Maxim Deweerdt

Beyond MFA: A Defender's Guide to Token Theft and AiTM

MFA alone can’t stop token theft and AITM attacks. This session shows defenders how phishing-resistant authentication, Conditional Access, Continuous Access Evaluation, and token controls can strengthen identity defenses.

AI and Identity in 2026: A Defender's Field Guide to Agents, Copilot, and Governance

AI agents are entering identity and SOC workflows fast. This session gives defenders a practical guide to agent identities, Microsoft Copilot, Entra Agent ID, and governance frameworks to secure AI without slowing adoption.

Entra Agent ID: from Detection to Response

This session explores how agent identities work in Microsoft Entra ID, how to detect abuse, and how SOC teams can respond quickly without disrupting critical business workflows.

Empowering a modern SOC with AI: Practical Use Cases and Wiping Media in (Anti-)Forensics: Exploring Hard Drive Erasure Methods for DFIR

Empowering a modern SOC with AI: practical use cases with SANS Principal Instructor Maxim Deweerdt and Wiping Media in (Anti-)Forensics: Exploring Hard Drive Erasure Methods for DFIR with SANS Instructor Seth Enoka

Empowering a Modern SOC With AI: Practical Use Cases

This presentation explores the transformative role of Artificial Intelligence (AI) in modern SOCs, focusing on its application to improve threat detection, automate incident responses, and enable predictive analytics for a proactive defense strategy.

Hunting for Suspicious HTTPS and TLS Connections

This talk navigates the landscape of HTTPS and TLS connections, distinguishing between encrypted and unencrypted HTTPS, and outlining methods to identify suspicious activities.