Simple play icon Course
Skills

Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation

by Matthew Lloyd Davies

Explore how Volt Typhoon abused command and scripting interpreters to execute commands, scripts, and binaries in critical infrastructure networks.

What you'll learn

Volt Typhoon abused various command and scripting interpreters, such as PowerShell and the Windows Command Shell, as a way to execute arbitrary commands for the purpose of host and network enumeration, establishing command and control infrastructure, and evading defenses. In this course, Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation, you’ll focus specifically on how Volt Typhoon used the Windows Command Shell to gather information about hosts, users, and wider network information after gaining initial access to critical infrastructure networks. The commands they used are commonly used by system administrators on a day to day basis, so it was an incredibly stealthy technique that allowed Volt Typhoon to remain hidden within the networks for several years.

About the author

Matt is a cyber security author and researcher here at Pluralsight. A certified penetration tester and incident handler, he created Pluralsight's CompTIA Pentest+ Specialized Attacks courses as well our courses on wireless, ICS/OT and hardware hacking. Matt has also helped to build our security labs portfolio; labs that help you get hands-on to understand the threats and vulnerabilities your organization faces today. With a background in Chemical Engineering, Matt's focus is on the security ... more

Ready to upskill? Get started