Weak Link in the Supply Chain
Threat actors known as Advanced Persistent Threats (APTs) conduct highly sophisticated attacks sponsored by nation-states. They maintain a committment to stealth and often use custom malware. This campaign emulates a supply chain attack by APT29 that is similar to the SolarWinds compromise and it has the end goal of stealing sensitive information.
Campaign Outline
Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.
Compromise Software Supply Chain
Threat actors use the technique Compromise Software Supply Chain by altering software that they know their victims will use. They include a backdoor that will give them access to their victim's network once the software is installed. You will detect this technique in a virtual lab and master how to mitigate this threat.
Overview
Threat actors use the technique Compromise Software Supply Chain by altering software that they know their victims will use. They include a backdoor that will give them access to their victim's network once the software is installed. You will detect this technique in a virtual lab and master how to mitigate this threat.
Unsecured Credentials and Domain Accounts
Threat actors use the techniques Unsecured Credentials and Domain Accounts to obtain credential access and gain persistence. In this emulation of how the threat group APT29 would use these techniques, you will get hands-on practice detecting this activity so you can protect your organization from highly sophisticated advanced persistent threats.
Overview
Threat actors use the techniques Unsecured Credentials and Domain Accounts to obtain credential access and gain persistence. In this emulation of how the threat group APT29 would use these techniques, you will get hands-on practice detecting this activity so you can protect your organization from highly sophisticated advanced persistent threats.
Disable Windows Event Log and Timestomp
Sophisticated threat actors like APT29 will use the techniques Disable Windows Event Logging and Timestomp for defense evasion to prevent defenders from seeing their presence on the network. You will detect this nefarious activity in our virtual lab so you can react to advanced attackers and outsmart them.
Overview
Sophisticated threat actors like APT29 will use the techniques Disable Windows Event Logging and Timestomp for defense evasion to prevent defenders from seeing their presence on the network. You will detect this nefarious activity in our virtual lab so you can react to advanced attackers and outsmart them.
Lateral Movement: Windows Remote Management
In order to achieve lateral movement, threat actors will use a valid account to access remote systems, such as the Windows Remote Management service. In this way, the threat actor can move around the network and search for valuable information or greater access. Learn more and get hands-on with this technique by detecting it in our virtual lab.
Overview
In order to achieve lateral movement, threat actors will use a valid account to access remote systems, such as the Windows Remote Management service. In this way, the threat actor can move around the network and search for valuable information or greater access. Learn more and get hands-on with this technique by detecting it in our virtual lab.
Application Layer Protocol for C2 and Exfil to Cloud
Threat actors like APT29 use Application Layer Protocols for Command and Control (C2) so they can blend in and avoid detection. They also may attempt to steal data and exfiltrate it to a cloud storage service as the end-goal of their attack. In this course, you will learn about these techniques and get practice detecting them in our virtual lab.
Overview
Threat actors like APT29 use Application Layer Protocols for Command and Control (C2) so they can blend in and avoid detection. They also may attempt to steal data and exfiltrate it to a cloud storage service as the end-goal of their attack. In this course, you will learn about these techniques and get practice detecting them in our virtual lab.
