All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Security
    •

APT Campaigns

13 Courses
10 Labs
11 Hours
Skill IQ

In today's rapidly evolving cybersecurity landscape, organizations face increasingly sophisticated and persistent cyber threats. Advanced Persistent Threats (APTs) represent some of the most complex and insidious forms of cyber attacks, often orchestrated by well-funded and highly skilled adversaries. This course delves deep into understanding, detecting, and defending against specific APTs through immersive attack and defense emulations and hands-on labs.

Get started

Content in this path

Volt Typhoon

The volt Typhoon group is seeking to pre-position itself in IT and OT networks for disruptive or destructive cyberattacks against critical infrastructure. With these courses and labs you'll first get hands-on with the tactics, techniques and procedures used by Volt Typhoon as they carried out reconnaissance of networks and devices, dumped credentials from domain controllers, and covered their tracks by removing indicators of compromise. Next you'll learn the practical skills needed to detect and block these activities, and apply tools to catch the attacks in progress. Finally, you'll gain knowledge to implement controls to reduce the risk of these attacks taking place in your own environment.

Course

Advanced Persistent Threat Brief: Volt Typhoon

  • by Matthew Lloyd Davies
  • 8m
  • Jun 21, 2024
Course

Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation

  • by Matthew Lloyd Davies
  • 6m
  • May 03, 2024
Lab

Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation Lab

  • by Matthew Lloyd Davies
  • 1h 5m
  • Aug 04, 2025
Course

Volt Typhoon: T1059.003 Command and Scripting Interpreter Detection

  • by Michael Teske
  • 10m
  • Jun 07, 2024
Course

Volt Typhoon: T1003.003 Credential Dumping Emulation

  • by Matthew Lloyd Davies
  • 7m
  • May 03, 2024
Lab

Volt Typhoon: T1003.003 Credential Dumping Emulation Lab

  • by Matthew Lloyd Davies
  • 1h 5m
  • Aug 04, 2025
Course

Volt Typhoon: T1003.003 Credential Dumping Detection

  • by Michael Teske
  • 7m
  • Jun 07, 2024
Lab

Volt Typhoon: T1003.003 Credential Dumping Detection Lab

  • by Michael Teske
  • 55m
  • Aug 05, 2025
Lab

Volt Typhoon: T1059.003 Command and Scripting Interpreter Detection Lab

  • by Michael Teske
  • 1h
  • Aug 04, 2025
Course

Volt Typhoon: T1070.003 Indicator Removal Emulation

  • by Matthew Lloyd Davies
  • 7m
  • May 03, 2024
Lab

Volt Typhoon: T1070.003 Indicator Removal Emulation Lab

  • by Matthew Lloyd Davies
  • 1h 5m
  • Aug 05, 2025
Course

Volt Typhoon: T1070.003 Indicator Removal Detection

  • by Michael Teske
  • 8m
  • Jun 07, 2024
Lab

Volt Typhoon: T1070.003 Indicator Removal Detection Lab

  • by Michael Teske
  • 1h
  • Aug 05, 2025
Course

Volt Typhoon: Preventative Control

  • by Michael Teske
  • 12m
  • Jul 25, 2024

Sandworm

Sandworm is a highly sophisticated and persistent Advanced Persistent Threat (APT) group linked to Russian military intelligence (GRU). Active since at least 2009, it has been responsible for several major cyberattacks, particularly targeting Ukraine, NATO members, and other global entities. With these courses and labs you'll first get hands-on with the tactics, techniques and procedures used by Sandworm. Next, you'll learn the practical skills needed to detect and block these activities, and apply tools to catch the attacks in progress. Finally, you'll gain knowledge to implement controls to reduce the risk of these attacks taking place in your own environment.

Course

Advanced Persistent Threat Brief: Sandworm Team

  • by Matthew Lloyd Davies
  • 8m
  • Oct 14, 2024
Course

Sandworm: Web Shell Emulation

  • by Matthew Lloyd Davies
  • 6m
  • Oct 16, 2024
Lab

Sandworm: Web Shell Emulation Lab

  • by Matthew Lloyd Davies
  • 1h 5m
  • Jul 30, 2025
Course

Sandworm: Keylogging Emulation

  • by Matthew Lloyd Davies
  • 5m
  • Nov 18, 2024
Lab

Sandworm: Keylogging Emulation Lab

  • by Matthew Lloyd Davies
  • 30m
  • Jul 30, 2025
Course

Sandworm: C2 over HTTP Emulation

  • by Matthew Lloyd Davies
  • 5m
  • Nov 12, 2024
Lab

Sandworm: C2 over HTTP Emulation Lab

  • by Matthew Lloyd Davies
  • 55m
  • Aug 05, 2025
Course

Sandworm: Web Shell Detection

  • by Michael Teske
  • 7m
  • May 09, 2025
Lab

Sandworm: Web Shell Detection Lab

  • by Michael Teske
  • 45m
  • Jul 30, 2025
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
What You'll Learn
  • APT: Volt Typhoon
  • APT: Sandworm
Prerequisites
  • Understanding fundamental concepts in cybersecurity such as networking, operating systems, cryptography, and common attack vectors is essential, with hands-on-experience with basic security tools.
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Matthew Lloyd Davies
Matthew Lloyd Davies
Matt is a cyber security author and researcher here at Pluralsight. A certified penetration tester and incident handler, he created Pluralsight's CompTIA Pentest+ Specialized Attacks courses as well our courses on wireless, ICS/OT and hardware hacking. Matt has also helped to build our security labs portfolio; labs that help you get hands-on to understand the threats and vulnerabilities your organization faces today. With a background in Chemical Engineering, Matt's focus is on the security ...
Michael Teske
Michael Teske
Michael Teske is a principal security author with Pluralsight helping people build their skills toolkit. Michael has 25+ years of experience in the IT Ops/Cloud/Cybersecurity industry including 17 of those years as an IT instructor at a technical college, focusing on Microsoft server infrastructure, security and automation. Michael attained his MBA with an emphasis in Computer Information System Security several years ago. Michael still keeps up with the industry as an independent consultant in ...

Join our learners and upskill
in leading technologies