threat-actor-campaigns

Spinning a Web Shell for Initial Access

Certain threat actors specialize in targeting vulnerable web servers and gain initial access by exploiting public-facing applications. Then they act as access brokers for ransomware gangs. Such campaigns highlight the need to protect against known vulnerabilities. Understanding these techniques is key to protecting your organization.
Share
Enroll Now
Need to train your team? Learn More
Start Course
Need to train your team? Learn More

Campaign Outline

Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.
Course
Free
1
H:
25
M
4
 CEUS

Active Scanning and Exploit Public-Facing Application

Threat actors will often perform Active Scanning to learn the landscape of a victim's network and plan their next steps. One of those next steps could be exploiting vulnerable public-facing applications to gain access and pursue their end-goals. Master the skills to detect and mitigate these techniques and secure your network.
Learn More & Enroll

Overview

Threat actors will often perform Active Scanning to learn the landscape of a victim's network and plan their next steps. One of those next steps could be exploiting vulnerable public-facing applications to gain access and pursue their end-goals. Master the skills to detect and mitigate these techniques and secure your network.
Start Learning
Course
Free
1
H:
10
M
4
 CEUS

Server Software Component: Web Shell

Bad actors can gain persistence on your network by abusing software development features that allow legitimate developers to extend server applications. In this way, they can install malicious code for later use. Learn to detect and thwart this activity and protect your network.
Learn More & Enroll

Overview

Bad actors can gain persistence on your network by abusing software development features that allow legitimate developers to extend server applications. In this way, they can install malicious code for later use. Learn to detect and thwart this activity and protect your network.
Start Learning
Course
Free
1
H:
10
M
4
 CEUS

OS Credential Dumping

Once attackers have a presence on your system, they may dump credentials from the operating system to gain further access and perform lateral movement. Learn to detect and dump attackers in this lab-based course.
Learn More & Enroll

Overview

Once attackers have a presence on your system, they may dump credentials from the operating system to gain further access and perform lateral movement. Learn to detect and dump attackers in this lab-based course.
Start Learning
Course
Free
1
H:
25
M
4
 CEUS

Exfiltration Over Alternative Protocol and Clear CLI History

Financially motivated adversaries will often steal valuable data and exfiltrate it over an alternate protocol like FTP, SMTP or, HTTP/S. They could also encrypt or obfuscate these alternate channels to protect their nefarious activities. Learn to exfiltrate the attackers by detecting and mitigating these techniques.
Learn More & Enroll

Overview

Financially motivated adversaries will often steal valuable data and exfiltrate it over an alternate protocol like FTP, SMTP or, HTTP/S. They could also encrypt or obfuscate these alternate channels to protect their nefarious activities. Learn to exfiltrate the attackers by detecting and mitigating these techniques.
Start Learning