Detection Engineering and Threat Hunting
Conference 8-9 November 2025 - Call for Workshops

Why We Started This

We founded DEATHCon four years ago to be the kind of cybersecurity conference we always wanted: a community of practitioners from around the world, sharing practical skills in detection engineering and threat hunting through hands-on workshops. Motivated by learning, not profit-driven, with no vendors, no corporate sponsors. A conference where everyone feels welcome to lead and learn no matter their experience level. An event that people can participate in from anywhere, in any time zone, whether they want to travel or not.

What Makes DEATHCon so Special?

  • You don't just tell people about threat hunting, you guide them to do threat hunting in a great big lab
  • Want to visit a cool city? We have 11 sites around the world! Need help with travel? We can get you there!
  • Do you want to teach people but prefer to stay cozy at home? No problem! You can lead a workshop without going anywhere.
  • If this is your first time leading a workshop, no problem! We can help and support for you to make a great one!
  • Because the workshops are pre-recorded video, there is no pressure on workshop leaders to perform perfectly live on-the-spot
  • We are able to accept any great idea for workshops, even bold and risky ones from first-time teachers
  • Inclusion is what we are all about - we love to see the rich diversity of the world reflected in our workshop leaders
  • You can lead a 20-minute workshop or a 3-hour workshop or longer -- whatever works for people to learn
  • If you can dream it, we can build in the lab! Just tell us what servers you want and we will make it happen

What Kind of Workshops do People Want?

We have people of all skill levels coming to DEATHCon. Some just need an absolute beginner-friendly workshop that assumes the participants have never done any threat hunting before and want to learn how. Many people are experienced professionals looking for a really cool new technique that gives them an edge over threat actors. Everyone loves real-world scenarios that are taken from real-life recent intrusions, or a chance to try out some Offensive Security Tools in a lab and then dive into the logs to see how you could detect that if it was used against you and your company.

Here are some great themes to inspire you:


  • Tips and tricks for writing great hunting queries in (fill in your favorite query language)
  • Try out this C2 framework and then lets see what logs it generates
  • Open-source tools to add to your telemetry for hunting (like RPCFirewall!)
  • Better ways to use Atomic Red Team or other frameworks to test your detections
  • Testing your detections more thoroughly to find gaps
  • Active countermeasures - detection honeypots to catch attacks inside your network
  • Writing better reports that show the value of your threat hunting work
  • Going from open-source reports (like The DFIR Report) to writing detections
  • Catching more phish - how to hunt threats targeting your company by email
  • Rocking the Suricata and Security Onion network detections and hunting in netflow
  • Getting the most value from malware sandboxes
  • Cool new ways to find anomalies in logs that are interesting
  • Dare we say it? Practical uses for AI beyond just hype

What You Get From Leading a Workshop of DEATH

Workshops are the main event at DEATHCon, and we want to treat our workshop leaders right! If you can think of some cool perks we do not already have, please let us know so we can consider adding it. Here is what we can do for you:

  • Free conference admission, either online or on-site (your choice)
  • Because your workshop is pre-recorded, you have time to learn and take the other workshops
  • We can cover some travel expenses for some workshop leaders (depending on budget!)
  • An exclusive challenge coin only for workshop leaders
  • The leader of the People's Choice Best Workshop gets a custom jacket (leather or vegan)
  • All workshop leaders get a free shirt or hoodie (your choice)
  • You retain all rights to your workshop if you want to use it for another conference

How we value diversity and representation

Our goal is to see the same wonderful diversity that we see in the world reflected in the diversity of workshop leaders. Because of the pre-recorded workshop format that allows everyone to pick their own schedule of events, we do not have to turn down any good workshop proposals to make room for others! In other words, nobody gets left out if they have a good proposal! So, how do we do the work of supporting and encouraging a diverse group of workshop leaders?
  • We actively seek out (recruit) great workshop leaders from the community
  • We encourage and support people from under-represented groups in cybersecurity to submit ideas
  • If anyone wants a little help to explore their idea and build a good workshop plan, we help them out
  • We make sure that all spaces, online and in-person, are psychologically safe, physically safe, and comfortable for everyone
If you feel under-represented in cybersecurity, if you look around and mostly see people who don't look like you, and if you have a cool idea for sharing knowledge with the community, please submit a CFP response. Even if it isn't perfect, we'll work with you!
DEATHCon

Original art Fractal #1110 by The Technician used with permission.

Copyright © Combi Forensic Consulting, All rights reserved | This template is made with by Colorlib