Crimson7 at Cybersec Europe Brussels
Two operator-grade talks on continuous Purple Team validation and threat hunting at scale. Plus our team at booth 05.B067 across both days. Both talks delivered by Joey Verleg, Head of Managed Services.
Two talks. One operator's perspective.
Joey delivers both sessions. Different rooms, different days, same operator-grade lens.
Always Under Attack: Turning Purple Teaming into Continuous Security Validation
In this session, Crimson7 tackles one operational question head-on: do our detections actually catch real attacks, right now? We'll show how we use HackerFlow to answer that without waiting for the annual red/purple team cycle.
Instead of relying on point-in-time exercises, HackerFlow continuously ingests threat intelligence, translates it into threat-informed test plans, and runs repeatable attack simulations mapped to MITRE ATT&CK using open-source C2 frameworks plus a private C2 for more advanced tradecraft. Crucially, we'll show how validation goes beyond “noisy” commodity tests (like basic PowerShell) by exercising fileless / in-memory behaviors and realistic operator patterns so you can verify whether your EDR and analytics catch what sophisticated intrusions actually do, not just the easy stuff. As simulations execute, HackerFlow validates whether detections fire, captures full execution telemetry, and produces audit-ready evidence and gap reports, helping teams fix blind spots before incidents and support continuous validation expectations under DORA/NIS2.
Never Hunt Alone: A Threat Hunting Companion for the SOC
In this session Crimson7 will show how to turn threat hunting from “tribal knowledge” into a repeatable, measurable workflow using 7Hunter. We'll demo how teams can go from a CTI lead or hypothesis to an executable hunt in minutes by browsing 4,280+ pre-built KQL queries and 75+ investigation runbooks, all mapped to MITRE ATT&CK so you can see what techniques you actually cover. You'll see one-click export to Microsoft Sentinel with automatic hunt creation, how an AI assistant can run live KQL during an investigation to speed iteration, and how the public REST API plugs into SOAR pipelines. The goal: faster hunts, fewer blind spots, and real visibility into your hunting posture, without rebuilding queries from scratch every time.
Come find us at the booth
We're at booth 05.B067 across both days. Bring questions about offensive security, detection engineering, threat hunting, or how Purple Team programs actually run in production. We'll talk through HackerFlow and 7Hunter on demand — but mostly we want to hear what you're working on.
If you'd like a guaranteed slot rather than queuing up, book a 20-minute conversation below.
Get the decks delivered when the event wraps
Drop your email below. We'll send both talk decks (Joey's full slides) plus our Crimson7 capabilities deck the day after the event closes. No spam — you can unsubscribe with one click.
By submitting, you agree to receive the decks and follow-up notes from Kenneth at Crimson7. See our privacy policy.
About Joey
Joey Verleg
Head of Managed Services, Crimson7
Joey leads Managed Services at Crimson7, where he runs continuous Purple Team programs for security teams and consulting partners. His focus is making adversary emulation usable — turning attack output into detection rules teams actually deploy.
Crimson7 in one paragraph
Crimson7 is an offensive security firm based in Brussels. We do red team, purple team, detection engineering, and threat hunting work for security teams and consulting partners. We build tools — HackerFlow and 7Hunter — when the market doesn't have what operators actually need.
Post-event recap and slides will appear here after May 21.