There are times for relaxation and there are times for new Cyberbit content! 

It’s the end of the month and we are back with fresh content on the Cyberbit platform to cover any and all experience gaps because, well, that’s what we do.  

Did you think your security team could relax their experience and skill-sharpening regimen? Think again!  

Let’s dive into this month’s content release. 

Expanding the Rough RDP (APT29) LFE with Microsoft Defender 

In the May OUT NOW release, we announced the Rough RDP (APT29) LFE featuring CrowdStrike. This month, we’re expanding this great LFE for environments with Microsoft Defender.  

APT29, a.k.a. Earth Koshchei, made headlines late last year after a massive phishing campaign targeting governments, militaries, think tanks, and more.  

This LFE is based on this real-world threat, and simulates a stealthy, multi-stage attack that begins with a classic phishing lure and escalates into a sophisticated DLL hijacking campaign. 

Your team will be challenged to follow a forensic trail across endpoint logs and RDP session traces. They’ll need to piece together user behavior, attacker persistence mechanisms, and a propagation method that exploits legitimate tools, all while navigating the nuances of DLL search order attacks and PowerShell-based enumeration. 

Time for your team to gain experience countering one of the most dangerous APTs, before the real threat actually knocks on your door!

ECIH preparation course 

EC-Council Incident Handler (ECIH) is one of the most widely recognized incident response certifications in the industry, trusted by organizations globally. 

Whether your team is looking to level up their cybersecurity skills or become certified incident response experts, the ECIH preparation course is designed to equip trainees with the knowledge and hands-on techniques needed to detect, respond to, and recover from cyber threats.  

Moving beyond pure theory, this course takes trainees deep into real-world scenarios, covering malware, insider threats, data breaches, and more, using actual hands-on labs alongside ECIH curriculum-based learning material. 

Campaign of the month: RTCore driver exploitation 

We’ve got something special for you this month! 

In this spotlight, we feature a purple campaign breaking down the real technique of driver exploitation used in this month’s Rough RDP (APT29) LFE, researched and exploited by our malware researchers.  

A critical vulnerability in MSI’s RTCore driver, used by the popular Afterburner utility, has become a stealthy weapon in the hands of attackers. When abused, this trusted, signed driver can grant SYSTEM-level privileges and allow malicious code to be executed directly in kernel space. 

Learn how threat actors leverage RTCore in Bring Your Own Vulnerable Driver (BYOVD) attacks to bypass security tools, impersonate SYSTEM, and deploy payloads without tripping standard defenses. 

Access this month’s free spotlight here. 

Book your next Live-Fire Exercise now!  

Every second you waste means less real-world experience for your team!  

Ok, ok I may be exaggerating a bit, but that does not mean that you have any reason to postpone booking the next Live-Fire Exercise for your team. Your security posture is as solid as your team’s real-world experience and skills. 

Let’s go!