MITRE ATT&CK: Execution Cyber Range

Learn the execution tactics outlined in the MITRE ATT&CK framework.

4 hours, 30 minutes

The Labs

Train hands-on

  • MITRE ATT&CK - Execution - CTF

    30 minutes
    This CTF highlights the range of possibilities attackers can choose from when planning to compromise a target. The student will learn how to use Initial Access techniques in order to plan and orchestrate stealthy and persistent attacks. Such techniques will enable the student to execute commands on the system whilst leaving minimal traces.
  • MITRE ATT&CK - Execution - Python

    30 minutes
    Python is a prevalent scripting/programming language with capabilities to perform many functions. It can be executed interactively from the command line using its interpreter or via scripts (.py) that can be written and distributed to different systems. Python also allows compiling the code into binary executables and has many built-in packages to interact with the underlying system. Adversaries use Python libraries to download and execute commands to perform malicious behaviors.
  • MITRE ATT&CK - Execution - Exploitation for Client Execution

    30 minutes
    This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to show how adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior.
  • MITRE ATT&CK - Execution - JavaScript

    30 minutes
    JavaScript is a platform-independent scripting language commonly associated with scripts on webpages, though it can also be executed in runtime environments. Adversaries abuse various implementations of JavaScript to execute various behaviors, such as hosting malicious scripts on websites or downloading and executing these scripts files as secondary payloads.
  • MITRE ATT&CK - Execution - Macros

    30 minutes
    This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to show how documents that leverage macros exploit capabilities that are provided by Microsoft Office or Libre Office for Linux Systems.
  • MITRE ATT&CK - Execution - PowerShell

    30 minutes
    PowerShell is a cross-platform task automation framework consisting of a command-line and programming language. Its scripting capabilities, built-in commands and the flexibility it offers in command manipulation make it a powerful tool used to control and configure devices. Similarly, the tool provides threat actors with the perfect environment for composing and running malicious scripts and programs. The abovementioned features make PowerShell a favorite amongst attacking tools, especially for Living of the Land and Fileless Malware attacks.This lab will cover the basics of PowerShell and later on address scripting, command execution, and resource building utilizing this robust framework.
  • MITRE ATT&CK - Execution - Unix Shell

    30 minutes
    Most systems have a built-in command-line interface and scripting capabilities like the Unix Shell in Linux Distributions. Shells are one of, if not the most powerful tools available to a Linux user that allows utilizing the features and functionality the kernel installed on their system offers. Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
  • MITRE ATT&CK - Execution - User Execution

    30 minutes
    This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to show how victims can be subjected to social engineering to get them to execute malicious code.
  • MITRE ATT&CK - Execution - Visual Basic

    30 minutes
    This lab incorporates a series of Mitre ATT&CK techniques and sub-techniques to show how adversaries can abuse Visual Basic for execution.

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments