Post Exploitation

Adversary Simulations

Network Data Exfiltration Techniques.

Learn more


This training class has been designed to present students with modern and emerging tools and techniques available for network data exfiltration, testing and bypassing DLP/IDS/IPS/FW systems, protocol tunneling, hiding, pivoting and generating malicious network events. This highly technical content and only a hands-on practical approach guarantees that the usage of this transferred knowledge & technologies in real production environments will be easy, smooth and repeatable.

Using an available set of tools, the student will play one by one with well-prepared exfiltration, pivoting and tunneling use-cases to generate the true network symptoms of a modern attacker’s behavior. Great content for SIEM / SOC team validation.


  • Introduction:
    • ATT&CK Framework API.
    • Caldera
    • MAEC
    • TTP, Kill chain & defense in depth
  • Modern RAT’s implementation and popular APT&C2 malware communication design
    → real use cases
  • TCP/UDP bind and reverse shells.
  • Bypassing, exfiltration, tunneling, pivoting, proxying and C2 techniques.
  • Cloud-based exfiltration and C2 channels.
  • Windows & Powershell exfiltration tools.
  • Just a Browser Exfiltration.
  • Hoping from air-gapped networks.
  • USB attacks and network exfiltration combo.
  • The art of data hiding → steganography examples.
  • Signature-based event analytics, rule bypassing & malicious network traffic
  • Adversary simulation moves, actions, tools & automated platforms.
  • Summary → recommended defensive/protection tactics, tools and platforms.

Time Duration

3 days (9:00am - 5:00pm)

Who should attend

  • Red and Blue team members
  • Security / Data Analytics
  • CIRT / Incident Response Specialists
  • Network Security Engineers
  • SOC members and SIEM Engineers
  • AI / Machine Learning Developers
  • Chief Security Officers and IT Security Directors

TRAINER: Leszek Miś

Leszek Miś is the Founder of Defensive Security, Principal Trainer & IT Security Architect. Recently he was a VP, Head of Cyber Security in Collective Sense - a Machine Learning Network Security Startup from the U.S. where he was responsible for product security research, strategy, business analysis & technical feature implementation and recommendation. He has over 13 years of experience in the IT security market supporting the world’s largest customers in terms of exfiltration simulations and penetration tests, infrastructure hardening and general Open Source and IT Security consultancy services. In addition, he has 11 years of experience in teaching and transferring a deep technical knowledge and his own experience. He has trained 600+ students with the highest rank. He is an IT Security Architect with offensive love and a recognized expert in the enterprise OSS market.


Register at Brucon 0x0a in Belgium or Hack In The Box 2018 in Dubai on days 1-3 Sep 2018 and 25-26 Nov respectively. If interested in dedicated, closed training for your SOC team let us know too. We love delivering on-site training sessions!