Campaign Outline
Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.
System Binary Proxy Execution and a Spearphish Payload
Spearphishing is one of the oldest tricks in the book, and in this course you will learn more about how it actually works. Plus, see how adversaries can hide malicious code in compiled HTML files. Detect and mitigate these techniques in our hands-on course.
Overview
Spearphishing is one of the oldest tricks in the book, and in this course you will learn more about how it actually works. Plus, see how adversaries can hide malicious code in compiled HTML files. Detect and mitigate these techniques in our hands-on course.
Persistence via Windows Services
Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.
Overview
Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.
Local Account Discovery, Creation, and Manipulation
After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!
Overview
After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!
Using LOLbins for Tool Downloads
LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.
Overview
LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.
Automated Archive and Exfiltration
Once an adversary has firmly established access within a target environment and identified data of interest, they want to gather and exfiltrate that data. Learn to detect such late-stage threat actor campaign techniques of automated archive and exfiltration in our hands-on course.
Overview
Once an adversary has firmly established access within a target environment and identified data of interest, they want to gather and exfiltrate that data. Learn to detect such late-stage threat actor campaign techniques of automated archive and exfiltration in our hands-on course.
Ransomware with Recovery Disruption
After an adversary has exfiltrated data from a target system, the potential final stages in an attack include encrypting data for impact and inhibiting system recovery. Learn how to detect endgame ransomware techniques before a threat actor can accomplish their nefarious objectives!
Overview
After an adversary has exfiltrated data from a target system, the potential final stages in an attack include encrypting data for impact and inhibiting system recovery. Learn how to detect endgame ransomware techniques before a threat actor can accomplish their nefarious objectives!