Featured resource
pluralsight tech forecast
2025 Tech Forecast

Which technologies will dominate in 2025? And what skills do you need to keep up?

Check it out
Hamburger Icon
  • Course
    • Libraries: If you want this course, consider one of these libraries.
    • Security

Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation

Explore how Volt Typhoon abused command and scripting interpreters to execute commands, scripts, and binaries in critical infrastructure networks.

Matthew Lloyd Davies - Pluralsight course - Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation
by Matthew Lloyd Davies

What you'll learn

Volt Typhoon abused various command and scripting interpreters, such as PowerShell and the Windows Command Shell, as a way to execute arbitrary commands for the purpose of host and network enumeration, establishing command and control infrastructure, and evading defenses. In this course, Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation, you’ll focus specifically on how Volt Typhoon used the Windows Command Shell to gather information about hosts, users, and wider network information after gaining initial access to critical infrastructure networks. The commands they used are commonly used by system administrators on a day to day basis, so it was an incredibly stealthy technique that allowed Volt Typhoon to remain hidden within the networks for several years.

Table of contents

About the author

Matthew Lloyd Davies - Pluralsight course - Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation
Matthew Lloyd Davies

Matt has a degree in Chemical engineering and a PhD in mathematical chemistry. He is also a GIAC certified incident handler and penetration tester and has regulated cyber security in the UK civil nuclear sector for many years.

More Courses by Matthew