June UPDATES ! 🚨🤯 We now have 248 training units on Guardian Foundry, from 0 to Tier 3 with trials, challenges, report submissions 1 on 1 reviews, and the CDETH cert! Tons more coming next month. 🌐 NEW content stream June 5, 2PM EST: the full Network Security Analyst path revealed that culminates in a manually reviewed network forensic report. 🎤 ContinuumCon June 12 to 14, co-hosted with @_JohnHammond and @JustHackingHQ - 15 hands-on workshops, 2 keynote AMAs. 🚩 A live DFIR CTF will also be at ContinuumCon, expect harder than our CDCP that'll make Tier 3 Analysts sweat by the end of it. We continue to build. We continue to ship. Tell us what you want, and the learning features you need. Full details in the newsletter 👇 news.leveleffect.com/p/netwo…

🎤 ContinuumCon 2026 Spotlight - Keynote AMAs! Two live AMAs and both completely unscripted. These are your sessions. Bring the questions! 📅 Day 1 Keynote: "Panel AMA" with @rekdt Jamie Williams @Jun34u_sec @RachelTobac A four-person panel spanning social engineering, adversary emulation, and decades of hacker history. Bring your questions on any of it. Ask them anything you'd like. 📅 Day 2 Keynote: AMA "Spicy Rant" with @brysonbort @strandjs Two industry veterans, zero script, going off on whatever's broken, overhyped, or worth fighting about in security right now. Bring your hottest takes and your hardest questions! 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the labs on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 15 👉 "Hunting Prompt Injection: Breaking AI Applications and CI/CD Pipelines" by Mackenzie Jackson (@advocatemack), Field CTO at @AikidoSecurity 📝 Description Prompt injection started off as a bit of a gimmick. A way to make bots on Twitter say funny things or bypass a model's safeguards. But as we integrate AI into the fundamental workflows of our applications and build processes, it transforms into a critical threat, and one that is technically unsolvable. This workshop focuses on how to find, validate, and exploit prompt injection in the wild. You'll break down why it's unsolvable from a technological standpoint: LLMs process everything as unstructured tokens, so there's zero architectural boundary separating instructions from data. From there, it's hands-on. You'll start with basic chatbot injections, then build up to tricking AI-powered applications into leaking sensitive files and repository secrets. The finale recreates a critical pipeline vulnerability the team discovered inside Google's own Gemini CI/CD infrastructure. You'll see exactly how a sneaky instruction hidden inside a normal GitHub issue forced an AI agent to run shell tools and leak privileged GITHUB_TOKEN and GEMINI_API_KEY credentials into public view. Then you'll learn how to defend against it: restricting agent toolsets, isolating blast radius, and treating all AI output as untrusted. If you want to understand how to hunt prompt injection inside real applications, this workshop is for you. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 14 👉 "Offensive Threat Intel: Tracking & Disrupting Adversaries for Fun" by Josh Allman (@xorJosh) & Ben Folland (@polygonben), of CtrlAltIntel 📝 Description You don't need access to private telemetry or a job at a major security firm to hunt down threat actors in the wild and impose costs. Josh and Ben are proof. A couple of friends having fun built CtrlAltIntel and ended up making an impact on a global scale, supporting governments, military organizations, law enforcement, and more, all from analyzing public data. This workshop walks through how they did it, and how you can too. You'll learn their methodology for tracking adversaries using platforms like Hunt.io, Censys, and Shodan, complete with specific queries and real-world examples. Then, get in the driver's seat: - In The Hunt, you'll practice querying and pivoting from a single data point to identify and report active threat actor infrastructure. - In Mining Gold from Open Directories, you'll work with safe data from their previous hunts and run your own analysis. Their goal is simple: inspire you to give this a go and start taking down cybercriminals yourself. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 13 👉 "Hacking Over & Under The Wire" by Andy Piazza (@klrgrz), Senior Director of Threat Intelligence at Palo Alto Networks Unit 42 📝 Description Andy built this workshop for the version of himself 15 years ago, when everyone made getting started look easy and nobody bothered to show step one: setting up the environment. This one's for the n00bs who don't even know where to start. The ones overwhelmed by the idea of doing a CTF or setting up their own lab. The ones who tried to follow a tutorial and got lost on step one. He walks you through installing and configuring PuTTY, then jumps into Bandit on Overthewire.org for a live walkthrough of the first few SSH-based levels. From there, he moves to Century on Underthewire.tech and does the same with PowerShell, comparing each command to its Linux equivalent so you actually see the bridge between the two worlds. By the end, you've got a foundation in SSH and PowerShell, two CTF platforms you can keep practicing on for free, and an understanding of how the commands you're learning map to real-world work in Red Teaming, DFIR, and threat hunting. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

