
Understand attacker tradecraft to perform proactive compromise assessments.Phase 5 - Exfiltrate files from staging server, perform cleanup and set long-term persistence mechanisms (alternatively this phase would be used to deploy ransomware).Phase 4 - Find exfiltration point, collect and stage data for theft.Phase 3 - Searching for intellectual property, network profiling, business email compromise, dumping enterprise hashes.Phase 2 - Privilege escalation, lateral movement to other systems, malware utilities download, installation of additional beacons, and obtaining domain admin credentials.Phase 1 - Patient zero compromise and malware C2 beacon installation.The course exercises and final challenges illustrate real attacker traces found via end point artifacts, event logs, system memory, and more:

Build advanced forensics skills to counter anti-forensics and data hiding from technical subjects.Hunt down additional breaches using knowledge of the adversary.Track adversaries and develop threat intelligence to scope a network.Contain and remediate incidents of all types.Perform damage assessments and determine what was read, stolen, or changed.Quickly identify compromised and infected systems.

