{"product_id":"dodging-the-edr-bullet-a-training-on-malware-stealth-tactics-dimitri-di-cristofaro-giorgio-bernardinetti-dctlv2026","title":"Dodging the EDR bullet: A Training on Malware Stealth Tactics - Dimitri Di Cristofaro \u0026 Giorgio Bernardinetti - DCTLV2026","description":"\u003cp dir=\"ltr\"\u003e\u003cmeta charset=\"utf-8\"\u003e\u003cstrong\u003eName of Training\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Dodging the EDR bullet: A Training on Malware Stealth Tactics\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eTrainer(s)\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Dimitri Di Cristofaro and Giorgio Bernardinetti\u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cstrong\u003eDates\u003c\/strong\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eAugust 10-11, 2026\u003cbr\u003e\u003cstrong\u003eTime:\u003c\/strong\u003e 8:00 am to 5:00 pm \u003cbr\u003e\u003cstrong\u003eVenue\u003c\/strong\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eLas Vegas Convention Center\u003cbr\u003e\u003cstrong\u003eCost\u003c\/strong\u003e\u003cstrong\u003e: \u003c\/strong\u003e$2,500 (USD)\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eShort Summary:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003e\"Dodging the EDR bullet\" Training is an intensive, hands-on course designed to equip cybersecurity professionals with cutting-edge skills in malware evasion techniques. \u003c\/span\u003e\u003cspan\u003eThe course focuses on cultivating a research-driven mindset, enabling attendees to understand and analyze detection strategies provided by the Windows OS, dig into the internals of EDRs and finally craft their own techniques to evade them effectively.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCourse Description: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003e\"Dodging the EDR bullet\" Training is an intensive, hands-on course designed to equip cybersecurity professionals with cutting-edge skills in malware evasion techniques. This comprehensive training delves deep into the internals of Windows security components, antivirus systems, and EDRs, guiding participants through the entire malware lifecycle—from initial access to advanced in-memory evasion and kernel-level persistence.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eParticipants will adopt a systematic approach to memory management and process manipulation, learning how to bypass modern detection mechanisms and develop stealthy malware components. A key focus of the course is cultivating a research-driven mindset, empowering attendees to not just apply predefined techniques, but to analyze Windows OS detection strategies and engineer custom methods to evade them.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eThe training focuses heavily on userland evasion, providing practical, in-depth techniques for bypassing detection in user-mode. It also features a dedicated module on kernel-level offensive tool development, where participants will explore advanced methods to evade EDR sensors and subvert telemetry collection, gaining a deeper understanding of how to operate in highly monitored environments.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eLive demonstrations and hands-on exercises will illustrate key concepts, showing participants how to integrate various techniques to build evasive implants and post-exploitation tools capable of bypassing even the most sophisticated detection systems. \u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBy adopting this comprehensive approach to memory allocation, execution, and evasion strategies, participants will gain the expertise needed to design and develop malware components that evade detection effectively. By the end of the training, participants will have achieved mastery in malware development, enabling them to craft sophisticated command-and-control (C2) payloads and maintain persistence while remaining undetected.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cmeta charset=\"utf-8\"\u003e \u003cstrong\u003eCourse Outline: \u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDay 1:\u003c\/span\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAdvanced Windows internals:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eWhat happens when Windows executes a PE file?\u003c\/span\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eWindows internals: TEB\/PEB\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eWindows loader structure\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eWrite your custom PE loader\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBackground on detection techniques:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eState of the art detection strategies\u003c\/span\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eStatic\/Dynamic, Kernel Callbacks, ETW-Ti, minifilters, AMSI, API hooking, call stack analysis, memory scan, ...\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eEvasion part 1:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eThe goal of \"code execution\"\u003c\/span\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eMemory allocation, Memory writing, Memory execution\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eLocal\/Remote code execution\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eMemory allocation vs EDRs\u003c\/span\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eOverview of basic\/advanced existing techniques + IoCs\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eModule Overloading + PEB + avoid kernel callbacks\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cspan\u003e[Exercise: module overloading]\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eMemory writing vs EDRs\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eMemory execution vs EDRs\u003c\/span\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eOverview of basic\/advanced existing techniques + IoCs\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eAdvanced techniques + implementation in exercises\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003e[Exercise: threadless inject, early cascade]\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDay 2:\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eEvasion part 2:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eUnderlying issues: kernel callbacks, call stack analysis, API hooking\u003c\/span\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eAPI unhooking \u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\" style=\"padding-left: 80px;\"\u003e\u003cspan\u003e[+ exercise]\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli style=\"list-style-type: none;\"\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eDirect\/Indirect syscalls \u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\" style=\"padding-left: 80px;\"\u003e\u003cspan\u003e[+ exercise]\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli style=\"list-style-type: none;\"\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eAdvanced stack spoofing \u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\" style=\"padding-left: 80px;\"\u003e\u003cspan\u003e[+ exercise]\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eFinal user-space demo \u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp style=\"padding-left: 40px;\"\u003e[+ exercise]\u003c\/p\u003e\n\u003cul\u003e\n\u003cli style=\"list-style-type: none;\"\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eCombine memory allocation, writing and execution + unhooking, syscalls and stack spoofing for a fully-stealth user-space PoC\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eKernel evasion \u0026amp; persistence:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eKernel space evasion \u0026amp; persistence\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eKernel drivers vs DSE\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eBring your own Driver\u003c\/span\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eHow to disable DSE with Administrator