Course description
Join us at RSA for an interactive session on threat hunting hosted by Keatron Evans — then jump over to our June Challenge to put your own skills to the test! Start out by playing the role of an adversary and attempt to exploit two common vulnerabilities. Then, set out on your own cyber threat hunt by getting hands-on with volatility3 inside .vmem files. The third and final level will put you up against advanced adversarial tactics used by Sandworm APT! Don’t forget to share your certificate of completion on LinkedIn and tag our @Infosec profile for your chance to win a $100 Amazon gift card, Infosec hoodie and a free year of on-demand training with Infosec Skills!

Syllabus
Sandworm APT Lab 2
Lab — 00:30:00
Sandworm APT is an advanced hacking group that has been active since at least 2009. Most famous for their attacks on Ukrainian electrical companies and the NotPetya attacks in 2016, they are a Russian-backed threat group. In this lab we’ll take a look at and emulate some of the techniques that Sandworm has used in the past to compromise, pivot from, and destroy a server.
Common Attack Types – Insecure Direct Object Reference (IDOR) & Directory Traversal
Lab — 00:30:00
This lab walks a user through an example of Insecure Direct Object Referencing and Directory TraversalInsecure direct object reference (IDOR) is a type of access control vulnerability that occurs when an application exposes a direct reference to an internal object. Finding an IDOR allows attackers to enumerate and extract other information.Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to access restricted directories on the server. The directories can contain anything from application code and credentials for back-end systems to sensitive operating system files. In case read and write permissions are not correctly set, attackers can modify the files and ultimately take full control of the server.
Cyber Threat Hunting – Finding Threats in .vmem Files
Lab — 00:30:00
In this lab you will examine a vmem file for threats using volatility3, the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples.
Unlock 7 days of free training
- 1,400+ hands-on courses and labs
- Certification practice exams
- Skill assessments
You're in good company
We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.
Caleb Yankus
This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.
Daniel Simpson
We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.
Infosec Skills Teams client
Plans & pricing
-
Infosec Skills Personal
- 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Custom certification practice exams (e.g., CISSP, Security+)
- Skill assessments
- Infosec peer community support
-
Infosec Skills Teams
- Team administration and reporting
- Dedicated client success manager
-
Single sign-on (SSO)
Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
-
Integrations via API
Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
- 190+ role-guided learning paths and assessments (e.g., Incident Response)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Create and assign custom learning paths
- Custom certification practice exams (e.g., CISSP, CISA)
- Optional upgrade: Guarantee team certification with live boot camps
Award-winning training that you can trust




