Fall Cyber Solutions Fest 2025: Threat Track

Thu, Nov 6, 2025
9:30AM - 5:15PM EST
English
Ismael Valenzuela
Solutions Forum

Thank You To Our Sponsors

Moving from clicking alerts to actively hunting threats takes planning, the right data, and the right tools. In 2025, with AI and automation everywhere, it’s more important than ever to stay ahead of attackers, arming yourself with clear intelligence, full visibility, and smart processes to catch problems before they become crises.

Attackers are now making effective use of AI too, creating fake identities, automated phishing, and constantly changing malware. Still, behind every tool is still a real person (or group) with goals. Organizations need to have a balance of automated analysis with human judgment so you can spot true threats in the noise.

There’s no shortage of threat intelligence sources either: open source, commercial, vendor, and community. Yet many teams struggle to turn intelligence into real defense. In this track, you’ll learn to plug intelligence directly into your security tools, while equipping humans to do better analysis: enriching alerts instantly, mapping threats to the MITRE ATT&CK framework, and sharpening your hunting approach based on what adversaries actually do.

Key Takeaways for 2025:

Plan regular, data-driven hunt campaigns instead of one-off investigations
Embed threat intelligence into SIEM, SOAR, XDR, and NDR workflows
Use AI to speed up indicator triage and add context fast
Combine automated analytics with focused human-led hunts
Focus on high-quality intelligence that fits your environment

What to Expect:

Smart Alert Enrichment: Automatically add useful context to indicators without flooding your team.
Next-Gen XDR & MDR: Learn how managed services and orchestration speed up hunts.
Live CTI Demos: See real examples of turning raw threat feeds into detection rules.
Automated Hunting Playbooks: Create repeatable tasks across XDR, NDR, and cloud logs.
Actionable Intelligence Guides: Pick the best data sources and turn them into playbooks your team will use.

Join Ismael Valenzuela, author and SANS senior instructor, as we explore the most successful strategies and opportunities for implementing these tactics in your organization.

Get Connected —> Join us on Slack!

Full Fall Cyber Solutions Fest Track List:

Emerging Technologies Track | Nov 4
Cloud Identity and Access Management Track | Nov 5
SOC Track | Nov 5
Threat Track | Nov 6
AI Track | Nov 6

Schedule

Showing 18 of 18

Filter by:

Select day:

Event Kickoff

09:30AM - 09:45AM EST

Presented by

Ismael Valenzuela

Senior Instructor

Virtual

Preemptive Cyber Defense: Finding Adversary Infrastructure Before the Attack

Cyber threats are evolving faster than ever, driven by generative AI and advanced automation. The volume of stolen money crossing borders and leaving the western economies is now at a pivotal point where it has effects on geo-political power, similar to the golden age of piracy. Traditional security measures can no longer keep up, leaving organizations vulnerable to attacks and whole nations reeling from the macro effects. But what if you could identify and stop cyber threats before they even begin?

In this session, Matt Lembright, Senior Solutions Engineer at Silent Push will demonstrate how a shift from reactive to preemptive cybersecurity is not only possible, but necessary.

*Sponsored by Silent Push

09:45AM - 10:25AM EST

Presented by

Matt Lembright

Senior Solutions Engineer

Virtual

Exposing Lateral Movement with Modern NDR

Threat actors are constantly evolving their tactics, forcing defenders to adapt just as quickly. Every new campaign brings fresh techniques designed to evade traditional detection and exploit blind spots. And once attackers establish a foothold, lateral movement becomes their fastest route to high-value assets.

But what if the earliest indicators of compromise are hiding in plain sight? Encrypted network protocols—the very ones that enable legitimate operations across your environment—also provide attackers with built-in cover for their movement.

In this session, Jamie Moles of ExtraHop will explore how modern Network Detection and Response (NDR) exposes those encrypted pathways to detect adversaries long before they complete their mission. You’ll learn which tools and protocols threat actors rely on for lateral movement, how encryption conceals malicious behavior, and how decryption and traffic analysis techniques can power precise detections and efficient investigations.

