Windows Threat Detection 3
Premium roomLearn how threat actors manage to maintain access to the breached Windows hosts.
medium
60 min
10,324
To access material, start machines and answer questions login.
What if attackers aren't satisfied with just breaching the host but aim to stay, establish control, and use the system as a starting point for future operations? This room completes your Windows threat detection journey and explores how a compromised host can become part of a larger attack, focusing on three tactics: Command and Control, , and Impact.
Learning Objectives
- Remind the concept of Command and Control ()
- Learn why and how threat actors maintain control of their victims
- Use Windows event logs to uncover various methods
- See how the learned techniques work in a hands-on environment
Prerequisites
- Recall the basics of (opens in new tab) tactics and Windows logs
- Complete Windows Threat Detection 1 and 2 rooms
- Be ready to dive deeper into the last stages of Windows attacks
Lab Access
Before moving forward, start the lab by clicking the Start Machine button below. The will open in split view and will need about 2 minutes to fully load. In case the is not visible, you can click the Show Split View button at the top of the page.
Set up your virtual environment
Credentials
Alternatively, you can access the from your own -connected machine with the credentials below:
Let's go!
Ready to learn Cyber Security?
The Windows Threat Detection 3 room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in