SpecterOps at Black Hat USA 2026 | Mandalay Bay, Las Vegas | August 1–4, 2026
SpecterOps researchers discover the attack paths that define the next wave of threats and we’re bringing that research into the classroom at Black Hat USA. Join us for hands-on courses built from active, industry-leading research and live engagements — not last year’s threat landscape.
Each course translates real-world engagement experience and ongoing research into practical labs, operational tradecraft, and durable defensive or offensive skills.
Before you can emulate or defend against the tactics of an adversary operating in Azure and Entra ID, you must first understand their perspective. Through hands-on labs, you’ll learn to identify the misconfigurations attackers look for and walk away with a strong foundation for attacking or defending corporate Azure and Entra ID environments.
Threat actors and red teams increasingly use identity-driven tradecraft to navigate modern environments and attack paths. But what turns a path into an attack path? This advanced course equips red teamers and offensive security professionals with techniques to discover and exploit identity attack paths in complex environments — from familiar Active Directory weaknesses to cutting-edge cloud and supply chain attacks.
Most organizations have adopted an "assume breach" mentality, understanding that sophisticated adversaries will breach their defenses. The best way to test enterprise security operations is through red team exercises that leverage the same tactics, techniques, and procedures (TTPs) as real attackers. You’ll learn offensive tradecraft post-initial access, from resilient command and control to advanced Active Directory exploitation, by operating against live incident responders in simulated enterprise environments.
How much confidence do you have in your ability to detect sophisticated attacks? Learn how Windows attack techniques work under the hood, identify key telemetry sources and detection choke points, and build robust detection and evasion strategies by analyzing attack paths across multiple abstraction layers and the artifacts they generate.
Many organizations struggle with the same detection challenges: expensive tools generating endless alerts, overwhelmed analysts, and ineffective threat response. The problem isn’t tooling—it’s strategy. Learn how to proactively search for advanced threat actors and close the gap from infection to detection. Go beyond brittle indicators to build durable, behavior-based detections for adversary TTPs that remain effective regardless of security stack, creating detection programs that shift the advantage back to defenders.
The techniques we teach come directly from real-world engagements, not stale or fixed curriculum. Our researchers are actively discovering the attack paths that will define the next wave of threats — and that research feeds directly into every course we teach.
Register for SpecterOps courses on the Black Hat USA site using the course links above.