Senior Instructor
Matthew Mullins
Security Researcher - Adversary Emulation
Matt Mullins is a seasoned professional within offensive security with over a decade of experience where he has worked in medical, financial, and government spaces.
See More
Rating
41
courses
courses
Courses
Challenge: Episode II - Attack of the Encoders
Adversaries commonly use encoding, encryption, and hashing to obscure their scripts and attacks. As a CTF player, you will need to analyze alerts and uncover the true nature of a suspicious string embedded in a file. Can you help figure out what it’s trying to say?
Challenge: Buttercup Get-Help
Threat actors commonly use file types in creative ways. As a CTF player, you must discover a mysterious file artifact and investigate its hidden treasure!
Challenge: The Base(64)ics
Threat actors commonly use legitimate tools in nefarious ways. As a CTF player, you’ll need to find creative ways to uncover these types of tactics. While evaluating a recent alert in your EDR, you’ve come across a weird string at the end of a powershell command. Can you help figure out what it’s trying to say?
Challenge: Spiny Shell
You receive an alert about a suspicious command execution on a Windows endpoint. Early analysis suggests PowerShell has not locked down appropriately. Can you validate if anything malicious is underway? Now that you have some basic information discovered, dive deeper into the suspicious command to identify the attacker's infrastructure and setup!
CVE Series: Follina (CVE-2022-30190)
The Follina exploit (CVE-2022-30190) is a Windows Remote Code Execution (RCE) vulnerability that could allow a threat actor to acquire an initial level of access after a successful phishing attack. Take our course to gain the skills you need to identify the vulnerability, detect it, and mitigate it (with current best knowledge).
CVE Series: Spring4Shell (CVE-2022-22965)
Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!
Application Layer Protocol: Web Protocols
In this course, students will learn how C2 connections are established and used by attackers in a real-world demonstration to give learners a sense of how to detect malicious HTTP traffic. This is the last course in the Raspberry Robin Attack series.
Command and Scripting Interpreter: Windows Command Shell
In this course, you will learn how the native CMD scripting language for Windows can be abused to allow an attacker to execute remote commands, establish persistence and create autorun files to carry out an attack within the Raspberry Robin attack cycle.
System Binary Proxy Execution: Rundll32
In the course, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files using the built-in rundll32.exe. Using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under rundll32.
System Binary Proxy Execution: Msiexec
In the course, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files by utilizing the built in rundll32.exe. By using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under the rundll32.
Replication Through Removable Media
In this course, students will learn the basics of how an adversary can use removable media devices to not only gain access to an unauthorized host, but also enable autorun scripts to download additional infrastructure and payloads to a victim host.
Lateral Movement: Windows Remote Management
In order to achieve lateral movement, threat actors will use a valid account to access remote systems, such as the Windows Remote Management service. In this way, the threat actor can move around the network and search for valuable information or greater access. Learn more and get hands-on with this technique by detecting it in our virtual lab.
Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.