LoginRecent APT activity has shown how rapidly exploits such as ToolShell and ProxyShell can be weaponised against Microsoft IIS servers hosting Exchange, SharePoint and other ASP.NET applications. State-sponsored groups commonly target public-facing IIS services to gain initial access and then deploy complex IIS frameworks, fileless web shells and malicious .NET assemblies for post-exploitation. Public reporting on these techniques has declined, leaving many analysts without current, practical experience analysing these compromises. This hands-on course combines development and forensic analysis. Students build a series of web shells, starting with a browser-driven subprocess shell and progressing to a modular IIS framework and controller modelled on real-world APT compromises. Each web shell is used to perform controlled attacks in a lab environment, then students acquire and analyse the resulting artifacts. By the end of the course, students will understand common IIS and ASP.NET attack vectors, exploitation paths and persistence mechanisms, and will be able to acquire and analyse memory, file system and registry artifacts produced by fileless and multi-file IIS tradecraft.
Check back later or contact us.
