Monthly Archives: March 2023

164. Living off the Land (OBJ 3.7) In this lesson, we’re going to talk about living off the land and some differences between some traditional malware exploitation techniques. And so we have to first define what is an exploit technique? Well, an exploit technique describes the specific method by which malware code infects a targeted […]

161. Detection Avoidance (OBJ 3.7) In this section of the course, we’re going to discuss the different techniques that are used during the post exploitation portion of your attacks against a target in order to establish a foothold, maintain persistence and avoid detection. Now, we’re going to be completing our coverage of Domain 3, attacks […]

157. Lateral Movement (OBJ 3.7) Now, we talked about lateral movement already and I already provided a couple of examples or techniques that we can use for lateral movement as an attacker if you’re working as a pen tester. Things like pass the hash or golden ticket attack. But there are other ones out there […]

159. Escalating Privileges (OBJ 3.7) In this lesson, we’re going to talk about escalating privileges, which is something an attacker tries to do once they exploit a target system or network. This is known as privilege escalation. Simply put, privilege escalation is the practice of exploiting flaws in an operating system or other application to […]

154. Lateral Movement and Pivoting (OBJ 3.7) Lateral movement and pivoting. If you’ve ever watched American football, you’ve probably seen a lateral pass. Now, a lateral pass occurs when the player tosses the ball to a teammate by throwing it to the side or behind them, and that way you’re moving the ball to another […]

151. Post-exploitation (OBJ 3.7) In this section of the course, we’re going to discuss different techniques that are used during the post exploitation part of your attacks against a target network. Now post exploitation actions are any actions that you take after the initial attack or exploit has been successful. For example, if you were […]

149. Virtual Machine Attacks (OBJ 3.5) In this lesson, we’re going to discuss virtual machine attacks, including VM escapes, VM hopping, sandbox escapes and other VM concerns. First, we have VM escapes or virtual machine escapes. A VM escape is a type of attack where a threat actor attempts to get out of an isolated […]

146. ICS Protocols and Vulnerabilities (OBJ 3.5) In this lesson, we’re going to talk about the different industrial control system protocols that you may come across in your position as a cyber security practitioner. These protocols include the controller area networks, or CAN, the Modbus, the data distribution service, or DDS, and the safety instrumented […]

141. Attacks on Specialized Systems (OBJ 3.5) In this section of the course, we’re going to discuss the different types of attacks that can be conducted against specialized systems. Such as the internet of things devices, embedded systems, ICS and SCADA devices, data storage systems, virtual machines, hypervisors, and containerized services. The internet of things […]

144. Embedded Systems (OBJ 3.5) In this lesson, we’re going to start talking about some embedded system vulnerabilities. Because we talked about the fact that a lot of these devices that we connect to the internet as part of the internet of things at large, do have embedded operating systems, like Linux or Android or […]