Security Research in Real Time

LABScon is an intimate event for the world’s top cybersecurity minds to gather, share cutting-edge research, and push the envelope of threat landscape understanding.
Presented by SentinelOne.

Presented by SentinelOne


The Phoenician

Scottsdale, Arizona

Iconic in nature, unrivaled in service. Capture the moment as well as the imagination at Arizona’s premier luxury resort destination.

Get Directions

Meet the speakers

Mark Russinovich

Microsoft Azure

Chris Krebs

Krebs Stamos Group

Dmitri Alperovitch

Silverado Policy Accelerator

Thomas Rid

Alperovitch Institute

September 21st

Day 1

September 22nd

Day 2

  • 22

    Keynote Day

    9:00am - Welcome from SentinelLabs
    9:10am - Operational Collaboration: The Realities of Success (Morgan Adamski, Director of NSA’s Cybersecurity Collaboration Center)
    9:35am - Are digital technologies eroding the principle of distinction in war? (Mauro Vignati, Red Cross)
    10:00am - A conversation on cyberwar and effective policies (Dmitri Alperovitch, Kim Zetter)

    10:30am - Coffee Break

    10:55am - FORBIDDEN FRUIT (Thomas Rid, Founding Director, Alperovitch Institute) [Off-the-record session]
    11:20am - The mystery of Metador (Juan Andres Guerrero-Saade, Amitai Ben Shushan Ehrlich, Aleksander Milenkoski SentinelLabs)
    11:55am - APT42: Wild Kittens and where to find them (Emiel Haeghebaert, Ashley Zaya, Mandiant)
    12:20pm - Chasing Shadows: The rise of a prolific espionage actor (Kris McConkey, PwC)

    12:40pm - Lunch

    2:00pm - The life and times of Sysinternals (Mark Russinovich, Microsoft)
    2:30pm - Breaking firmware trust from the other side: Exploiting early boot phases (Alex Matrosov, Binarly)
    2:55pm - Is CNVD ≥ CVE? A look at Chinese vulnerability discovery and disclosure (Kristin Del Rosso, Sophos)
    3:20pm - InkySquid: The missing arsenal (Paul Rascagneres, Volexity)

    3:40pm - Coffee Break

    4:05pm - Demystifying threats to satellite communications in critical infrastructure (MJ Emanuel, CISA)
    4:30pm - Whose router is it anyway? (Danny Adamitis, Black Lotus Labs)
    4:55pm - The sprawling Infrastructure of a careless mercenary (Tom Hegel, SentinelLabs) [Off-the-record session]
    5:15pm - Closing Remarks

    7:00pm - Dinner

    10:00pm - After Party, GreyNoise Suite

September 23rd

Day 3

  • 23

    Multi-Track Day

  • 23

    Camelback M

    9:00am - A muddy, coincidental quartermaster? (Allison Wikoff, PwC)
    9:30am - Automating browser extension analysis to hunt for data abuse and malware (Colin Cowie, Sophos) [Off-the-record session]
    10:00am - Launch Secured: A Story on Red Teaming the Pixel 6 (Eugene Rodionov, Farzan Karimi, Google)
    10:50am - Tracking militants on the ground through online information (Michael Sheldon, Bellingcat)
    11:20am - Statically instrumenting 64-bit Windows binaries with peafl64 (Gal Kristal, Dina Teper, SentinelOne)
    11:50am - CNAME and Control (Donald 'Mac' McCarthy, Open Source Context)

    12:15pm - Lunch

    1:35pm - Now I have a BIG-IP. Ho-ho-ho (Nate Warfield, Eclypsium)
    2:05pm - Such a PITTY: Outing Chinese APT targeting Taiwan (Adam Kozy, SinaCyber)
    2:35pm - Sliver me Timbers (Joe DeMesy, Bishop Fox) [Off-the-record session]
    3:00pm - Inception Toys and Presents Happy Hour (Stairwell)

  • 23

    Camelback N

    9:00am - Blasting event-driven cornucopia: WMI-based user-space attacks blind SIEMs and EDRs (Claudiu Teodorescu, Binarly)
    9:30am - Malshare: 10 years of running a public malware repository (Silas Cutler, Stairwell)
    10:00am - Does this look infected 2 (Rufus Brown, Van Ta, Mandiant)
    10:50am - Emulate it until you make it! Pwning a DrayTek Router before getting it out of the box (Philippe Laulheret, Trellix)
    11:20am - Star-Gazing: Using a full Galaxy of YARA methods to pursue an Apex actor (Greg Lesnewich, Proofpoint)
    11:50am - MagicLazarus, a new RAT (Vitor Ventura, Cisco Talos)

    12:15pm - Lunch

    1:35pm - Data scientists go to Jupyter (Will Pearce, Nvidia)
    2:05pm - Quiver: Using ML to detect interesting command lines for hunters (Dean Langsam, Gal Braun, SentinelOne)
    2:35pm - Putin's getting jiggy with his Bomb BoM diggy diggy (Joe FitzPatrick,
    3:00pm - Inception Toys and Presents Happy Hour (Stairwell)

  • 23

    GreyNoise Suite

    9:00am - WORKSHOP: Automated reversing with Ghidra (Jeremy Blackthorne, Boston Cybernetics Institute)
    1:35pm - WORKSHOP: We all share a brain – managing your intelligence organization through Synapse (Kyle Creyts, Coinbase)

  • 23

    The Cyber Crime Gala Party

September 24th

Day 4

  • 24

    Departure Day


What is LABScon?

