Owen Dubiel

In this hands-on lab, you will learn how the native PowerShell scripting language for Windows can be abused to allow an attacker to execute remote commands, establish persistence, and create autorun files to carry out an attack.

In this hands-on lab, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files using the built-in rundll32.exe. Using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under rundll32.

In this hands-on lab, students will learn the basics of how an adversary can use removable media devices to gain access to an unauthorized host.

Some organizations do not configure their operating systems and account management to properly protect the use of task scheduling functionality. As a result, adversaries can abuse this capability to execute malicious code on a victim’s system. Get hands-on practice detecting this technique so you can protect your organization.

Many organizations do not monitor for additions to the Windows Registry that could be used to trigger autostart execution on system boot or logon. This allows adversaries to launch programs that run at higher privileges and paves the way for more damaging activity. Learn how to detect and mitigate this activity to secure your network.