Hands-on Workshops

Hands-on Workshops

Get hands-on with innovative technology

Explore the power of the CrowdStrike Falcon® platform through technical training and immersive workshops designed for today’s cyber defenders. Go beyond theory with direct access to the tools, tactics, and workflows that help teams detect faster, respond smarter, and stop breaches with confidence.

The full agenda will be available in June. Stay tuned for updates.

  • A sophisticated adversary — SCATTERED SPIDER — is already inside your environment. Are you ready to respond? In this hands-on workshop, you'll lead a coordinated defense using CrowdStrike Endpoint Security and the AI-native Falcon platform.

    What you’ll do:

    • Detect attacker movements across endpoints, identities, and cloud workloads
    • Respond in real time with layered defenses via the Falcon platform
    • Accelerate investigations with CrowdStrike® Charlotte AITM and leverage automated containment strategies to stop attacks
    • Uncover adversary insights from CrowdStrike Falcon® Counter Adversary Operations
    • Learn to rapidly identify hidden risks and confidently execute end-to-end remediation


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • LIMINAL PANDA is a stealthy threat actor that exploits misconfigurations and unmanaged change, thriving in environments lacking continuous visibility or validation. In this hands-on workshop, you’ll use CrowdStrike Falcon® for IT to detect risk and take control before adversaries strike.

    What you’ll do:

    • Leverage AI-powered posture awareness and guided remediation to surface and prioritize misconfigurations in real time
    • Strengthen resilience for critical applications, ensuring essential software stays secure and operational
    • Enforce hardening and compliance standards automatically and at scale
    • Execute a proactive defense with unified telemetry and AI-driven insights
    • Respond with precision and automate corrections at scale


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • CHATTY SPIDER thrives in the noise by weaponizing phishing, social engineering, and fast-moving credential theft to slip past siloed defenses. In this hands-on workshop, you’ll use CrowdStrike Falcon® Next-Gen SIEM to detect activity from this modern eCrime adversary and surface threats hidden in plain sight.

    What you’ll do:

    • Defend with unified telemetry, threat intelligence, AI, UEBA, and integrated case management
    • Respond across the entire attack chain by correlating data across endpoint, identity, and cloud
    • Break down silos, cut investigation time, and automate enrichment, triage, and detection workflows
    • Outpace CHATTY SPIDER with an AI-native platform built for speed, efficiency, and cross-domain visibility


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • SCATTERED SPIDER doesn’t break in — they log in. This adversary uses social engineering, session hijacking, and stolen credentials to bypass traditional defenses and blend in alongside legitimate users. In this hands-on workshop, you’ll learn how to detect, defend against, and respond to identity-based threats using CrowdStrike Falcon® Identity Protection across cloud, SaaS, and on-prem environments.

    What you’ll do:

    • Gain real-time visibility into privilege escalation, misconfigurations, and credential abuse
    • See how AI-native detection and response can help you investigate faster and shut down attacks before they spread
    • Leverage automated workflows to enhance investigations and respond instantly
    • Eliminate blind spots, disrupt identity attacks, and stop SCATTERED SPIDER


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • LABYRINTH CHOLLIMA is a stealthy, persistent adversary built to breach cloud and AI environments. In this hands-on workshop, you’ll use CrowdStrike Falcon® Cloud Security to stop them before their access turns into a breach.

    What you’ll do:

    • Reduce your attack surface with policy enforcement and automated guardrails
    • Detect real-world attack paths targeting cloud and AI infrastructure
    • Respond to evasive behaviors as they unfold in runtime
    • Automate defenses to eliminate blind spots and harden your environment
    • Learn how to streamline security by embedding prevention into DevOps workflows


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • OPERATOR PANDA exploits opportunity by targeting internet-exposed infrastructure, lateral movement routes, and overlooked misconfigurations to establish long-term access. In this hands-on workshop, you’ll use CrowdStrike Falcon® Exposure Management to detect risk across endpoints, servers, and network-connected devices before it can be turned into a foothold.

    What you’ll do:

    • Use Charlotte AI, AI-driven attack path analysis, and asset criticality scoring to respond to priority threats
    • Learn how to automate remediation workflows, enforce policy through CrowdStrike Falcon® Fusion SOAR
    • Cut response time from hours to minutes
    • Break the adversary’s chain of opportunity before OPERATOR PANDA can turn it into a breach


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • FAMOUS CHOLLIMA, a North Korean adversary group, blends into developer environments using stolen identities, remote access tools, and malware hidden in coding challenges. In this hands-on workshop, you’ll investigate a simulated intrusion using CrowdStrike Falcon® Adversary Intelligence and Charlotte AI to detect nation-state tactics in motion.

    What you’ll do:

    • Analyze detections flagged by OverWatch, de-obfuscate malicious scripts, and trace attacker activity through the process tree
    • Respond to threat signals by detonating malware, reviewing adversary infrastructure, and mapping TTPs to MITRE techniques
    • Learn how to automate threat enrichment and hunting workflows
    • Accelerate your ability to uncover and disrupt adversary activity


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • Russian adversaries like COZY BEAR use stealthy phishing and device code techniques to infiltrate networks undetected. In this session, ride along with a CrowdStrike Falcon® Complete analyst to investigate a sophisticated cloud-based intrusion.

    What you’ll do:

    • Learn how Falcon Complete uses the Falcon platform to detect malicious behavior, respond to evolving threats, and automate workflows
    • Track attacker movement and reconstruct the attack path
    • Deploy countermeasures before impact
    • Learn how Falcon Complete accelerates triage and containment in real time


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • PUNK SPIDER specializes in stealth by using encryption, obfuscation, and insider access to quietly exfiltrate sensitive data from endpoints and cloud environments. In this hands-on workshop, you’ll use CrowdStrike Falcon® Data Protection to detect, defend against, and respond to real-world data theft scenarios across hybrid environments.

    What you’ll do:

    • Leverage deep visibility into data flow and policy-driven enforcement to prevent leaks
    • Detect GenAI-related leaks and encrypted exfiltration attempts
    • Stop unauthorized data egress with automated and orchestrated response actions
    • Stop PUNK SPIDER before they can turn access into theft


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • SaaS apps drive productivity, but also introduces immense risks. Adversaries like COZY BEAR exploit dormant OAuth apps, overprivileged accounts, and misconfigurations to move undetected. In this hands-on workshop, you’ll use CrowdStrike Falcon® Shield to secure the SaaS-layer.

    What you’ll do:

    • Detect misconfigurations, respond to suspicious activity, and automate policy enforcement across your SaaS stack
    • Investigate OAuth abuse, privilege escalation, and risky integrations
    • Learn how to take control of fragmented SaaS environments
    • Build a unified defense that stops SaaS-layer attacks before they become breaches


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • Improve your incident response preparedness through this controlled, high fidelity attack simulation. Apply real-world response strategies under pressure, sharpen technical workflows, and build confidence in your ability to manage active security incidents.

    What you’ll do:

    • Act as part of the response team to an in progress cyberattack
    • Defend against a red team equipped with a range of adversarial tactics to challenge protections and expose gaps
    • Use the Falcon platform to detect, investigate, and contain threats across endpoint, identity, and cloud environments


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

  • Compete in an interactive, hands-on scavenger hunt using the Falcon platform console to uncover insider threats linked to DPRK adversary FAMOUS CHOLLIMA.

    What you’ll do:

    • Get briefed on adversary tactics like DevTunnel abuse and remote access tool use
    • Go hands-on with the Falcon platform to investigate and detect insider threats
    • Compete with your peers via timed clues, a live leaderboard, and gamified challenges


    Full workshop schedule to be announced in late June. Workshops will be held multiple times throughout the week.

Register your team today
Register

Insider Updates

Insider Updates

Big Discounts

Big Discounts

Special Hotel Rates

Special Hotel Rates