LABScon is an invite-only conference for security researchers. It is an opportunity to showcase cutting-edge research into cyber threat actors, hunting techniques, vulnerabilities and exploits, and new tooling to empower peers in this space. It is also an opportunity to interface with leading researchers and journalists in a jovial atmosphere that rewards research discoveries in our space. The conference is vendor-agnostic; there will be no vendor hall or product pitching of any kind.

Where/When is LABScon?

LABScon will take place at The Phoenician Resort in Scottsdale, Arizona from Tuesday, September 20th, 2022 to Saturday, September 24th, 2022.



How Do I Get an Invite to Attend?

If you’d like to request an inviting, please complete the form here

What is the cost of attendance?

LABScon is an immersive experience. Attendance packages include accommodation, meals, and conference events. Packages will be made available to invitees.

Can I bring a +1?

We want to encourage attendees to get to know each other and be immersed in the conference. Attendee and speaker packages do not include +1s. Additional seats for meals and nighttime events will be available in limited quantities at an additional cost.

How Do I Apply to Present?

What Is the Code of Conduct?

Do I Need to be Covid-19 Vaccinated?

Yes. We want to promote a safe environment for all attendees. Attendees and speakers are required to provide updated proof of vaccination. Health or religious exceptions will be considered on a case-by-case basis.

Are Speakers Covered?

LABScon covers hotel accommodation and admission to LABScon events for a primary speaker. Secondary speakers (included in the original CFP submission) will have their attendance covered but are responsible for their own accommodation at the conference rate. Speakers are responsible for their respective travel costs.

What is the Deadline for Call For Papers?

The CFP deadline is midnight PST on July 5th, 2022. Submissions after this deadline may not be considered. Accepted speakers will be notified by July 31st, 2022.

How will talks be chosen?

All submissions will be carefully considered by our CFP Advisory Board. We are particularly interested in talks about Threat Intelligence and Hunting, Malware Analysis, Threat Actor tracking, Exploits and Vulnerabilities, and Tools that can massively empower researchers. Talks that shill for a specific product or are an attempt at product marketing will be disqualified.

How long are the talks?

The talks are 20 minutes of content and 5m of Q&A. This may seem short by normal conference standards but given the proficiency of the audience, speakers should feel comfortable diving into the nitty-gritty material of their talk without needing to spend as much time introducing concepts.

What about talks with two speakers?

If accepted, LABScon will cover accommodation for the primary speaker and conference attendance for both speakers. Accommodation arrangements will be made available at a discounted rate for the second speaker.

What about accommodation?

LABScon is designed to be an immersive experience. Attendees, speakers, and journalists will share the same hotel, meals, and events.

Can I sponsor LABScon?

If you are interested in sponsoring the event, please email to

Will the event be streamed?

No. LABScon is designed to be an in-person event. Recordings of the talks may become available at a later date, contingent on the speaker’s approval.

Will the talks be recorded?

Talks will be recorded at the discretion of the speakers and shared at a later date.

What if my talk gets accepted but I can’t afford to pay for travel?

Please reach out to, we will consider the needs of speakers on a case-by-case basis.

Did we miss something?

Program Committee (CFP)

Julia Knecht


Julia Knecht is Application Security Engineering Manager at Netflix - her team takes an engineering-first approach to securing applications and services at scale and speed. Julia has specialized in product and application security; building teams and programs that enable the business via secure paved roads, strong environmental insights and excellent security-developer experience. Julia previously managed Product Security and Privacy Architecture at Adobe.

Vicente Diaz


Vicente Diaz is a specialist in Threat Intelligence and Threat Hunting, and recently joined the VirusTotal team in Google as Threat Intelligence Strategist. He holds a degree in Computer Science and an MsC in Artificial Intelligence. He was e-crime manager in S21sec for 5 years and deputy director for EU in Kaspersky’s Global Research and Analysis team for almost 10 years. He was responsible for the APT Intelligence Reporting service.

Fahmida Rashid


Fahmida Rashid is an award-winning technology journalist with experience covering nearly every aspect of the technology industry with a primary focus on cybersecurity and privacy. Fahmida specializes in data and pattern analysis and the introduction of data science and data journalism opportunities. She is currently a features editor at DarkReading, covering security for an enterprise IT audience.

Perri Adams


Ms. Perri Adams joined DARPA's Information Innovation Office (I2O) as a program manager in June 2022. Her research interests include vulnerability discovery and remediation, secure software development, reverse engineering, program analysis, and automation in cyberspace operations.

Thomas Rid

Johns Hopkins University

Thomas Rid is Professor of Strategic Studies at Johns Hopkins University’s School of Advanced International Studies. From 2011 to 2016, Rid was a professor in the Department of War Studies at King’s College London. Between 2003 and 2010, he worked at major think tanks in Berlin, Paris, Jerusalem, and Washington, DC. Rid holds a PhD from Humboldt University in Berlin.

Juan Andres Guerrero-Saade


Juan Andrés is Principal Threat Researcher at SentinelOne and an Adjunct Professor at Johns Hopkins SAIS Alperovitch Institute. JAGS was Chronicle Security's Research Tsar and a startup co-founder. Prior to Chronicle, he was Principal Security Researcher at Kaspersky's GReAT and worked as a Senior Security Advisor to the Government of Ecuador. His joint work on Moonlight Maze is now featured in the International Spy Museum's permanent exhibit in Washington, DC.