privileges\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp style=\"padding-left: 80px;\"\u003e[ + exercise + environment configuration ]\u003c\/p\u003e\n\u003cul\u003e\n\u003cli style=\"list-style-type: none;\"\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eDisable DSE with VBS enabled - HVCI\/KDP\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eInstall your own driver\u003c\/span\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eAgent Killer - PPL tampering\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp style=\"padding-left: 80px;\" dir=\"ltr\"\u003e\u003cspan\u003e[ + exercise ]\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli style=\"list-style-type: none;\"\u003e\n\u003cul\u003e\n\u003cli style=\"list-style-type: none;\"\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eKernel callbacks tampering\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp style=\"padding-left: 80px;\" dir=\"ltr\"\u003e\u003cspan\u003e[ + exercise ]\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli style=\"list-style-type: none;\"\u003e\n\u003cul\u003e\n\u003cli style=\"list-style-type: none;\"\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eETW-Ti tampering\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eWrite your own rootkit for C2 \u0026amp; Evasion\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDifficulty Level:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIntermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.\u003c\/span\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eSuggested Prerequisites:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eGeneral prerequisites:\u003c\/span\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003ePrevious knowledge of Windows internals is required (processes, threads, virtual memory, ...)\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eC\/C++ knowledge. It is required to have knowledge on direct memory manipulation (e.g. pointers, casting, endianess, etc...).\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eBasic x86 ASM knowledge.\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eFamiliarity with debuggers is preferred.\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003e1 year of experience in malware development or analysis is preferred.\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSuggested material:\u003c\/span\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eLife Of Binaries course: https:\/\/opensecuritytraining.info\/LifeOfBinaries.html\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eHello Assembly!: https:\/\/www.youtube.com\/watch?v=el5V__08k_4\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eWindows Internals Crash Course: https:\/\/www.youtube.com\/watch?v=I_nJltUokE0\u003c\/span\u003e\u003cb\u003e\u003c\/b\u003e\u003cspan\u003e\u003c\/span\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eSimple Function Hooking: https:\/\/www.youtube.com\/watch?v=TxBGBz7FRyk\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eHooking Functions in a different process: https:\/\/www.youtube.com\/watch?v=7vKaet7hHeY\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eInjecting DLL with Shellcode: https:\/\/www.youtube.com\/watch?v=SmFi1cj6gMg\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eDLL Injection with CreateRemoteThread: https:\/\/www.youtube.com\/watch?v=0jX9UoXYLa4\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cspan\u003eDLL Injection with QueueUserAPC: https:\/\/www.youtube.com\/watch?v=RBCR9Gvp5BM\u003c\/span\u003e\u003cb\u003e\u003c\/b\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eIntroduction to ETW: https:\/\/www.youtube.com\/watch?v=-i_xAF7JqyA\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eDrivers And Devices (part 1): https:\/\/www.youtube.com\/watch?v=sSZ8jnpUCi0\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eDrivers And Devices (part 2): https:\/\/www.youtube.com\/watch?v=6_FU3zdPCmc\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat Students Should Bring: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eLaptop with virtualization software compatible with .ova (e.g. VMWare workstation, VirtualBox). It is recommended to use VMWare.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eMinimum requirements:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eCPU cores: 4 (8 recommended)\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eRAM: 16 GB (32 GB recommended)\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eDisk: 500 GB (1 TB recommended)\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003ePlease note that M* ARM Mac processors are not supported. We are going to delve into x86 assembly, so please make sure to have an x86 laptop.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat the Trainer Will Provide:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDuring the training, students will be provided with:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eA Virtual Machine with the development environment configured\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eTemplates for exercises\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eExercises solutions\u003c\/span\u003e\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eExisting open-source tools used for the training\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eTrainer(s) Bio:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003e\u003cstrong\u003eDimitri \"GlenX\" Di Cristofaro\u003c\/strong\u003e is a senior security consultant and researcher at SECFORCE LTD where he performs Red Teams on a daily basis. \u003c\/span\u003e\u003cspan\u003eThe main focus of his research activities is about Red Teaming and in particular on identifying new ways of attacking operating systems and looking for cutting edge techniques to increase stealthiness in strictly monitored environments. \u003c\/span\u003e\u003cspan\u003eHe enjoys malware writing and offensive tools development as well as producing electronic music in his free time.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eGiorgio “gbyolo” Bernardinetti \u003c\/strong\u003eis currently a Senior Windows Security Researcher at SentinelOne, where he is part of the Exploits \u0026amp; Anti-Tampering team. He is a DEF CON Trainer and has presented at DEF CON 32 Workshops and Red Team Village HacktivityCon 2021.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eRegistration Terms and Conditions: \u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTrainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBetween July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll trainings are non-refundable after August 5, 2026.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTraining tickets may be transferred to another student. Please email us at training@defcon.org for specifics.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIf a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eFailure to attend the training without prior written notification will be considered a no-show. No refund will be given.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBy purchasing this ticket you agree to abide by the \u003c\/span\u003e\u003ca href=\"https:\/\/defcon.org\/html\/links\/dc-code-of-conduct.html\"\u003e\u003cspan\u003eDEF CON Training Code of Conduct\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e and the registration terms and conditions listed above.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSeveral breaks will be included throughout the day. Please note that food is not included.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.\u003c\/span\u003e\u003c\/p\u003e","brand":"Las Vegas 2026","offers":[{"title":"Course only - Aug 10-11","offer_id":47691847631066,"sku":null,"price":2500.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0629\/2088\/4442\/files\/Giorgio-Dimitri.heic?v=1767042283","url":"https:\/\/training.defcon.org\/products\/dodging-the-edr-bullet-a-training-on-malware-stealth-tactics-dimitri-di-cristofaro-giorgio-bernardinetti-dctlv2026","provider":"defcontrainings","version":"1.0","type":"link"}