Senior Instructor
Chris Daywalt
Security Freelancer
Chris Daywalt is a security freelancer in the defensive space who spends much of his day doing and teaching Digital Forensics and Incident Response (DFIR).
See More
Rating
35
courses
courses
Courses
Using LOLbins for Tool Downloads
LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.
Automated Archive and Exfiltration
Once an adversary has firmly established access within a target environment and identified data of interest, they want to gather and exfiltrate that data. Learn to detect such late-stage threat actor campaign techniques of automated archive and exfiltration in our hands-on course.
Persistence via Windows Services
Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.
Local Account Discovery, Creation, and Manipulation
After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!
System Binary Proxy Execution and a Spearphish Payload
Spearphishing is one of the oldest tricks in the book, and in this course you will learn more about how it actually works. Plus, see how adversaries can hide malicious code in compiled HTML files. Detect and mitigate these techniques in our hands-on course.
Exfiltration Over Alternative Protocol and Clear CLI History
Financially motivated adversaries will often steal valuable data and exfiltrate it over an alternate protocol like FTP, SMTP or, HTTP/S. They could also encrypt or obfuscate these alternate channels to protect their nefarious activities. Learn to exfiltrate the attackers by detecting and mitigating these techniques.
Server Software Component: Web Shell
Bad actors can gain persistence on your network by abusing software development features that allow legitimate developers to extend server applications. In this way, they can install malicious code for later use. Learn to detect and thwart this activity and protect your network.
OS Credential Dumping
Once attackers have a presence on your system, they may dump credentials from the operating system to gain further access and perform lateral movement. Learn to detect and dump attackers in this lab-based course.
Active Scanning and Exploit Public-Facing Application
Threat actors will often perform Active Scanning to learn the landscape of a victim's network and plan their next steps. One of those next steps could be exploiting vulnerable public-facing applications to gain access and pursue their end-goals. Master the skills to detect and mitigate these techniques and secure your network.
After too many years of security operations work, Chris Daywalt tries to turn his phone off at 5:00 pm EST. While there are a bunch of training classes and education somewhere on his resume, much of what he has to teach was learned at the school of hard knocks, often at the expense of his previous clients. He wants to help you spend more time detecting and denying adversaries and less time banging your head against your keyboard. He dips his blueberry donuts in orange juice.
Chris’ 19-year career includes work for organizations of all sizes, both government and private sector, and is distributed roughly like so: