Hands-on Workshops

Get hands-on with innovative technology

Explore the power of the CrowdStrike Falcon® platform through technical training and immersive workshops designed for today’s cyber defenders. Go beyond theory with direct access to the tools, tactics, and workflows that help teams detect faster, respond smarter, and stop breaches with confidence.

The full agenda will be available in June. Stay tuned for updates.

A sophisticated adversary — SCATTERED SPIDER — is already inside your environment. Are you ready to respond? In this hands-on workshop, you'll lead a coordinated defense using CrowdStrike Endpoint Security and the AI-native Falcon platform.

A sophisticated adversary — SCATTERED SPIDER — is already inside your environment. Are you ready to respond? In this hands-on workshop, you'll lead a coordinated defense using CrowdStrike Endpoint Security and the AI-native Falcon platform.
What you’ll do:

Detect attacker movements across endpoints, identities, and cloud workloads
Respond in real time with layered defenses via the Falcon platform
Accelerate investigations with CrowdStrike® Charlotte AITM and leverage automated containment strategies to stop attacks
Uncover adversary insights from CrowdStrike Falcon® Counter Adversary Operations
Learn to rapidly identify hidden risks and confidently execute end-to-end remediation

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
LIMINAL PANDA is a stealthy threat actor that exploits misconfigurations and unmanaged change, thriving in environments lacking continuous visibility or validation. In this hands-on workshop, you’ll use CrowdStrike Falcon® for IT to detect risk and take control before adversaries strike.

LIMINAL PANDA is a stealthy threat actor that exploits misconfigurations and unmanaged change, thriving in environments lacking continuous visibility or validation. In this hands-on workshop, you’ll u ...
What you’ll do:

Leverage AI-powered posture awareness and guided remediation to surface and prioritize misconfigurations in real time
Strengthen resilience for critical applications, ensuring essential software stays secure and operational
Enforce hardening and compliance standards automatically and at scale
Execute a proactive defense with unified telemetry and AI-driven insights
Respond with precision and automate corrections at scale

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
CHATTY SPIDER thrives in the noise by weaponizing phishing, social engineering, and fast-moving credential theft to slip past siloed defenses. In this hands-on workshop, you’ll use CrowdStrike Falcon® Next-Gen SIEM to detect activity from this modern eCrime adversary and surface threats hidden in plain sight.

CHATTY SPIDER thrives in the noise by weaponizing phishing, social engineering, and fast-moving credential theft to slip past siloed defenses. In this hands-on workshop, you’ll use CrowdStrike Falcon® ...
What you’ll do:

Defend with unified telemetry, threat intelligence, AI, UEBA, and integrated case management
Respond across the entire attack chain by correlating data across endpoint, identity, and cloud
Break down silos, cut investigation time, and automate enrichment, triage, and detection workflows
Outpace CHATTY SPIDER with an AI-native platform built for speed, efficiency, and cross-domain visibility

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
SCATTERED SPIDER doesn’t break in — they log in. This adversary uses social engineering, session hijacking, and stolen credentials to bypass traditional defenses and blend in alongside legitimate users. In this hands-on workshop, you’ll learn how to detect, defend against, and respond to identity-based threats using CrowdStrike Falcon® Identity Protection across cloud, SaaS, and on-prem environments.

SCATTERED SPIDER doesn’t break in — they log in. This adversary uses social engineering, session hijacking, and stolen credentials to bypass traditional defenses and blend in alongside legitimate user ...
What you’ll do:

Gain real-time visibility into privilege escalation, misconfigurations, and credential abuse
See how AI-native detection and response can help you investigate faster and shut down attacks before they spread
Leverage automated workflows to enhance investigations and respond instantly
Eliminate blind spots, disrupt identity attacks, and stop SCATTERED SPIDER

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
LABYRINTH CHOLLIMA is a stealthy, persistent adversary built to breach cloud and AI environments. In this hands-on workshop, you’ll use CrowdStrike Falcon® Cloud Security to stop them before their access turns into a breach.

LABYRINTH CHOLLIMA is a stealthy, persistent adversary built to breach cloud and AI environments. In this hands-on workshop, you’ll use CrowdStrike Falcon® Cloud Security to stop them before their acc ...
What you’ll do:

Reduce your attack surface with policy enforcement and automated guardrails
Detect real-world attack paths targeting cloud and AI infrastructure
Respond to evasive behaviors as they unfold in runtime
Automate defenses to eliminate blind spots and harden your environment
Learn how to streamline security by embedding prevention into DevOps workflows

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
OPERATOR PANDA exploits opportunity by targeting internet-exposed infrastructure, lateral movement routes, and overlooked misconfigurations to establish long-term access. In this hands-on workshop, you’ll use CrowdStrike Falcon® Exposure Management to detect risk across endpoints, servers, and network-connected devices before it can be turned into a foothold.

OPERATOR PANDA exploits opportunity by targeting internet-exposed infrastructure, lateral movement routes, and overlooked misconfigurations to establish long-term access. In this hands-on workshop, yo ...
What you’ll do:

Use Charlotte AI, AI-driven attack path analysis, and asset criticality scoring to respond to priority threats
Learn how to automate remediation workflows, enforce policy through CrowdStrike Falcon® Fusion SOAR
Cut response time from hours to minutes
Break the adversary’s chain of opportunity before OPERATOR PANDA can turn it into a breach

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
FAMOUS CHOLLIMA, a North Korean adversary group, blends into developer environments using stolen identities, remote access tools, and malware hidden in coding challenges. In this hands-on workshop, you’ll investigate a simulated intrusion using CrowdStrike Falcon® Adversary Intelligence and Charlotte AI to detect nation-state tactics in motion.

FAMOUS CHOLLIMA, a North Korean adversary group, blends into developer environments using stolen identities, remote access tools, and malware hidden in coding challenges. In this hands-on workshop, yo ...
What you’ll do:

Analyze detections flagged by OverWatch, de-obfuscate malicious scripts, and trace attacker activity through the process tree
Respond to threat signals by detonating malware, reviewing adversary infrastructure, and mapping TTPs to MITRE techniques
Learn how to automate threat enrichment and hunting workflows
Accelerate your ability to uncover and disrupt adversary activity

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
Russian adversaries like COZY BEAR use stealthy phishing and device code techniques to infiltrate networks undetected. In this session, ride along with a CrowdStrike Falcon® Complete analyst to investigate a sophisticated cloud-based intrusion.

Russian adversaries like COZY BEAR use stealthy phishing and device code techniques to infiltrate networks undetected. In this session, ride along with a CrowdStrike Falcon® Complete analyst to invest ...
What you’ll do:

Learn how Falcon Complete uses the Falcon platform to detect malicious behavior, respond to evolving threats, and automate workflows
Track attacker movement and reconstruct the attack path
Deploy countermeasures before impact
Learn how Falcon Complete accelerates triage and containment in real time

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
PUNK SPIDER specializes in stealth by using encryption, obfuscation, and insider access to quietly exfiltrate sensitive data from endpoints and cloud environments. In this hands-on workshop, you’ll use CrowdStrike Falcon® Data Protection to detect, defend against, and respond to real-world data theft scenarios across hybrid environments.

PUNK SPIDER specializes in stealth by using encryption, obfuscation, and insider access to quietly exfiltrate sensitive data from endpoints and cloud environments. In this hands-on workshop, you’ll us ...
What you’ll do:

Leverage deep visibility into data flow and policy-driven enforcement to prevent leaks
Detect GenAI-related leaks and encrypted exfiltration attempts
Stop unauthorized data egress with automated and orchestrated response actions
Stop PUNK SPIDER before they can turn access into theft

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
SaaS apps drive productivity, but also introduces immense risks. Adversaries like COZY BEAR exploit dormant OAuth apps, overprivileged accounts, and misconfigurations to move undetected. In this hands-on workshop, you’ll use CrowdStrike Falcon® Shield to secure the SaaS-layer.

SaaS apps drive productivity, but also introduces immense risks. Adversaries like COZY BEAR exploit dormant OAuth apps, overprivileged accounts, and misconfigurations to move undetected. In this hands ...
What you’ll do:

Detect misconfigurations, respond to suspicious activity, and automate policy enforcement across your SaaS stack
Investigate OAuth abuse, privilege escalation, and risky integrations
Learn how to take control of fragmented SaaS environments
Build a unified defense that stops SaaS-layer attacks before they become breaches

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
Improve your incident response preparedness through this controlled, high fidelity attack simulation. Apply real-world response strategies under pressure, sharpen technical workflows, and build confidence in your ability to manage active security incidents.

Improve your incident response preparedness through this controlled, high fidelity attack simulation. Apply real-world response strategies under pressure, sharpen technical workflows, and build confid ...
What you’ll do:

Act as part of the response team to an in progress cyberattack
Defend against a red team equipped with a range of adversarial tactics to challenge protections and expose gaps
Use the Falcon platform to detect, investigate, and contain threats across endpoint, identity, and cloud environments

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.
Compete in an interactive, hands-on scavenger hunt using the Falcon platform console to uncover insider threats linked to DPRK adversary FAMOUS CHOLLIMA.

Compete in an interactive, hands-on scavenger hunt using the Falcon platform console to uncover insider threats linked to DPRK adversary FAMOUS CHOLLIMA.
What you’ll do:

Get briefed on adversary tactics like DevTunnel abuse and remote access tool use
Go hands-on with the Falcon platform to investigate and detect insider threats
Compete with your peers via timed clues, a live leaderboard, and gamified challenges

Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

Hands-on Workshops

Hands-on Workshops

Get hands-on with innovative technology

Register your team today

Insider Updates

Insider Updates

Big Discounts

Big Discounts

Special Hotel Rates

Special Hotel Rates