Elements Bar & Lounge
165 O'Farrell St, 4th Floor
San Francisco, CA 94102
6pm - 8pm
Join Huntress and your peers for an exclusive meet-up where you can eat, drink, and unwind with fellow security pros. We’ll talk tech, trade war stories from the front lines, and show you how our team hunts down real-world threats every day.
We have 20+ bite-sized booth sessions planned, led by the folks who live in the trenches of cyber defense every day. From real-world tradecraft to practical how-tos, our experts will break down what’s really happening in the wild—and what you can do about it. Come for the education, stay for the war stories, and walk away smarter than when you showed up.
Get your Huntress tee and gear up in the latest Ransomwear. Stop by the booth to watch how we wreck ransomware in the wild, meet the team, and walk away with real security insights (and swag) that stick.
3/23 | 2:20pm PDT - 3:10pm PDT | HTA-M07
Anna Pham | Senior Hunt & Response Analyst, Huntress
SocGholish is one of the most effective initial access operations feeding ransomware groups like RansomHub. This session will break down findings from 100+ real-world SocGholish cases, tracing its evolution and exposing payloads including the advanced GhostWeaver backdoor. Attendees will leave with detection and mitigation strategies to stop SocGholish before it opens the door to ransomware.
3/24 | 8:30am - 9:20am PDT | HT-T01
Jenko Hwong | Principal Threat Researcher, Huntress
With Storm-2372 (2025), Russian threat actors used OAuth Device Code Phishing to abuse the device registration process to hijack the Primary Refresh Token. This session will recreate the attack, compare valid activity, showing logging, access policies, and detection rules. Attendees will take away concrete implementation guidance and what can be changed to mitigate/detect/respond more effectively.
3/24 | 8:30am - 10:30am PDT | LAB2-T01
Edward Crowder | Principal Research, Crowder Enterprise Consulting
Anna Pham | Senior Hunt & Response Analyst, Huntress
Dive deep into a real two-month Latrodectus intrusion using Elastic Stack, CyberChef, Volatility, and Wireshark. Participants will hunt through network traffic, memory dumps, and SIEM data to uncover the complete attack chain from JavaScript loader to data exfiltration. Gain hands-on experience with industry-standard tools while building practical threat hunting skills.
Lock in 20 minutes with the Huntress team at RSAC to get face-to-face time, knock out your biggest questions, and walk away with a clear, actionable plan for your security stack.
