Our website uses cookies to enhance your browsing experience.


Sessions Fal.Con

UNITE with Top Minds in Cybersecurity

The Fal.Con UNITE 2020 Crowdstrike Cybersecurity Conference will feature a variety of learning sessions to help you expand your knowledge. Check back for updates on 2020 learning sessions and explore last year’s topics and sessions below.

Learning Sessions will
address topics such as:

Falcon Platform and Technology

  • What’s New in the Falcon Platform
  • Falcon and the MITRE ATT&CKTM Framework: Better Together
  • Building Custom Indicators of Attack (IOAs): Practical Advice and Real-Life Examples
  • Phishing Emails and Web Exploits: Attack Scenario
  • CrowdScore: Get in the Driver's Seat
  • Falcon and Splunk 101
  • Getting the Most out of Real Time Response (RTR)
  • Let APIs do the work for you - a guide to key automations with the CrowdStrike Platform
  • Operationalizing the CrowdStrike Platform - Verizon Case Study
  • Fully Automated Investigations with Falcon X
  • Insights from OverWatch: Hunting in Today's Threat Landscape
  • Orchestrated security - A security strategy for container orchestration systems
  • Using Custom Indicators of Attack (IOA) Rules in the Falcon Platform
  • Finding and Remediating Vulnerabilities with Falcon Spotlight and Insight
  • RTR for Forensics and Hunting
  • Hunting with Falcon
  • Achieving Fully Automated Investigations with Falcon X
  • Insights from Falcon OverWatch: Hunting in Today's Threat Landscape
  • Through the Eyes of the Adversary: The Synthesis of Threat Intelligence & Threat Hunting Operations
  • Advice from the Frontlines: How to leverage Falcon as an asset when navigating GDPR, CCPA, and Works Councils

Threat Intelligence Sessions

  • Intelligence Briefing: The Threat Landscape
  • Maximizing the Value of Your Threat Intelligence with I.P.E.
  • Intel Ninja Skills – How to Become a Falcon Intel Master
  • Investigating Cyber Cold Cases
  • Optimizing Threat Intelligence: A Falcon X Premium Elite Customer Case Study
  • Et Tu, Voicemail? The Emerging Threat of Encrypted Messaging Compromise
  • Doxxing KITTENS: Assessing the Origins and Impact of Leaks on Iranian Cyber Operations
  • From Commodity Malware to Big Game Hunting: How Targeted Ransomware Became a Highly Profitable Crime
  • How TURBINE PANDA and China’s Top Spies Enabled Beijing to Cut Corners on the C919 Passenger Jet
  • Smooth Operators: VELVET CHulLIMA from Korean Nuclear to US Academia
  • What's in A Name: Tracking the Development of A1Lock Ransomware

Services Sessions

  • Mapping Active Directory Using BloodHound: Blue Team Edition
  • MacOS Incident Response: Lessons from the Front Lines
  • Security Cost vs. Benefit — A Shifting Paradigm
  • Knowing Normal: How Understanding Your Network Can Save Your Bacon
  • Tales from the Crypt: Case Studies in Ransomware
  • Stop the Madness: Performing Enterprise Incident Response with CrowdStrike Services
  • Emotet's Summer Vacation: What Malware Filled the Gaps and How to Fix Them

Partner Sessions

  • Building Security Best Practices with AWS and CrowdStrike (AWS)
  • Elevating Detection and Response Capabilities - Secureworks, CrowdStrike, and Dell
  • Protecting Industrial Control Systems (ICS) – Making the right choices in a complex environment (Dragos)
  • The Confidence Game: How Attackers Exploit People and How to Stop Them (Proofpoint)
  • Automate Incident Response at Machine Speed with Splunk and CrowdStrike (Splunk)
  • Using Falcon X Endpoint Intelligence to Protect IoT: Scripps Research Case Study (ThreatSTOP)
  • Riding Through a Red Team Exercise using Expel and CrowdStrike (Expel)
  • Customer Case Study - Security Transformation – Network to the Endpoint (Zscaler)
  • How EDR and Network Detection and Response (NDR) join forces to stop attacks faster (Vectra AI)
  • Achieve Application Visibility, Control & Protection with TrueFort & CrowdStrike
  • Customer Case Study: Real-life Threat Protection from Endpoints to the Cloud (NetSkope)
  • Practical Application Whitelisting (Airlock Digital Pty)
  • The Next Speed Supremacy Battle - Breaking the 24/72 Endpoint Hardening Threshold (Automox)
  • Complete Visibility Inside and Outside Your Network with RiskIQ Investigator & CrowdStrike Falcon
  • A Novel Approach to Threat Hunting (Acalvio Technologies)

Executive Track (by Invitation Only for VP and C-Level executives)

  • Executive Intelligence Briefing: State of Cybersecurity
  • Executive Fireside Chat with Sameer Gandhi: The Security Landscape.  Thinking about your Next Investment.
  • Fireside Chat: How Google & Amazon do Security
  • A Case Study of a Cyber Resilient Organization
  • Executive Product Roadmap

Intermediate Training Sessions:

In addition to the above Learning Sessions offered to all Fal.Con UNITE conference attendees, we have four intermediate training classes available for an additional fee. Please see class requirements below. Pre-registration and payment are required by October 31, 2019.  Space is limited. Registration and payment are managed through the conference registration process.

Monday: 8:00 AM – 5:00 PM

Two full-day classes will be held on Monday, November 4th from 8-5 pm, prior to the official start of the conference.

FHT 201: Intermediate Falcon Platform for Responders:
Cost:  $1000 or 2 Training Credits

This hands-on course is intended for technical contributors who use Falcon Insight to detect, investigate and respond to incidents.  Attendees will learn how to use the key features of the Falcon platform applications, analyze detections and ascertain true or false positive findings. They will learn to apply a standard analytic process to detection triage, describe the data available in the Insight app and use that data to continue analysis beyond a detection. Attendees will also perform limited discovery of additional events beyond a detection (basic hunting).  This course meets the required learning for the CrowdStrike Certified Falcon Responder (CCFR) certification and includes an exam voucher.

FHT 202: Intermediate Falcon Platform for Hunters: 
Cost:   $1000 or 2 Training Credits

This hands-on course instructs intermediate responders in the best use of the Falcon Platform for incident detection using proactive “hunting“ investigation. Attendees will use the Falcon platform to find evidence of incidents that do not raise alerts by other means. Attendees will review of Splunk query language (SPL) in-depth, learn how Splunk is implemented with Falcon and take a deep dive view into various event types.  Attendees will learn query types such as keyword searching, frequency analysis, sub-searching, join statements, converting times and many others.   This course meets the required learning for the CrowdStrike Certified Falcon Hunter (CCFH) certification and includes an exam voucher.

Wednesday: 1:30 PM – 5:30 PM

Two half-day classes will be held at the conclusion of the conference after the conference lunch. If you plan to attend any of these trainings, please adjust your room stay as needed.

CST 350: Deriving Intelligence from Falcon Sandbox: 
Cost: $500 or 1 Training Credit

This course introduces Falcon Sandbox and all its capabilities; it incorporates numerous hands-on exercises to showcase the finer points of use. As a core component of Falcon X, Falcon Sandbox enables users to gain unprecedented insight into malware -- its capabilities, dropped files, related intelligence, and more. At the end of this course, attendees will be able to utilize Falcon Sandbox and understand malware relationships to Falcon Intelligence products, IOCs, and other malware in CrowdStrike’s enormous database.

Finding Worms in Apple Orchards: Conducting macOS Incident Response at Scale: 
Cost:  $500 or 1 Training Credit

In this course, attendees will learn the fundamentals of macOS forensic triage and explore how to use CrowdStrike’s open-source macOS triage framework, “AutoMacTC”, to gather relevant data from suspect systems and find evil in the output. Training will include a detailed look into forensic artifacts critical to macOS intrusion investigations as well as common indicators of compromise.

A final roster of sessions will be provided in September, at which time you can identify the ones that best serve your learning goals.