← View all sessions
In this session, practitioners walk through real-world incident response workflows, highlighting how open-source tools and investigative tradecraft come together during active incidents.
Attendees will see practical Velociraptor use cases, learn how adversary techniques (often uncovered through red team exercises) inform defensive investigations, and understand how experienced responders approach evidence collection, validation, and decision-making.
Designed for hands-on practitioners, this session sharpens blue team skills and provides a clearer view into how attacks are investigated, contained, and learned from in practice.
