Duration: 3 Days
In this hands-on course, you will gain a better understanding of cyber operations (CO) for the deployment of computer network attack (CNA), computer network defense (CND), and computer network exploitation (CNE), against an adversary to achieve objectives and cause effects in support of a mission set.
This course, founded on concept operations and real cyber capabilities, provides you with the understanding, tools, and processes needed to conduct malware analysis with real-world malicious code samples to dissect. You will prepare and plan an effective offensive and defensive strategy, as well as evaluate covert protocols. Analysis of system specific, non-descript tools will be introduced to aid in attack and defense.
This course is one of the course requirements for the Defensive Cyberspace Operations Engineer (CSFI-DCOE) certification exam.
Certification: Defensive Cyberspace Operations Engineer (CSFI-DCOE)
Note: This course requires you to bring your own laptop preloaded with VMware Workstation 9 or 10.
What You Will Learn
- Classes of malware
- System monitoring
- Malware analysis tools
- Socio-technological engineering
- Forensics and counter-forensics
- Analysis of kernel level rootkits
- Network evasion techniques and countermeasures
Audience
Anyone interested in the field of cyber warfare/cyber operations and/or looking to expand a cybersecurity career, including cyber commanders, information operations officers, information security/assurance professionals, cybersecurity consultants, cyber strategists, military members (J2, J3, J6, J9 types), SOC/NOC security analysts, network security engineers, penetration testers, auditors, government officials, and security engineers.
Prerequistes
Required:
Course Outline
1. Malware Analysis for Cyber Operations
- Trends in malicious code growth
- Classes of malware
- Attack vectors
- Surface analysis of malware
- Run-time analysis of malware
- System monitoring
- Debuggers
- Static reverse engineering of malware
- Disassemblers
- Malware analysis tools (obfuscation methods used by malware authors)
- Malware mutation and development (US, Five Eyes, and NATO nations only)
2. Defensive Cyber Operations
- Attack canvas
- Preparing and planning an effective strategy offensively and defensively
- Passive, active, and covert reconnaissance and counter-reconnaissance
- Analysis of tactical, physical, and cyber locations
- Socio-technological engineering
- High-value cyber targeting
- Exploitation frameworks and tools
- Disinformation on the cyber battleground
- Forensics and counter-forensics on the cyber landscape
- Analysis of systems specific, non-descript tools to aid in attack and defense
- Attacks and defense against high level routing protocols
- Malware analysis, reverse engineering, and re-assembling
- Evaluation of covert protocols: tunneling, steganography, packet rate limiting, streams
- Offensive and defensive analysis and execution of system level attacks against Windows
- Offensive and defensive analysis and execution of Windows based rootkits
- Analysis of kernel level rootkits in BSD, Linux, Windows, and Solaris
- Unix Security
- Unix based systems for offense and defense
- Buffer, stack, and heap overflows
- Analysis of bypassing security measures (DEP, ASLR, and Bastille)
- Usage of the Metasploit framework
- Shell-coding and an overview of obfuscation
- Automating an offensive and defensive environment
- Fault injections for offensive purposes
- Wireless attack vectors and defenses
- Network analysis
- Network evasion techniques and countermeasures
- VoIP security exploitation and defense
- Evaluating web technologies attacks, trends, and countermeasures
- Automating web attacks for a perfect web
Course Labs
You will have access to virtual labs during class for hands-on training.
