Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Hack & Defend Summit & Training 2025

  • Tue, Oct 28 - Tue, Nov 4, 2025
  • 9 Courses
  • 12 CPEs (Summit Only)
  • 1 Tournament
  • English
Omni Austin Hotel Downtown & Virtual (CT)
700 San Jacinto at 8th Street, Austin, TX 78701
Hack & Defend Summit & Training
Jump to:

Offense Informs Defense. Defense Informs Offense.

Organizations face a critical disconnect between offensive security experts who identify vulnerabilities and defensive teams tasked with protecting systems. The Hack & Defend Summit brings these different security professionals together to learn from each other and build better protection strategies. By working together instead of separately, we can create stronger defenses against real threats.

  • Slide 1 of 2
    Hack & Defend Summit & Training 2025, Instructors Holding Microphones
  • Slide 2 of 2
    Hack & Defend Summit & Training 2025, Stage

Join us this October in Austin, TX for practical workshops, presentations from experts, and network with other security professionals. Whether you're interested in finding vulnerabilities, defending systems, or managing security teams, the Hack & Defend Summit will help you learn new skills and protect against cyber-attacks.

What Attendees Say

  • Slide 1 of 4
    An enriching experience that exceeded my expectations. The comprehensive range of expert-led sessions provided valuable insights into the latest cybersecurity trends and cutting-edge techniques.
    Mahima Dharmasena
  • Slide 2 of 4
    This is an amazing opportunity to learn from the best and to network with the most encouraging people.
    Amanda D.
  • Slide 3 of 4
    Overall, all the presenters were great. I not only learned a lot. I realized I have a lot to learn.
    Richard B.
  • Slide 4 of 4
    The Summit was relevant to what I do, the problems my company faces, our challenges, etc...The speakers are icons in this space.
    Jonathan Heese
Slide 1 of 0

Register

Summit and Course Registration

from $8,780 USD
In personIncludes
  • Course: Live Instructor Training with Hands-on Exercises
  • Summit: Talks, Presentations and Workshops
  • Core Netwars Tournament
Select course to Enroll
Live onlineIncludes
  • Course: Virtual Live Instructor Training with Hands-on Exercises
  • Summit: Select Talks and Content
  • Summit: Interactive Chat on Slack
Select course to Enroll

Summit Registration Only

from Free
$645 USD*Prices exclude applicable local taxes
In personIncludes
  • Free Lunch and Snacks
Attend In PersonLogin to register
Free
Live onlineIncludes
  • Interactive Chat on Slack
  • Talks and Sessions
Login to register
Important Dates
Refund Deadline:
Hotel Group Discount Deadline:

Courses

Looking for Group Purchasing? Contact Us

GIAC Certification

1 free practice test when you add a certification exam attempt to your course. Available for select courses below.

Extra 4 Months of Course Access

Add OnDemand access for 4 months to help you prepare for your GIAC exam. Available for select courses below.

NetWars Tournament

Play two evenings of the Core NetWars Tournament. Free with purchase of a 4, 5, or 6 day course

Showing 9 of 9
Filter by:

SEC503: Network Monitoring and Threat Detection In-Depth

Intermediate
SEC503Cyber Defense
SEC503: Network Monitoring and Threat Detection In-Depth
  • GIAC Certified Intrusion Analyst
  • 6 Days
  • 46 CPEs
  • Andrew Laman
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

SEC504: Hacker Tools, Techniques, and Incident Handling

Essentials
SEC504Offensive Operations
SEC504: Hacker Tools, Techniques, and Incident Handling
  • GIAC Certified Incident Handler
  • 6 Days
  • 38 CPEs
  • Ron Hamann
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

SEC542: Web App Penetration Testing and Ethical Hacking

Intermediate
SEC542Offensive Operations
SEC542: Web App Penetration Testing and Ethical Hacking
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:Virtual

SEC560: Enterprise Penetration Testing

Intermediate
SEC560Offensive Operations
SEC560: Enterprise Penetration Testing
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring

Intermediate
SEC511Cyber Defense
SEC511: Continuous Monitoring and Security Operations
  • GIAC Continuous Monitoring Certification
  • 6 Days
  • 46 CPEs
  • Tim Garcia
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses

Major UpdatesIntermediate
SEC599Offensive Operations
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
  • GIAC Defending Advanced Threats
  • 6 Days
  • 36 CPEs
  • Michel Coene
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise

Intermediate
SEC530Cyber Defense
SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
  • GIAC Defensible Security Architecture
  • 6 Days
  • 36 CPEs
  • Greg Scheidel
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations

Major UpdatesIntermediate
SEC450Cyber Defense
SEC450: Blue Team Fundamentals: Security Operations and Analysis
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

SEC588: Cloud Penetration Testing

Intermediate
SEC588Offensive Operations
SEC588: Cloud Penetration Testing
  • GIAC Cloud Penetration Tester
  • 6 Days
  • 36 CPEs
  • Moses Frost
  • Starts 30 Oct 2025 at 8:30 AM CT
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

Advisory Board

Stephen Sims

Stephen Sims

Research Fellow

Stephen Sims, an esteemed vulnerability researcher and exploit developer, has significantly advanced cybersecurity by authoring SANS's most advanced courses and co-authoring the "Gray Hat Hacking" series.

Learn more
John Hubbard

John Hubbard

Consultant

John redefined modern SOC operations by engineering globally adopted blue team strategies and co-creating the GSOC cert. Through the Blueprint podcast and SANS leadership, he’s unified thousands of defenders around real-world detection tactics.

Learn more
Huascar Tejeda

Huascar Tejeda

Huáscar Tejeda is a seasoned cybersecurity expert with 20+ years of notable achievements in IT and Telecommunications. Huáscar is co-author of the Gray Hat Hacking 6th edition.

Learn more
Ingrid Parker

Ingrid Parker

Senior Manager of Threat Hunting

Ingrid is currently the Manger of Intelligence at Red Canary.

Learn more
Jason Ostrom

Jason Ostrom

Founder and Principal Consultant

Jason Ostrom has revolutionized cybersecurity by developing open-source tools like PurpleCloud and Automated Emulation, enabling scalable adversary emulation in cloud environments.

Learn more
Jeff McJunkin

Jeff McJunkin

CEO

Jeff McJunkin, Rogue Valley InfoSec founder, has led Fortune 100 pen tests and shaped Core NetWars. His key role in SANS Holiday Hack Challenge and hands-on security innovations continue to elevate the industry, advancing defenses worldwide.

Learn more

Schedule

Summit Dates

Tuesday, 28 October - Wednesday, 29 October

Training Dates

Thursday, 30 October - Tuesday, 4 November

Showing 15 of 35
Filter by:

Welcome and Opening Remarks

Summit Day 108:45AM - 09:00AM CDT
In-Person & Virtual

Keynote | To Be Announced

Summit Day 109:00AM - 09:45AM CDT

Presented by

Pedram Amini

Chief Scientist

Pedram Amini
In-Person & Virtual

Break

Summit Day 109:45AM - 10:00AM CDT
In-Person & Virtual

Blue Team | High-Fidelity Threat Hunting: Unveiling Insider Threats Beyond the Logs...The Dual-Identity Evasion Technique

Traditionally, security monitoring assumes that SIEM technologies will be accurate and provide a comprehensive picture of network activity, but what happens when we find that the events recorded by these technologies are insufficient, and we don't have the proper telemetry?

Summit Day 110:00AM - 10:35AM CDT

Presented by

Oscar Cárcamo

Threat Management Sr Specialist

Oscar Cárcamo
In-Person & Virtual

Red Team Workshop | To Be Announced

Summit Day 110:00AM - 12:00PM CDT
In-Person

Red Team Workshop | To Be Announced

Summit Day 110:00AM - 12:00PM CDT
In-Person

Blue Team | Outside the Debugger: Effective Malware Analysis for Everyday Defenders

The misconception: Malware analysis requires deep assembly knowledge and reversing skills. The reality: Many practical insights can be gained through simple, freely available tools/frameworks. Target audience: Blue teamers who need actionable intel without becoming RE experts.

Summit Day 110:40AM - 11:15AM CDT

Presented by

Abdul Mhanni

DFIR Analyst

Abdul Mhanni
In-Person & Virtual

Blue Team | The Hunt for Silent Compromise: Detecting Cloud-Native Persistence Without Malware or Alerts

As attackers evolve beyond malware and implants, defenders must learn to hunt compromise that never triggers an alert.

Summit Day 111:20AM - 11:55AM CDT

Presented by

Ankit Gupta

Senior Security Engineer

Ankit Gupta

Shilpi Mittal

Lead IT Security Engineer

Shilpi Mittal
In-Person & Virtual

Lunch

Summit Day 112:00PM - 01:30PM CDT
In-Person & Virtual

Red Team | Breaking Entra: Real-World Cloud Identity Attacks You Can Recreate

Identity has become the new perimeter and in Microsoft Entra ID (formerly Azure Active Directory), it's also the easiest one to break. Misconfigured apps, over-scoped permissions, and weak conditional access open the door to attackers who know where to look.

Summit Day 101:30PM - 02:05PM CDT

Presented by

Tomer Nahum

Security Research Team Lead

Tomer Nahum

Jonathan Elkabas

Security Researcher

Jonathan Elkabas
In-Person & Virtual

Blue Team Workshop | To Be Announced

Summit Day 101:30PM - 03:30PM CDT
In-Person

Blue Team Workshop | To Be Announced

Summit Day 101:30PM - 03:30PM CDT
In-Person

Red Team | The Evolution of Syscalls: A Winding Path to Untraceable Execution

This presentation provides a step-by-step, technical exploration of the evolution of syscalls. It begins with the fundamental role of Win32 & NT Windows APIs in executing syscalls within kernel space.

Summit Day 102:10PM - 02:45PM CDT

Presented by

Thomas Xuan Meng

UK-Based Security Researcher

Thomas Xuan Meng
In-Person & Virtual

Red Team | To Be Announced

Summit Day 102:50PM - 03:25PM CDT
In-Person & Virtual

Wrap-Up

Summit Day 103:30PM - 04:00PM CDT
In-Person & Virtual

Welcome and Opening Remarks

Summit Day 208:45AM - 09:00AM CDT
In-Person & Virtual

Break

Summit Day 209:00AM - 09:15AM CDT
In-Person & Virtual

Keynote: Red Team | To Be Announced

Summit Day 209:15AM - 10:00AM CDT
In-Person & Virtual

Blue Team Workshop | To Be Announced

Summit Day 209:15AM - 12:30PM CDT

Red Team | Subverting macOS Applications and Security Controls through 0-Day Vulnerabilities

macOS combines a layered security model with a variety of enforcement mechanisms, including consent-based controls, code integrity validation, sandboxing, and runtime protections.

Summit Day 210:00AM - 10:35AM CDT

Presented by

Carlos Garrido

Red Team Operations Leader

Carlos Garrido
In-Person & Virtual

Red Team | When Attackers Tune In: Weaponizing LLM Fine-Tuning for Stealthy C2 and Exfiltration

Large Language Models (LLMs) like ChatGPT, Claude and Gemini are increasingly being integrated into enterprise environments for the purposes of automation, analytics, and decision-making.

Summit Day 210:35AM - 11:05AM CDT

Presented by

Bar Matalon

Threat Intelligence Team Lead

Bar Matalon

Noa Dekel

Senior Threat Intelligence Analyst

Noa Dekel
In-Person & Virtual

Break

Summit Day 211:05AM - 11:20AM CDT
In-Person & Virtual

Red Team | MEDSHIELD: Proactive Threat Modeling Framework for Connected IoT Care

Adversarial exploitation of medical devices, robotics, and smart hospital systems has emerged as a critical challenge as healthcare environments embrace interconnected, IoT enabled equipment.

Summit Day 211:20AM - 11:55AM CDT

Presented by

Dr. Jennifer Schieferle Uhlenbrock

Healthcare Cybersecurity Consultant

Dr. Jennifer Schieferle Uhlenbrock

Dr. Deepti Gupta

Assistant Professor

Dr. Deepti Gupta
In-Person & Virtual

Red Team | To Be Announced

Summit Day 211:55AM - 12:30PM CDT
In-Person & Virtual

Lunch

Summit Day 212:30PM - 01:30PM CDT
In-Person & Virtual

Keynote: Blue Team | To Be Announced

Summit Day 201:30PM - 02:05PM CDT
In-Person & Virtual

Red Team Workshop | To Be Announced

Summit Day 201:30PM - 04:30PM CDT
In-Person

Blue Team | Ambiguous Techniques: Determining Malice through Context

In the evolving landscape of cybersecurity, defenders face the challenge of distinguishing malicious activities from benign ones, particularly when dealing with ambiguous techniques--those whose observables lack sufficient clarity to determine intent with certainty.

Summit Day 202:05PM - 02:40PM CDT

Presented by

Antonia Feffer

Senior Cybersecurity Engineer

Antonia Feffer
In-Person & Virtual

Blue Team | Detecting the Undetectable: Post-Exploitation Threats in Kubernetes and Containerized Workloads

Kubernetes and container platforms have transformed deployment speed-but they also obscure post-exploitation activity behind abstraction layers.

Summit Day 202:40PM - 03:15PM CDT

Presented by

Advait Patel

Senior Site Reliability Engineer

Advait Patel
In-Person & Virtual

Break

Summit Day 203:15PM - 03:30PM CDT
In-Person & Virtual

Blue Team | Hidden in Plain Sight: SaaS AI Risks Blue Teams Miss

As enterprise platforms quietly integrate AI features into productivity suites, CRMs, and collaboration tools, Blue Teams are left blind to where data is flowing, what models are learning, and how risk is propagating.

Summit Day 203:30PM - 04:05PM CDT

Presented by

AD Edwards

AI and Cloud Governance Strategist

AD Edwards
In-Person & Virtual

Blue Team | From Exploit to Enterprise Risk: Scaling Purple Team Insights to Protect the Mission

Technical findings alone don't drive change-risk-informed insights do. In this talk, we'll explore how red and purple team activities can evolve from isolated exercises into enterprise-level enablers that directly inform mission resilience, operational risk decisions, and business prioritization.

Summit Day 204:05PM - 04:40PM CDT

Presented by

Anthony Switzer

Cybersecurity Executive

Anthony Switzer
In-Person & Virtual

Wrap-Up

Summit Day 204:55PM - 05:00PM CDT
In-Person & Virtual

Tournament: Core NetWars

Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

Training Event (Sunday)06:30PM - 09:30PM CST
In-Person

Tournament: Core NetWars

Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

Training Event (Monday)06:30PM - 09:30PM CST
In-Person

Omni Austin Hotel

Hotel Special Rates and Reservations

A special discounted rate of $299.00 S/D plus applicable taxes will be honored based on space availability.

A limited number of Government Per Diem rooms at the prevailing rate are available with proper ID.

All rates include the resort fee for a savings of $22 per day. The resort fee provides deluxe WiFi for unlimited devices, two bottles of water upon arrival (additional upon request), in-room coffee and tea offerings, complimentary local and 1-800 calls, 24/7 access to the fitness center with Peloton bikes, exclusive access to the heated rooftop pool and priority and discounted cabana & daybed rentals (subject to availability), priority reservations at Capital A Restaurant, daily digital edition of The Wall Street Journal, $2 off admission to the Bob Bullock Texas State History Museum, and $5 off a 2-hr rental at the Texas Rowing Center (paddleboard, canoe, kayak).

These items are subject to change.

These rates are only available through Friday, October 3, 2025.

Book A ReservationBook A Government Per Diem Reservation
Austin, Skyline

3 Reasons To Stay At The Event Venue

  • Ultimate Convenience

    Eliminate the hassle of daily commutes and wasted travel time. You’ll have everything you need—from your training to dining and amenities - all in one centralized, convenient location.

  • Seamless Networking Opportunities

    Stay where the action is! Maximize your chances to connect with fellow cybersecurity professionals and industry leaders - from impromptu conversations in the lobby to exclusive after-hours events.

  • All Day, All Event Access

    SANS live training events include bonus sessions exclusively at the venue. Staying on-site ensures you won’t miss these opportunities to grow your network and engage with peers beyond the conference agenda.

People Shaking Hands

More Information

test

Omni Austin Hotel

Stay in this downtown Austin hotel near 6th Street. Fresh from a multi-million dollar renovation, Omni Austin Hotel Downtown is better than ever. Renewed in mid-century style, this downtown Austin hotel offers vibrant color and playful details from the lobby to your guest room. Walk to the Austin Convention Center or the Texas State Capitol for business. Just blocks away, dive into Austin’s nightlife and hear live music in entertainment hotspots like Sixth Street, Rainey Street and the Red River Cultural District. At the hotel, pick up a coffee and a handcrafted pastry at President’s House Coffee and snack on laid-back fare at Capital A inside the hotel’s large glass-walled atrium.

Hotel Clerk Smiling at Guest
View Hotel

Venue Parking Rates

- Self-Parking: Not Available - Valet Parking: $59.00 (includes in/out privileges) Rates listed are prevailing and subject to change. Alternative Parking Options - SANS recommends researching nearby parking facilities for more affordable options. Below are some popular parking apps that can help you locate and reserve space during your training are SpotHero, ParkMobile and ParkWhiz. Distance from Nearby Airport - Austin-Bergstrom International Airport (AUS): Approximately 11 miles

Travel Arrangements and Parking
Google Maps

Sponsorship Opportunities

Sponsorship opportunities are currently available for SANS Hack & Defend Summit 2025. If your organization would be interested in sponsoring, please contact us for more information.

Person Using a Laptop
Contact Us