*Sponsored by ExtraHop

10:25AM - 11:05AM EST

Presented by

Jamie Moles

Head of Technical Marketing

Virtual

Break

11:05AM - 11:15AM EST

Virtual

When Machines Impersonate: Using IP and Network Intelligence to Detect AI-Driven Threat Actors

As artificial intelligence becomes increasingly accessible, cybercriminals are harnessing its power to mimic legitimate user behavior with alarming precision. From evading traditional detection systems to staging sophisticated social engineering attacks, AI-driven threat actors are blurring the line between real and synthetic activity.

This webinar will explore how organizations can leverage IP and network-layer intelligence to counter these evolving threats. We’ll break down real-world examples of AI-driven impersonation, highlight the weaknesses of legacy security approaches, and demonstrate how enriched IP data, traffic analysis, and behavioral baselining help expose anomalies that AI-generated activity can’t fully conceal.

*Sponsored by Spur

11:15AM - 11:45AM EST

Presented by

Riley Kilmer

Co-Founder

Virtual

Customized Threat Intelligence Feeds for an AI-Driven World

Learn how to build custom threat intelligence feeds that integrate directly with AI to strengthen defenses. This session covers data collection, curation, and enrichment techniques that enhance AI accuracy, reduce bias, and improve detection of subtle attack patterns.

*Sponsored by ReversingLabs

11:45AM - 12:15PM EST

Presented by

Richard Robitaille-Muffler

Director, Product Management

Stuart Phillips

Sr. Cybersecurity Marketing Strategist

Virtual

Web of Evasion: Tracking Latrodectus Loader’s Detection Bypass Tactics

Meet the cunning Latrodectus loader, first emerged in 2023, which has become a "go-to" tool for cybercriminals in the past year. Mainly functioning as a downloader, it employs advanced anti-analysis, evasion techniques, and encryption schemes, which all have hardened the loader to evade traditional malware detection. By examining its rapid development cycle and potential trajectory during the year of 2024 and 2025, we offer insights into its growing popularity as a preferred downloader in the cybercrime ecosystem.

*Sponsored by VMRay

12:15PM - 12:45PM EST

Presented by

Albert Zsigovits

Senior Threat Researcher

Virtual

TTP-Led Threat Detection for Preemptive Cyber Defense

Take a guided tour of the Silent Push preemptive cyber defense platform and see how TTP-led defense, focused on pre-attack behaviors, uncovers malicious infrastructure before it is weaponized. Learn how using Indicators of Future Attack helps organizations move beyond reactive detection to achieve a truly proactive security posture.

*Sponsored by Silent Push

12:45PM - 01:05PM EST

Presented by

Matt Lembright

Senior Solutions Engineer

Virtual

Break

01:05PM - 01:15PM EST

Virtual

Agentic AI in Cybersecurity: From Assistants to Autonomous Defenders

This session explores how Agentic AI is reshaping cybersecurity, evolving from task-based assistants to autonomous defenders capable of proactive threat detection, incident response, and adaptive defense. We will cover practical use cases in financial services, risks and safeguards of AI adoption, and how organizations can prepare for an AI-driven threat landscape. Attendees will gain actionable insights into leveraging Agentic AI responsibly to enhance resilience against advanced cyber adversaries.

*Sponsored by SOCRadar

01:15PM - 01:45PM EST

Presented by

Ensar Seker

Vice President of Research and CISO

Virtual

The Curious Case of the Vanishing Threat Intel: How Modern Threat Intelligence Platforms Can Help Cyber Detectives Crack the Case

There's been a cyberattack at Baskerville Bank! Production systems have been encrypted, the customer portal's been down for 12 hours, and data exfiltration has been suspected. Can Threatlock Holmes, armed only with a threat intelligence platform and his keen intellect, crack the case?

In this talk, we conduct a "back to basics" review of the benefits of legacy threat intelligence platforms, then dive into what to look for in a more modern TIP.

*Sponsored by ThreatConnect

01:45PM - 02:15PM EST

Presented by

Dan Cole

VP of Product Marketing

Virtual

Supercharging Your SIEM, A Defender's Guide to AI with an NDR MCP Server

This presentation redefines the security analyst's experience, demonstrating how AI empowers defenders to conversationally interrogate their SIEM using plain English. Discover how an NDR MCP server provides the rich, real-time context necessary for AI to understand your natural language questions and deliver immediate, actionable insights without writing a single complex query or correlation rule.

*Sponsored by Corelight

02:15PM - 02:45PM EST

Presented by

James Pope

Director of Technical Marketing Engineering

Virtual

How to Leverage Threat Intelligence Without Drowning: The Zero Noise Approach

Cloud threat intelligence should simplify detection—but often creates noise instead. With vast TI data and automated attacks flooding alerts, many teams struggle to separate real threats from background noise.

This session introduces the Zero Noise Approach—a methodology for ingesting and operationalizing Cloud TI through attacker-based baselines, continuous feedback loops, and a “no alert left behind” mindset. Learn how this approach turns TI from overwhelming to actionable, with real-world case studies showing how organizations achieved higher fidelity detections and clearer visibility into attacker TTPs.

*Sponsored by Wiz

02:45PM - 03:15PM EST

Presented by

Yotam Meitar

Director, Cloud Detection & Response

Virtual

Break

03:15PM - 03:25PM EST

Virtual

2025 State of the Internet Report: Malicious Infrastructure

In this presentation of Censys's 2025 State of the Internet Report, we'll examine malicious infrastructure from multiple angles: Internet-scale trends across malware families, geographies, and networks; the lifespans of C2 services measured both by network availability and content signals; and how these structural patterns play out in real incidents and disruption efforts.

Threat research often focuses on the mechanics of malware and threat actor tooling, but in this talk, we'll explore how studying infrastructure can provide complementary insights and help practitioners investigate and track nefarious activity.

*Sponsored by Censys

03:25PM - 03:55PM EST

Presented by

Emily Austin

Principal Researcher

Virtual

The Shape-Shifting Threat: How to Detect Polymorphic AI Malware

AI has fundamentally altered the way threats are created and detected. Hype aside, the reality is AI has empowered adversaries to create malware that generates, obfuscates, and modifies its own code. AI enables dynamic payloads that evade detection by never writing to disk and running solely in memory instead. This introduces a new class of malware that significantly weakens the effectiveness of traditional antivirus signature matching and static detection methods.

This webinar will examine how polymorphic AI malware works by demoing a live PoC example, then review its usage in real-world threats. Best of all, we’ll cover how to go beyond known signatures and other static, predictable patterns to detect its usage and build threat-informed defenses.

Join us to learn:

What polymorphic AI malware is–and why it has fundamentally shifted threat detection approaches
How polymorphic AI malware works, with a live proof of concept overview
How real-world adversaries like APT28 are using it in observed attacks
How to reframe your detection strategies to identify its use
How to operationalize threat intelligence on AI-powered attacks into threat-informed defenses

*Sponsored by CardinalOps

03:55PM - 04:25PM EST

Presented by

Liora Itkin

Security Researcher

Virtual

Panel Discussion

04:25PM - 05:10PM EST

Moderated by

Ismael Valenzuela

Senior Instructor

Presented by

Matt Lembright

Senior Solutions Engineer

Jamie Moles

Head of Technical Marketing

Virtual

Closing Remarks

05:10PM - 05:15PM EST

Presented by

Ismael Valenzuela

Senior Instructor

Virtual

Meet Your Speaker

Ismael Valenzuela

Vice President Threat Research & Intelligence

Ismael is a Senior SANS Instructor and Arctic Wolf VP. Author of SEC530 and a prestigious GSE-certified expert, he blends decades of SOC, threat research, and community contributions to equip defenders with resilient, adversary-aware strategies.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Fall Cyber Solutions Fest 2025: Threat Track

Share

Thank You To Our Sponsors

Key Takeaways for 2025:

What to Expect:

Get Connected —> Join us on Slack!

Full Fall Cyber Solutions Fest Track List: