Exfiltration and Extortion

Many organizations do not monitor for additions to the Windows Registry that could be used to trigger autostart execution on system boot or logon. This allows adversaries to launch programs that run at higher privileges and paves the way for more damaging activity. Learn how to detect and mitigate this activity to secure your network.

Once adversaries compromise your network, they can transfer tools between systems in order to stage them for later use or to support lateral movement. They may use file sharing protocols or copy files with existing tools like scp, sftp and ftp. Learn how to spot and mitigate this behavior so you can stop adversaries in their tracks.

While you may be prepared to detect the use of malware on your system, what if an adversary uses a legitimate software tool for a nefarious purpose? Adversaries may buy or steal software and use it in unexpected ways. Learn how adversaries leverage this technique so you can defend your organization.

Some organizations do not configure their operating systems and account management to properly protect the use of task scheduling functionality. As a result, adversaries can abuse this capability to execute malicious code on a victim’s system. Get hands-on practice detecting this technique so you can protect your organization.

Once on a victim's system, adversaries will perform user discovery to determine information, such as the primary user’s identity and capabilities. They may seek out users with access to remote systems so they can cast their net wider. Discover the attacker instead of the other way around with this dynamic, lab-based course!

Organizations that do not enforce strong password policies and audit privileged account management can fall victim to attackers who leverage access to local accounts. With it, they can gain initial access, persistence, privilege escalation, or defense evasion. Learn how to detect and prevent this type of activity in this dynamic lab-based course.