cloud Attacks (Azure IMDS, Authentication Tokens, Conditional Access, App Registrations)
  • ... and much more!

We know 2 days isn't a lot of time, so you'll also get 14-days FREE lab time after class and Discord access for support.

Defending Enterprises 2025 Edition

 

WHAT TO EXPECT

Two great conference days

We're honoured to have some amazing renowned speakers from all over the world, in two great conference days! Learn. Inspire. Connect.

Location and weather

The Security Fest conference is held in Gothenburg, on the west coast of Sweden, in the beginning of summer: a perfect time to visit Sweden!

Party and mingle

There's plenty of time to meet and talk to the speakers and the other conference attendees! There's a awesome party on Thursday evening!

Venue and accommodation

Security Fest is held in Elite Park Avenue Hotel in Gothenburg.

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.
Get newsletter →