New Network Threat Hunting Labs | Level Effect x.com/i/broadcasts/1YxNrrDOk…

🚨 Workshop Spotlight # 12 👉 "StegoDefender: Hunting Malware Hidden in Plain Sight - Advanced Steganography Detection & Payload Extraction" by Christopher Dio C., Chief Cyber Security Researcher at Radar IT Systems Inc. 📝 Description Cybercriminals have become digital artists of deception, practicing a technique called steganography: the ancient art of hiding secrets in plain sight. Traditional signature-based antivirus and static analysis tools are largely blind to these threats, leaving a critical gap in defense. In this workshop, we'll look at combining deep structural analysis of over a dozen file formats (JPEG, PNG, PDF, ZIP, WAV, and more) with adaptive heuristics, baseline profiling, and active probing to detect even the most sophisticated steganographic embeddings. We'll use StegoDefender to extract and decode hidden payloads, harvest network indicators (URLs, IPs, domains, crypto addresses), and integrate YARA rules for signature-based threat identification. If you're a threat hunter, DFIR analyst, or malware researcher, this is the workshop that helps with a blind spot in your stack. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

Streaming at 2pm est today, come hang out, share some DNS horror stories, banter, while we talk about new network threat hunting content

🚨 Workshop Spotlight # 11 👉 "What the Current and Future of Iranian & Other Nation-State APT Cyber Attacks Look Like" by Douglas Kaluhiokalani, Founder of Cyber Kata, LLC 📝 Description Nation-state cyber operations don't slow down. They evolve. This session looks at where Iranian and other nation-state APT activity is right now, and where it's heading next. We'll walk through TTPs of threat groups making active news, including Handala (responsible for the Stryker attack) and the resurgence of MuddyWaters with their GhostBackdoor implant. We'll also dig into how the war with Iran has changed the threat landscape and exposed Blue Teams to new categories of attack. You'll get a look at runbooks built for MS Sentinel, designed to be adapted to whatever security tooling your team already uses. The focus throughout is on what Blue Teams should actually be doing to defend. If you work in threat hunting, threat intelligence, or detection engineering, this one's for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 10 👉 "Analyzing WannaCry: A Forensic Method for Recovering Ransomware Data with Open-Source Software" by Smit Nayak, Cyber Security Analyst at Sypram 📝 Description WannaCry crippled thousands of systems in 150 countries in 2017, signaling a new era in cyber threats worldwide. So why look at it now? Behind all the hype is a goldmine of information for forensic science and real-world recovery tactics. This session takes a forensic investigator's view of WannaCry, covering the malware in detail and walking through methods for recovering, analyzing, and interpreting the artifacts it leaves behind, even after encryption and system compromise. You'll be guided through a realistic forensic reconstruction of a WannaCry-infected system using open-source tools like Autopsy and Volatility. The session covers finding ransom notes and IOCs, extracting memory data, locating encrypted file remnants, and recovering partial data through shadow copy remnants and file carving. If you work in digital forensics, hunt threats, or are trying to sharpen your ransomware incident response process, this one's for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

Packets never lie. 🫡 Want to see malicious activity? Go hunt through traffic. NEW CONTENT DROP 🔥 Live June 5, 2PM EST 👇 20 network labs (command line to Wireshark) 5 threat hunts built from real malware traffic. Hunt the IOCs, uncover the attack. The 5th is a COMPLETE threat hunt report you submit for manual Instructor review. We'll go live and walk through everything new on stream. 🔥

🚨 Workshop Spotlight #9 👉 "Killing Active Directory Attack Paths Once and For All" by Spencer Alessi (@techspence), Sr. Penetration Tester at @SecurIT360 📝 Description Active Directory attack paths are what turn small weaknesses into full domain compromise. After pentesting 150 organizations in the last 5 years and performing over 1,000 hours of internal pentesting in 2025 alone, one of the biggest security mistakes I see IT Admins make is logging into untrusted workstations with their Domain Admin account. In this workshop, we’re going to learn how easy it is for an attacker to compromise a domain from an untrusted workstation and how to prevent it, even if the attacker has Domain Admin (DA) credentials. We’ll cover: - Why Active Directory (AD) still matters - AD attack path pre-requisites - Two common lateral movement attacks - Hardening controls to block these two attack paths Not only will you be able to play the role of the attacker and carry out the attacks yourself, but you’ll also be put in the defender seat and guided through setup and configuration of security controls in Active Directory to block the attacks. If you’re responsible for managing and/or securing Active Directory, this workshop is for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight #8 👉 "How to Analyze Malware" by Matthew Nguyen 📝 Description A practical introduction to malware analysis for beginners, focused on building a foundational workflow rather than diving straight into reverse engineering. You'll cover the key principles of a safe lab setup, basic static analysis, and dynamic analysis using sandbox environments and tools you can run in your own lab (like FlareVM). The session includes a guided walkthrough of a real malware sample pulled from a malware database, with attention to the techniques you'll encounter most often: persistence mechanisms and command-and-control communication. By the end, you'll have a clear framework for analyzing malware, an understanding of the common techniques malicious software uses, and the confidence to begin your own analysis safely. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

ContinuumCon Teaser: solst/ice, Zack Korman, & Spencer Alessi!! x.com/i/broadcasts/1qJVmmvbZ…

THIS IS TODAY come hang out, ask stuff, tell us how you feel about cyber things and get some takes on it!

🚨 Workshop Spotlight # 7 👉 "Smarter AWS WAF: Reduce Noise, Detect Threats & Automate Response" by Ihor Sasovets, Security Engineer at TechMagic 📝 Description As cloud-native applications scale, so do the threats targeting them. AWS WAF is often one of the first lines of defense at the edge, yet many teams struggle to move beyond basic configurations and truly operationalize it. WAF gets deployed, but rarely fully leveraged as an intelligent security control. This workshop walks through a practical, end-to-end approach to building a production-ready AWS WAF setup. Starting from scratch, you'll deploy protections with the Security Automations for AWS WAF solution while breaking down how WAF actually works under the hood: core features, rule management strategies, and common pitfalls. You'll tune rules, reduce false positives, and design a setup that scales without becoming operationally expensive. Part two extends AWS WAF with a custom solution, the "AWS WAF Monitoring Lambda," that turns raw WAF logs into actionable security intelligence. Think automated log analysis, near real-time attack visibility, Slack-based alerting, and intelligent IP blacklisting, all fast enough to detect and respond to threats even without a dedicated SOC. The goal is simple: turn AWS WAF from a checkbox into a smart, scalable, and proactive security layer. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

Real Incident CTFs for Cybersecurity - Instructor Reviewed x.com/i/broadcasts/1YxNrrWoo…

We do CTFs differently, come check out cyber stuffs

LIVE tomorrow reviewing 3 new features we shipped: 1. Case File CTFs: Real-world incident response scenarios with progressive challenges, instructor-graded submissions, and leaderboards. 2. Certifications with verified URLs and ranked badging showing your work. 3. The "Satchel": tracks progress, courses you own, and bookmarks all on one screen. Built for SOC analysts, detection engineers, and blue teamers training toward real-world incident response work. 📝 Month-End Dev Stream #4 / Thursday May 28 / 12PM ET 🔗 Guardian Foundry: leveleffect.com

🚨 Workshop Spotlight # 6 👉 "Roll Your Own Analyst" by Tallis Jordan, Co-Founder of HardCounter 📝 Description The amount of threat intelligence produced through blogs, vendor feeds, malware reports, and research writeups can feel overwhelming. Between rehashing, regurgitation, and IOC dumps, most detection engineers simply do not have time to review everything manually. This workshop covers building a lightweight, local threat intelligence pipeline designed specifically for detection engineering workflows. Using Python, Ollama, and a small local model, you will ingest intelligence feeds, analyze that intelligence with local models to extract actionable insights, and present the output through a web interface that can be placed into your daily workflows. No expensive hardware. No overengineered or complex "AI agent" platforms. Just practical, privacy-friendly automation that you can build and operate yourself. You'll leave with a working pipeline you can expand on with more enrichments, detection engineering workflows, and integrations. 🎟️ Only at ContinuumCon 2026, June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !