Post-Exploitation and Persistence Tactics
RCCE students will learn maintaining access and pivoting after initial compromise. RCCE students will learn to apply industry-standard tools and techniques to identify weaknesses and verify security controls. The course covers practical scenarios ranging from initial setup to final reporting. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Post-Exploitation and Persistence Tactics
- Execute hands-on tasks for persistence tactics
- Explain Course Overview fundamentals
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for course structure — covering Concept explanation with demos.
- Execute hands-on tasks for access to rcce lab environment
- Execute hands-on tasks for mitre att&ck alignment — covering TA0003 Persistence | TA0004 Privilege Escalation | TA0005 Defense Evasion | TA0006 Credential Access | TA0008 Lateral.
- Execute hands-on tasks for post-exploitation methodology
- Execute hands-on tasks for 1. situational awareness — covering Enumerate host, users,, Identify security controls.
- Execute hands-on tasks for 2. privilege escalation — covering Exploit misconfigs or vulns, Achieve SYSTEM / root.
- Execute hands-on tasks for 3. credential harvesting — covering Dump hashes and tokens, Capture cleartext.
- Execute hands-on tasks for 5. lateral movement — covering Pivot to new hosts, Expand domain access.
- Execute hands-on tasks for 6. data exfiltration — covering Stage and extract data, Cover tracks and logs.
| Module 01 | Persistence Tactics |
| Module 02 | Course Overview |
| Module 03 | Learning Objectives |
| Module 04 | Course Structure |
| Module 05 | Access to RCCE lab environment |
| Module 06 | MITRE ATT&CK Alignment |
| Module 07 | Post-Exploitation Methodology |
| Module 08 | 1. Situational Awareness |
| Module 09 | 2. Privilege Escalation |
| Module 10 | 3. Credential Harvesting |
| Module 11 | 5. Lateral Movement |
| Module 12 | 6. Data Exfiltration |
| Module 13 | Situational Awareness After Compromise |
| Module 14 | Host Enumeration |
All hands-on labs run on Rocheston Rose X OS. Students practice post-exploitation and persistence tactics by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for persistence tactics
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for course structure
- Lab 5: Execute hands-on tasks for access to rcce lab environment
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Post-Exploitation and Persistence Tactics, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI