Trainings at Security Fest 2025

Security Fest 2025 is proud to present two training sessions,held by the good people from in.security!

Here you'll find necessary information about the trainings.
This information was updated 2025-02-03.

About the instructors

in.security is a UK-based company that specialises in delivering high-quality, hands-on training in the field of cybersecurity. Their trainers are experienced professionals who have worked in a variety of roles within the industry.

Will (@Stealthsploit) has been in infosec for over 15 years, co-founded In.security in 2018 and as a pentester has helped secure many organisations through technical security services and training. Will's delivered hacking courses globally at several conferences including Black Hat, has spoken at several conferences and events and helps run Password Village at DEFCON. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.

Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over two decades of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin' Fest, NolaCon, 44CON, TROOPERS, BruCON and Hack in Paris. He keeps projects at github.com/rebootuser.

About the trainings

Both trainings will be held on June 2-3, 2025, near the main venue of Security Fest in Gothenburg, Sweden.

Purchasing a training ticket will also give you access to the conference on June 4-5, 2025.
Also included in the training ticket price is a light breakfast, lunch and coffee/tea breaks (fika) during the training days.

Training Ticket price: 20 000 SEK (excl. VAT)
(early bird price for the first few tickets sold: 16 000 SEK)

Hacking Enterprises — 2025 Red Edition

Duration: 2 days

Description

Our 2025 revision is a major update — a new lab built from the ground up with new and exciting content! Hacking Enterprises is the natural counterpart to our popular Defending Enterprises course.

In this multi-layered offensive engagement, you will fully compromise a simulated enterprise in this immersive hands-on course that covers a multitude of TTP's. Using modern techniques and focusing on exploiting configuration weaknesses rather than throwing traditional exploits, your logical thinking and creativity will definitely be put to the test!

During this realistic threat emulation, you'll perform OSINT reconnaissance to identify initial access vectors for a fictional organisation. Later, you'll phish your way in where you'll identify multiple networks, some easily accessible, others not so. Targeting modern operating systems including Windows Server 2025 within an enterprise VDI environment, you'll implant and establish C2, but manual techniques will always be emphasised so you're equipped with the knowledge to work without reliance on frameworks.

With real-world challenges, you'll perform hands-on exercises including exploitative phishing against simulated users, tackle IPv6, perform proxying, pivoting and tunnelling, subvert AMSI, AV and AWL, credential harvesting, passphrase cracking, lateral movement, MSSQL and ADCS abuse, abusing domain trusts, performing Microsoft Azure attacks, persistence and much more!

We know 2 days isn't a lot of time, so you'll also get 14-days FREE lab time after class, Discord access for support and access to a post-training CTF containing hosts and networks not seen during training!

Agenda

Day 1

  • MITRE ATT&CK framework
  • Offensive OSINT
  • IPv6 discovery, enumeration and exploitation
  • Pivoting, routing, tunnelling and SOCKS proxies
  • Linux living off the land and post exploitation
  • P@ssw0rd cracking — custom character-set attacks
  • Exploitative phishing against our simulated enterprise users
  • C2 infrastructure and beacon deployment
  • Living off the land in Windows

Day 2

  • P@ssphras3 cracking
  • Situational awareness and domain recon
  • Windows exploitation and privilege escalation techniques
  • Windows Defender/AMSI and UAC bypasses
  • Credential harvesting
  • RDP hijacking
  • Bypassing AWL
  • Active Directory Certificate Services (AD CS) abuse
  • MSSQL linked server discovery, execution and exploitation
  • Lateral movement for domain trust exploitation
  • Azure IMDS exploitation for secret stealing

After Class

We realise that training courses are limited for time and therefore students are also provided with the following:

  • 14-day extended LAB access after the course finishes
  • 14-day access to a CTF platform including challenges not discussed/seen during training!
  • Discord support channel access
  • All students have access to a training platform (during the event and for 14-days after training completes) in which exercises are provided along with detailed instructions on how to achieve the task.

Who Should Attend?

This training is suited to a variety of students, including:

  • Penetration testers / Red Team operators
  • SOC analysts
  • Security professionals
  • IT Support, administrative and network personnel

Who Should Not Attend?

Non-technical individuals would not be suited to this course and anyone who is not comfortable at a Linux/Windows command line.

Requirements

  • A firm familiarity of Windows and Linux command line syntax
  • Understanding of networking concepts
  • Previous pentesting and/or SOC experience is advantageous, but not required

Student Should Bring

  • Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
  • Students will need to have access to RDP and SSH and OpenVPN clients on their laptop
Hacking Enterprises 2025 Red Edition

 

 

Defending Enterprises — 2025 Edition

Duration: 2 days

Description

Updated for 2025, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.

You'll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA's and IOC's from a live enterprise breach executed by the trainers in real time.

Whether you're new to Kusto Query Language (KQL) or a seasoned pro, there's plenty for you in the 2-days! Yes, we're using Microsoft Sentinel, but the underlying threat detection theory, logic and threat hunting approach is transferable into your own environments, whatever your preferred platform.

We look at the top 10+ methods we use in offensive engagements and show how these can be caught, along with numerous other examples and methods that go above and beyond these common TTPs!

This training goes beyond threat hunting as we peek into the world of detection engineering and the processes involved in converting logic into alerts!

With 14 hands-on exercises, many of which also featuring extra time and bonus content, you'll gain real-world experience in the following areas:

Day 1

  • MITRE ATT&CK, CAR and D3fend frameworks
  • Defensive OSINT
  • Logging and event data
  • Overview of the Kusto Query Language (KQL) and Microsoft Sentinel
  • Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)
  • Detecting phishing attacks and living off the land binary (LOBAS) abuse
  • Detecting C2 traffic and beacons HTTPS/DNS
  • Microsoft Windows Defender for Endpoint (MDE)/Defender for Identity
  • Detecting persistence activities
  • Detecting credential exploitation
  • Kerberoasting
  • Pass-the-Hash

Day 2

  • Pass-the-Ticket
  • Detecting Active Directory Certificate Services (ADCS) attacks
  • Detecting DCSync attacks
  • Detecting lateral movement within a network
  • Cloud attacks
  • Conditional Access Policies
  • Azure Managed Service Accounts
  • Authentication Token Abuse
  • Consent Phishing and App Registrations

After Class

We realise that training courses are limited for time and therefore students are also provided with the following:

  • 14-day extended LAB access after the course finishes
  • Discord support channel access
  • All students have access to a training platform (during the event and for 14-days after training completes) in which exercises are provided along with detailed instructions on how to achieve the task.

Who Should Attend?

This training is suited to a variety of students, including:

  • SOC analysts
  • Security professionals
  • Penetration testers
  • IT Support, administrative and network personnel

Who Should Not Attend?

Non-technical individuals would not be suited to this course.

Requirements

Detection methods will be taught during training, however an understanding of KQL concepts would be beneficial, and previous SOC experience and/or pentesting is advantageous but not required.

Student Should Bring

  • Students will need to have access to a laptop and their favourite browser!
Defending Enterprises 2025 Edition

 

WHAT TO EXPECT

Two great conference days

We're honoured to have some amazing renowned speakers from all over the world, in two great conference days! Learn. Inspire. Connect.

Location and weather

The Security Fest conference is held in Gothenburg, on the west coast of Sweden, in the beginning of summer: a perfect time to visit Sweden!

Party and mingle

There's plenty of time to meet and talk to the speakers and the other conference attendees! There's a awesome party on Thursday evening!

Venue and accommodation

Security Fest is held in Elite Park Avenue Hotel in Gothenburg.

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.
Get newsletter →