Threat actors like APT29 use Application Layer Protocols for Command and Control (C2) so they can blend in and avoid detection. They also may attempt to steal data and exfiltrate it to a cloud storage service as the end-goal of their attack. In this course, you will learn about these techniques and get practice detecting them in our virtual lab.
After completing MITRE ATT&CK TTP content, learners should be able to:
- Detect adversary usage of a technique or sub-technique in a hands-on environment.
- Explain possible approaches for setting up detection rules and recommending mitigations for the technique.
- Describe how an adversary might chain this technique together with adjacent or related techniques in order to accomplish objectives on goal.
- Provide examples of real-world procedures that illustrate the techniques.