Pre-positioning in US critical infrastructure using nothing but built-in OS tools. Simulated LOTL reconnaissance, RFC 1928 SOCKS5 proxy (KV-Botnet), Versa Director CVE-2024-39717 exploit, and FortiGate VPN credential phishing. Zero custom malware — detection must be entirely behavioral.
Read More
Revenue-driven cyber operations funding a sanctioned regime. Simulated Operation Dream Job social engineering lures, FakeTLS protocol-level C2 deception, Chrome DPAPI credential theft, npm supply chain backdoors, and FudModule kernel rootkit callbacks. $1.34 billion stolen in crypto in 2024 alone.
Read More
Exploiting software trust via trojanized applications and DLL side-loading. Simulated version.dll proxying, AES-256 encrypted REST C2, GDI-based screen capture, and drive-by compromise via typosquat domains. Focuses on blending into trusted contexts to evade behavioral detection.
Read More
Stealthy, long-term espionage using non-standard communication channels. Simulated DNS tunneling (RFC 1035), Exchange EWS dead-drop C2 via email drafts, steganography in BMP/PNG image pixels, and Kerberoasting for lateral movement. Designed for extreme persistence in high-security environments.
Read More
Highlighted how real-world compromises are often the result of chained misconfigurations rather than a single exploit. A web-facing weakness led to an internal pivot, exposed secrets enabled user access, and an overly permissive escalation path resulted in full host compromise. This lab reinforced key security fundamentals: strong credential hygiene, least privilege, network segmentation, and effective monitoring. Hands-on exercises like this are invaluable for understanding both offensive techniques and defensive controls.
Read More