Empire Operations: Tactics (APT28)

Empire Operations: Tactics (APT28) is an intermediate-level course focusing on executing APT Tactics, Techniques, and Procedures (TTPs) using Empire. Students will evaluate Fancy Bear’s 2021-2022 campaign, using MSHTML RCE (CVE-2021-40444), OneDrive C2, and C# payloads.

Ask About Upcoming Dates

Emulate Fancy Bear with Empire

Study APT28 tradecraft and reproduce key 2021–2022 campaign techniques using Empire, from MSHTML (CVE-2021-40444) delivery to OneDrive-based C2.

Ask About Upcoming Dates

Course Modules

Hands-on operator workflows to emulate APT28 TTPs in realistic lab environments.

Contact

Intro to Threat Emulation - Fancy Bear

Threat emulation basics, command and control theory, and overview of Fancy Bear and their TTPs.

Contact

Fancy Bear's Attack Infrastructure and Tools

Leveraging OneDrive as a C2, Office vulnerabilities, and segmenting architecture for operational security.

Contact

Exploiting the Target

.NET tradecraft, exploiting Outlook for profit and gain, DLL exploitation, and leveraging unmanaged code for use with .NET.

Business Goals

Ready to Transform Your Business?

Partner with our team of experts to unlock your business’s full potential. Schedule your free consultation and discover how we can help you.

Get A Free Consultation

00 +

^{Years of Experience}

Empire Operations: Tactics (APT28)

Emulate Fancy Bear with Empire

Course Modules

Intro to Threat Emulation - Fancy Bear

Fancy Bear's Attack Infrastructure and Tools

Exploiting the Target

Intro to Threat Emulation - Fancy Bear

Fancy Bear's Attack Infrastructure and Tools

Exploiting the Target

Ready to Transform Your Business?

Resources

Legal