Cyber Range

MITRE ATT&CK: Collection Cyber Range

Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the data. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.

3 hours, 30 minutes

The Labs

Train hands-on

MITRE ATT&CK - Collection - Archive Collected Data

This lab incorporates the MITRE ATT&CK Archive Collected Data technique. This lab utilizes tools and utilities such as: ZIP, GZIP, 7-Zip, Tar, PGP, Zlib, Bzip2 as well as others.

MITRE ATT&CK - Collection - Automated Collection

Learn how to Automate Data Collection using different programming languages such as PowerShell, C, Python and Bash.

MITRE ATT&CK - Collection - Data From Local System

Learn how to collect files and data from an infected machine. Utilizes commands such as find, locate and copy (cp) to collect data. Additionally this lab uses some basic mysql queries to find data in a mysql database.

MITRE ATT&CK - Collection - Data from Network Shared Drive

This lab incorporates the MITRE ATT&CK Data from Network Shared Drive technique. Utilities/Tools: Nmap, Samba/smb, SCP, Find, Grep and others.

MITRE ATT&CK - Collection - Data Staged

Learn different methods of how adversaries may stage collected data in a central location or directory prior to exfiltration.

MITRE ATT&CK - Collection - Email Collection

This lab incorporates the MITRE ATT&CK Email Collection technique

MITRE ATT&CK - Collection - Screen & Video Capture

This lab incorporates the MITRE ATT&CK Screen & Video Capture

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments