COURSE 3: CYBERSECURITY
The Cyber Academy: Attack focuses on key offensive skills. This 15 week program, requiring 25 hours of work per week, will start students on the path to becoming penetration testers or offensive cyber operations professionals. Development of the program was funded, in part, by the United States Department of Defense, and the curriculum was designed in conjunction with DoD and industry experts.
In the project-based, learn-by-doing curriculum of The Cyber Academy: Attack, students work through eleven tasks online in a private cloud environment with constant help, advice, and feedback from knowledgeable mentors and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a government cyber operations agency.
WHO SHOULD ENROLL
Students who have successfully completed the Cyber Academy: Defense and who want to learn more about the “attack side” of cyber security and cyber operations.
Registration in this course is currently only available to US citizens and green card holders.
In this 15-week COURSE you will:
Students analyze a suspicious binary file from a laptop confiscated from a cyber-crime scene. They learn how to use basic reverse engineering to crack a password-protected binary so they can run the program and gain access to a cybercrime group’s Internet Relay Chat (IRC) channel. They then eavesdrop on online conversations, and start compiling intelligence on the crime group’s actors and connections.
Students now reverse engineer a more complex binary confiscated from a ransomware attacker’s computer. This time, they must crack an encrypted password to gain access to another protected IRC channel, which yields login credentials for the crime group’s FTP server.
Students must now reverse engineer a binary and crack a doubly-encrypted password in order to access a file that identifies the website of a small defense contractor that is vulnerable to a local file inclusion exploit and was also infected with malware by the crime group or another actor.
Students infiltrate a Russian cyber crime network by logging into an eastern European social media site using stolen credentials. They mask themselves as a member of the Russian crime group and gather intelligence about the group members and their connections from the posts on the social media site (which is a facsimile of the Russian “Facebook” site VK.ru filled with authentic posts in Russian). Students also develop a realistic persona which they will use while undercover within the group.
The student goes undercover to infiltrate the cyber crime group. The crime group’s leader asks students to execute a remote buffer overflow exploit on a vulnerable server to prove their worth to the crime group they are infiltrating. The student’s government boss permits them to perform this exploit in order to strengthen the relationship with the crime group so they can continue gathering important intel about them. The student’s attack provides the crime group a persistent foothold on the targeted computer.
The crime group now asks the students to strengthen their last exploit because a recompilation of the server’s code has apparently turned on data execution prevention (DEP). They need to re-implement the exploit using return-oriented programming (ROP) so it works well in the altered environment.
The student’s boss explains that “off-the-shelf “Metasploit payloads (which students have been using until now) are typically recognized by most antivirus software. He asks the students to experiment with a variety of ways to obscure such payloads to evade detection.
The Russian hacker group asks the students to design a custom payload for them. Students must deliver working shellcode that deletes Windows security logs.
The crime group asks the students, working undercover, to gain access into a defense contractor’s network through a spearphishing attack on an HR person’s machine. Posing as a job applicant, students create a fake persona and resume, which is infected with a custom payload, reply to the job posting, infect the HR person’s machine, and gain a persistent foothold in the company’s network.
Working undercover in the crime group and using the persistent foothold gained on an HR person’s machine, students access the company’s personnel database using SQL injection and exfiltrate data (which is scrubbed before passing it on to the crime group).
Human intelligence determines that the cyber crime group is connected to a Russian security agency. On behalf of the US government, students spearphish the leader of the crime group, use a keylogger to obtain his login credentials, and then surreptitiously log into his computer. Using access provided by the crime boss’s computer, they then gain a foothold on a Russian intelligence officer’s machine. Students exploit a vulnerability in a Python framework to gain access to a C2 database of classified information from which they exfiltrate a key document.
ATTEND AN ONLINE INFO SESSION
AUGUST 13, 2019 12-1PM CST
Students will learn to:
- Reverse engineer unknown binary (executable) files using static and dynamic analysis
- Conduct open source intelligence
- Exploit server and application software using buffer overflow exploits and return-oriented programming
- Exploit database systems using SQL injection
- Develop custom shellcode exploits
- Evade antivirus software
- Spearphish a trusting victim
- Plan and conduct a complex cyber attack
- Pivot through a network
- Exfiltrate data
In addition to the task-based curriculum, an implicit curriculum runs throughout the program via which students will learn and practice the cognitive skills essential for success in all areas of information security.
- Understanding complex, novel problems
- Effectively researching solutions
- Designing and testing solutions
- Self-directed learning