Senior Instructor

Matthew Mullins

Security Researcher - Adversary Emulation

Matt Mullins is a seasoned professional within offensive security with over a decade of experience where he has worked in medical, financial, and government spaces.

See More
Rating
41
courses
courses

Courses

false
true
false
Course
0
H:
45
M
1
CEUS

CVE Series: Spring4Shell (CVE-2022-22965)

Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!
Learn More & Enroll
false
true
false
Course
1
H:
35
M
2
CEUS

Application Layer Protocol: Web Protocols

In this course, students will learn how C2 connections are established and used by attackers in a real-world demonstration to give learners a sense of how to detect malicious HTTP traffic. This is the last course in the Raspberry Robin Attack series.
Learn More & Enroll
false
true
false
Course
1
H:
35
M
2
CEUS

Command and Scripting Interpreter: Windows Command Shell

In this course, you will learn how the native CMD scripting language for Windows can be abused to allow an attacker to execute remote commands, establish persistence and create autorun files to carry out an attack within the Raspberry Robin attack cycle.
Learn More & Enroll
false
true
false
Course
1
H:
35
M
2
CEUS

System Binary Proxy Execution: Rundll32

In the course, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files using the built-in rundll32.exe. Using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under rundll32.
Learn More & Enroll
false
true
false
Course
1
H:
35
M
2
CEUS

System Binary Proxy Execution: Msiexec

In the course, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files by utilizing the built in rundll32.exe. By using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under the rundll32.
Learn More & Enroll
false
true
false
Course
1
H:
35
M
2
CEUS

Replication Through Removable Media

In this course, students will learn the basics of how an adversary can use removable media devices to not only gain access to an unauthorized host, but also enable autorun scripts to download additional infrastructure and payloads to a victim host.
Learn More & Enroll
false
true
false
Course
1
H:
5
M
1
CEUS

Lateral Movement: Windows Remote Management

In order to achieve lateral movement, threat actors will use a valid account to access remote systems, such as the Windows Remote Management service. In this way, the threat actor can move around the network and search for valuable information or greater access. Learn more and get hands-on with this technique by detecting it in our virtual lab.
Learn More & Enroll
false
true
false
Course
1
H:
10
M
1
CEUS

Application Layer Protocol for C2 and Exfil to Cloud

Threat actors like APT29 use Application Layer Protocols for Command and Control (C2) so they can blend in and avoid detection. They also may attempt to steal data and exfiltrate it to a cloud storage service as the end-goal of their attack. In this course, you will learn about these techniques and get practice detecting them in our virtual lab.
Learn More & Enroll
false
true
false
Course
1
H:
15
M
1
CEUS

Unsecured Credentials and Domain Accounts

Threat actors use the techniques Unsecured Credentials and Domain Accounts to obtain credential access and gain persistence. In this emulation of how the threat group APT29 would use these techniques, you will get hands-on practice detecting this activity so you can protect your organization from highly sophisticated advanced persistent threats.
Learn More & Enroll
false
true
false
Course
1
H:
10
M
1
CEUS

Disable Windows Event Log and Timestomp

Sophisticated threat actors like APT29 will use the techniques Disable Windows Event Logging and Timestomp for defense evasion to prevent defenders from seeing their presence on the network. You will detect this nefarious activity in our virtual lab so you can react to advanced attackers and outsmart them.
Learn More & Enroll
false
true
false
Course
1
H:
19
M
1
CEUS

Compromise Software Supply Chain

Threat actors use the technique Compromise Software Supply Chain by altering software that they know their victims will use. They include a backdoor that will give them access to their victim's network once the software is installed. You will detect this technique in a virtual lab and master how to mitigate this threat.
Learn More & Enroll
false
true
false
Course
1
H:
30
M
2
CEUS

Ransomware with Recovery Disruption

After an adversary has exfiltrated data from a target system, the potential final stages in an attack include encrypting data for impact and inhibiting system recovery. Learn how to detect endgame ransomware techniques before a threat actor can accomplish their nefarious objectives!
Learn More & Enroll

About Matthew Mullins

Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.