SCYTHE 5.1 Released  Read More
    Emulating APT41: A Two-Hour Hands-On Workshop

    Overview

    Keyword detections are a starting point, not a finish line. Adversaries have been bypassing them for years; a renamed binary, an obfuscated string, a slight payload variation, and your alert never fires. In this two-hour workshop, we close that gap. Using SCYTHE and Splunk, we'll demonstrate exactly how keyword-based rules fall short in practice, then walk you through the evolution to state-based detection. 

    Hunting on the changes that have to happen: file creation, registry modification, user creation, and other durable endpoint artifacts that adversaries can't easily mask.If an attacker touched the system, something changed. Learn to find it.

    What you'll walk away with:
    > A clear mental model for why keyword detections fail and when
    >Hands-on reps deploying adversary behavior with SCYTHE and hunting in Splunk
    >State-based detection logic you can implement immediately
    >A framework for hunting on endpoint state, not process telemetry alone

    Whether you're on the detection engineering side or purple team, this one's for you.

    📅  15 July 2026

    🕐 1 - 4 PM (ET)

    All you need is just a computer with a compatible web browser and of course, your appetite to learn 😉

    Please register using a valid email address so we can provision your VMware lab environment before the workshop