Spinning a Web Shell for Initial Access

How good is your patch policy? Attackers like Prophet Spider focus their whole operation on finding vulnerabilities in public-facing servers. Once they gain initial access, they hand the baton to ransomware groups. We’ll teach you how to foil their plans.

Prophet Spider
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

Campaign Outline

Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.


Threat actors will often perform Active Scanning to learn the landscape of a victim's network and plan their next steps. One of those next steps could be exploiting vulnerable public-facing applications to gain access and pursue their end-goals. Master the skills to detect and mitigate these techniques and secure your network.


Bad actors can gain persistence on your network by abusing software development features that allow legitimate developers to extend server applications. In this way, they can install malicious code for later use. Learn to detect and thwart this activity and protect your network.


Once attackers have a presence on your system, they may dump credentials from the operating system to gain further access and perform lateral movement. Learn to detect and dump attackers in this lab-based course.


Financially motivated adversaries will often steal valuable data and exfiltrate it over an alternate protocol like FTP, SMTP or, HTTP/S. They could also encrypt or obfuscate these alternate channels to protect their nefarious activities. Learn to exfiltrate the attackers by detecting and mitigating these techniques.