Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Pluralsight

Volt Typhoon: T1070.003 Indicator Removal Emulation

via Pluralsight

Overview

Explore how and why Volt Typhoon removed or modified files left behind by the actions of their intrusion activity in critical infrastructure networks.

Non-native files such as tools and malware used during an attack may leave traces to indicate what was done by an adversary and how they did it. A common technique used by adversaries to hide their tracks is to remove these files either during an intrusion, or as part of post-intrusion activities. In this course, Volt Typhoon: T1070.003 Indicator Removal Emulation, explore how the Volt Typhoon threat group used this technique to minimize their footprint on systems and remain undetected in critical infrastructure for over 5 years.

Syllabus

  • Volt Typhoon: T1070.003 Indicator Removal Emulation 7mins

Taught by

Matthew Lloyd Davies

Reviews

Start your review of Volt Typhoon: T1070.003 Indicator Removal Emulation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.