Senior Instructor
Matthew Mullins
Security Researcher - Adversary Emulation
Matt Mullins is a seasoned professional within offensive security with over a decade of experience where he has worked in medical, financial, and government spaces.
See More
Rating
41
courses
courses
Courses
Using LOLbins for Tool Downloads
LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.
Automated Archive and Exfiltration
Once an adversary has firmly established access within a target environment and identified data of interest, they want to gather and exfiltrate that data. Learn to detect such late-stage threat actor campaign techniques of automated archive and exfiltration in our hands-on course.
Persistence via Windows Services
Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.
Local Account Discovery, Creation, and Manipulation
After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!
System Binary Proxy Execution and a Spearphish Payload
Spearphishing is one of the oldest tricks in the book, and in this course you will learn more about how it actually works. Plus, see how adversaries can hide malicious code in compiled HTML files. Detect and mitigate these techniques in our hands-on course.
Exfiltration Over Alternative Protocol and Clear CLI History
Financially motivated adversaries will often steal valuable data and exfiltrate it over an alternate protocol like FTP, SMTP or, HTTP/S. They could also encrypt or obfuscate these alternate channels to protect their nefarious activities. Learn to exfiltrate the attackers by detecting and mitigating these techniques.
Server Software Component: Web Shell
Bad actors can gain persistence on your network by abusing software development features that allow legitimate developers to extend server applications. In this way, they can install malicious code for later use. Learn to detect and thwart this activity and protect your network.
Scheduled Task
Some organizations do not configure their operating systems and account management to properly protect the use of task scheduling functionality. As a result, adversaries can abuse this capability to execute malicious code on a victim’s system. Get hands-on practice detecting this technique so you can protect your organization.
User Discovery
Once on a victim's system, adversaries will perform user discovery to determine information, such as the primary user’s identity and capabilities. They may seek out users with access to remote systems so they can cast their net wider. Discover the attacker instead of the other way around with this dynamic, lab-based course!
Registry Run Keys
Many organizations do not monitor for additions to the Windows Registry that could be used to trigger autostart execution on system boot or logon. This allows adversaries to launch programs that run at higher privileges and paves the way for more damaging activity. Learn how to detect and mitigate this activity to secure your network.
Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.