The training is divided into five sections: Initial Foothold, Gaining Access, Offensive Coding, Internal Reconnaissance, and Lateral Movement. Each section will be covered in depth, providing technical evidence of how each technique works. Red team exercises will be performed to assess responsiveness and detection capabilities. As a red teamer, it is important to understand what each tool and command you use is doing behind the scenes to provide proper guidance. The training will help you understand the tools and techniques used during a red team exercise, develop your own toolset, adapt existing tools when needed, identify new techniques or potential evasion tricks, and gain an overview of the popular methods used in red team exercises.

Expect to perform code reviews, network analysis, code behavior analysis, and write code to enhance your red team capabilities.

More information

This intensive, hands-on training provides an immersive dive into practical threat modeling, refined over a decade of Black Hat delivery and grounded in 25 years of expertise. Avoiding a lecture-heavy format, 70% of the course is dedicated to real-world exercises and scenario-based learning, ensuring participants gain practical, immediately applicable skills.

The training is annually updated with the latest threat intelligence for 2025/2026, including crucial vulnerabilities in LLM and Agentic AI systems. Participants will work in teams on diverse case studies—from microservices and cloud systems to AI-driven chatbots and Agentic architectures—covering data flow diagramming, STRIDE analysis, attack tree construction, and applying GDPR risk patterns.

Key features include using MITRE ATT&CK for threat-informed defense and integrating threat modeling into DevOps/security-by-design workflows. A pre-training assessment ensures foundational readiness. Upon completion, passing an examination and a submitted threat model earns the "Certified Threat Modeling Practitioner" certificate, supported by continued access to a Threat Modeling Playbook and one year of online resources.

More information

The Offensive Active Directory Operations Certification (OADOC) is a beginner-to-advanced, hands-on course designed for cybersecurity professionals who want to build and refine their skills in modern Active Directory exploitation. This immersive program places students inside realistic enterprise environments and guides them through progressively challenging attack scenarios that mirror real adversary tactics. Participants will work across both Windows and Linux attack paths, gaining practical experience in navigating and exploiting Active Directory infrastructures configured with the latest forest functional levels. Whether you’re new to AD security or working toward expert-level tradecraft, OADOC delivers the structured, real-world training needed to understand, assess, and exploit complex AD environments with confidence.

More information

Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical upskill in your ability to analyze Rust binaries. You will learn how to effectively triage Rust binaries, how to trace data flow through Rust binaries, and how to tackle common techniques found in the Rust malware ecosystem.

This course is aimed at malware reverse engineers, but vulnerability researchers and software reverse engineers who have Rust targets will also find the course valuable. This course is taught and written by an experienced malware reverse engineer, Cindy Xiao, with extensive experience specifically in reversing Rust binaries. Real Rust malware samples will be used in the course for practice.

More information

Corellium’s mobile application security workshop teaches mobile app security techniques, including realtime network traffic analysis, reverse engineering, security controls bypass techniques, and manipulate runtime manipulation.

This hands-on session delivers practical, high-impact techniques to tackle real-world challenges. For security professionals who thrive on exposing exploitable flaws, you’ll leave equipped to handle the common mobile app security challenges, from identifying data leakage risks to manipulating runtime behavior on demand.

Designed for penetration testers, security researchers, red and blue team members, mobile developers, compliance professionals, and other power users interested in mobile app security.

BONUS: As a participant of this workshop, you will receive a one week trial of Corellium Viper, and access to a hands-on mobile CTF.

More information

The Offensive Development Practitioner Certification (ODPC) is designed to take you deep into the realities of modern defense evasion and offensive tooling, providing the hands-on experience needed to operate at an advanced level. Through live, instructor-supported labs, you’ll learn how to overcome real-world security mechanisms by working directly with Terraform-deployed environments, performing PE file conversions, and executing advanced process-injection strategies. The course then expands into expert-level offensive development, including in-depth exploration of Cobalt Strike command-and-control frameworks, sandbox detection evasion, and sophisticated EDR bypass techniques. You’ll also develop the ability to design and deploy custom payloads, building reflective DLL loaders, engineering AMSI and ETW bypasses, and crafting tailored offensive tooling from the ground up. By blending deep technical instruction with practical, interactive labs, ODPC gives you the knowledge, skills, and confidence to understand—and outmaneuver—modern defensive technologies.

More information

The Attacking & Securing CI/CD Pipeline Certification (ASCPC) is a practical, results focused course designed for DevOps professionals, security engineers, and developers who need a working understanding of how to secure the fast-changing threat landscape around CI/CD pipelines. The program mixes guided labs with real attack scenarios, so participants learn by doing, not just watching. Throughout the course, learners work directly with modern CI/CD tools such as GitHub Actions, CircleCI, Docker, Kubernetes, Azure DevOps, and AWS CodeBuild. Each lab mirrors realistic threat paths, highlights common weaknesses, and reinforces defensive engineering techniques that teams can apply immediately in their own environments.

More information

FalconForce developed a specialist workshop for security professionals to help taking their detection engineering capabilities to the next level. An ultimate detection engineering learning experience with the opportunity to go all-in with real-life, hands-on lab exercises.

The training covers a full, realistic attacker scenario in an enterprise environment: from the endpoint, through the Active Directory and into the cloud environment.

This training is led by experienced instructors that teach students to:

• Understand how to research an attacker technique used in corporate environments.
• Build resilient detections that are harder to evade by an attacker.
• Validate their detections to make sure they keep functioning as intended.

The training focuses on Microsoft Sentinel and Defender XDR, but concepts can be applied to other stacks as well.

More information

Offensive GCP Operations & Tactics Certification (OGOTC) is an advanced, hands-on training course designed to provide security professionals, penetration testers, and cloud engineers with a deep understanding of the security landscape within Google Cloud Platform (GCP). This course covers the full attack lifecycle, from initial access to post-exploitation, equipping participants with the skills to identify, exploit, and defend against real-world vulnerabilities in GCP environments.

The course begins with an overview of GCP architecture, focusing on key services like Compute Engine, Cloud Storage, BigQuery, and Cloud Run. Participants will learn how to perform both unauthenticated and authenticated enumeration using techniques such as API abuse, DNS reconnaissance, and Google Dorking. The course then explores initial access methods, including credential theft, phishing (Evilginx), and misconfigured IAM roles. Hands-on labs will demonstrate privilege escalation, lateral movement through service accounts, and data exfiltration using GCP services.

Participants will also explore command and control (C2) strategies using GCP services and discover how to abuse metadata servers for escalation. Advanced modules cover Kubernetes exploitation, including pod compromise and privilege abuse within clusters. The course concludes with defensive strategies, showing how to harden IAM policies, secure APIs, and prevent privilege escalation.

More information

Before you can secure or break AI applications, you need to understand how they’re built.

Build

This hands-on training starts with first principles and an engineering mindset. You’ll learn how real GenAI applications are built - from interacting with LLM APIs to working with embeddings, VectorDBs, RAG pipelines, agentic systems, MCPs, LangSmith and essential tooling. Through guided labs, you’ll explore these components deeply and ultimately build your own RAG based threat-modeling agent.

Break

Next, we shift into offensive security by attacking real applications in our labs. You’ll practice classic and indirect prompt injection, sensitive data disclosure, and agentic-architecture attacks. We also cover MCP exploitation by building custom MCP servers, and explore model backdoors using real-world examples. You’ll learn to reason about threats across the entire AI stack.

Defend

Finally, we focus on defense; implementing guardrails, using MCP gateways for observability, fixing vulnerabilities shown in earlier labs, and applying agentic security patterns. We also cover AI security tooling and how to integrate it into the SDLC.

More information