KustoCon 2024

November 8th, 2024

About KustoCon

KustoCon 2024 is kicking off for the first time online on November 8th, 2024. It’s the perfect event for anyone interested in learning, sharing, and getting hands-on with Kusto Query Language (KQL), which is used across a various of Microsoft technologies. The event will have seven sessions, all presented by well-known pros from the KQL community.

Agenda

Time (CET/UTC+1) Session Speakers
14:00 Welcome & What is KQL and Why you should learn it Gianni & Alex
15:00 Anchored in Innovation - The Story of Kusto Henning Rauch
16:00 Threat Hunting with Kusto Mattias Borg & Stefan Schorling
17:00 Break
17:30 Find lateral movement paths using KQL Graph semantics Fabian Bader
18:30 The Kusto Approach to Unified Audit Log Bert-Jan Pals
19:30 Detection Engineering rabbit holes, Parsing ASN.1 packets with KQL Olaf Hartong
20:20 Closing notes

Register

Join us for KustoCon 2024 by registering on our Meetup page. Click the button below to secure your spot!

Register Now on Meetup

Speakers

Fabian Bader
Fabian Bader

Fabian Bader is a Cyber Security Architect and Microsoft MVP from Germany. He focuses on security and cloud solutions and works mainly with Microsoft technologies. From the Azure cloud to on-premises Active Directory, he likes to automate stuff with PowerShell. Besides being a speaker at community events and conferences, he blogs at "cloudbrothers.info", hosts the "Hamburg PowerShell User Group" and "Purple Elbe Security User Group" and is part of the organizing team of "PowerShell Saturday Hamburg" as well a technical book reviewer.

Mattias Borg
Mattias Borg

Incident Response Specialist with focus on Threat hunting and managing Microsoft 365 Defender and Microsoft Sentinel. Cyber Security consultant focused to help customers protecting and detect and respond to threats in their environments. Mattias is researching vulnerabilities when not working for customers. Blog: https://blog.sec-labs.com

Bert-Jan Pals
Bert-Jan Pals

Bert-Jan is a Defensive Security Specialist and Incident Responder. He specializes in threat detection, automation and response in cloud, hybrid and on-premises environments. Besides speaking at public events, Bert-Jan likes to share technical blogs on KQLQuery.com, where he provides in-depth tutorials and insights on using KQL for effective threat detection and automation. Bert-Jan is the author of various security tools Including ALFA, IR PowerShell and Sigma-AWS, which are available on GitHub (github.com/bert-JanP).

Olaf Hartong
Olaf Hartong

Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specialises in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects. Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular. He maintains a blog at https://olafhartong.nl

Henning Rauch
Henning Rauch

Henning Rauch is a Principal Product Manager at Microsoft and works on improving security, geospatial, and graph features for Eventhouse in the Fabric Real-Time Intelligence team. He came to Microsoft in 2016 and mainly worked with the automotive industry before moving to Microsoft’s R&D team. He studied computer science and has over two decades of experience in the industry.

Stefan Schorling
Stefan Schorling

Stefan is working as a trusted advisor within Security, Cloud and Modern Workplace Stefan has been in the IT business for over 25+ years and the last years has been with a security focus enabling customers being more productive and efficient with Cloud Technology. He is an expert in Security, System Management and System Operations. He has experience both from the Public and Private Sector. Customers are raging from midsize companies to multinational corporations with high compliance requirements. Stefan's blog is found here Https://blog.sec-labs.com

Alex Verboon
Alex Verboon

Alex Verboon is a CTO & Principal Cyber Security Consultant at baseVISION in Switzerland who is specialized in designing and implementing Microsoft Security solutions. Alex has been working in the field of Windows workplace management since the early 90s and has since then developed a passion for managing Windows in the enterprise. He loves using KQL, Microsoft Defender XDR Microsoft Sentinel, Entra ID, PowerShell and many other solutions of the Microsoft Security and automation stack. Nowadays Alex supports his customers to improve their security posture. In addition to his daily job since many years Alex is sharing his knowledge through his blog 'Anything About IT' (verboon.info), Twitter and GitHub. Alex is also the host of the "KQL Cafe" www.kqlcafe.com

Gianni Castaldi
Gianni Castaldi

I’m Gianni Castaldi and I’m from 1986 and got my first computer back in 1998 and I did a lot of reverse engineering, I broke the system and then had to restore it. I started in IT back in 2008. Like many of us, I started as a service desk engineer, then did some support- and system engineer jobs. One of the most fun projects I did in the IT part was in a manufacturing environment where we did the migration of XP to Windows 7 and Server 2003/2008 to 2012. Since 2017 I work in IT Security, where I spend most of my time securing companies with the Microsoft Security Stack, Palo Alto Networks, and Tenable products. I’ve also secured several ICS/SCADA related environments, and I have done several vulnerability assessments with the usual suspects like Burp and Kali. Nowadays I am a freelance Detection Engineer and Security Consultant at KustoWorks

Frans Oudendorp
Frans Oudendorp

Frans is an expert in Microsoft’s Security products, with a deep understanding of Defender for Office, Defender for Endpoint, and the comprehensive Microsoft 365 Defender suite. His extensive expertise has significantly benefited many customers. With over 20 years of experience in the IT industry, Frans currently works as an independent Consultant and Architect specializing in Microsoft Security solutions. His expertise not only covers the Microsoft 365 Defender suite but also extends deeply into Microsoft Intune, allowing him to deliver robust and integrated security and management solutions. In addition to his professional work, Frans is actively involved in the community. He records several podcasts, including TalkingSecurity, Security Brothers, and Workplace Ninjas Netherlands. Frans is also a frequent speaker at various events and plays a key role in organizing them.

Sponsors

Contact

For any queries, please contact us at "info at kustocon.com".