Owen Dubiel

Phishing is one of the top techniques leveraged in breaches today, and adversaries use it to send malicious attachments to targeted users. PowerShell is a powerful scripting tool that adversaries can exploit to perform recon and run executables. You will detect these adversary techniques and discover ways to mitigate them.

This hands-on lab covers the Mitre TTP T1041- Exfiltration Over C2 channel, which involves exfiltrating data over a command and control (C2) channel. This technique is commonly used by threat actors to evade detection and exfiltrate sensitive information from compromised networks.

This hands-on lab provides a brief survey of the MITRE TTP T1105 technique. This technique involves using tools to transfer malicious files onto a target network and the techniques used to evade detection.

In this hands-on lab, you will practice simulating a command-and-control (C2) beacon and detecting the resulting activity using a SIEM.

In this hands-on lab, you will learn how the native PowerShell scripting language for Windows can be abused to allow an attacker to execute remote commands, establish persistence, and create autorun files to carry out an attack.

In this hands-on lab, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files using the built-in rundll32.exe. Using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under rundll32.