Get the offensive skills to thwart the hackers.
This is the third and final course in the Cyber Academy certificate program.
Cybersecurity Attack focuses on key offensive skills. This 15-week program will start students on the path to becoming penetration testers or offensive cyber operations professionals. Through a project-based, learn-by-doing curriculum, students work through eleven tasks online in a private cloud environment with constant help, advice and feedback from knowledgeable mentors and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a government cyber operations agency.
This course includes the following tasks:
- Reverse engineer a suspicious file
Students analyze a suspicious binary file from a laptop confiscated from a cyber crime scene. They learn how to use basic reverse engineering to crack a password-protected binary so they can run the program and gain access to a cybercrime group’s Internet Relay Chat (IRC) channel. They then eavesdrop on online conversations, and start compiling intelligence on the crime group’s actors and connections.
- Reverse Engineer a complex suspicious file
Students now reverse engineer a more complex binary confiscated from a ransomware attacker’s computer. This time, they must crack an encrypted password to gain access to another protected IRC channel, which yields login credentials for the crime group’s FTP server.
- Reverse Engineer a still more complex suspicious file
Students must now reverse engineer a binary and crack a doubly-encrypted password in order to access a file that identifies the website of a small defense contractor that is vulnerable to a local file inclusion exploit and was also infected with malware by the crime group or another actor.
- Investigate hacker group
Students infiltrate a Russian cyber crime network by logging into an eastern European social media site using stolen credentials. They mask themselves as a member of the Russian crime group and gather intelligence about the group members and their connections from the posts on the social media site (which is a facsimile of the Russian “Facebook” site VK.ru filled with authentic posts in Russian). Students also develop a realistic persona which they will use while undercover within the group.
- Exploit a server
The student goes undercover to infiltrate the cyber crime group. The crime group’s leader asks students to execute a remote buffer overflow exploit on a vulnerable server to prove their worth to the crime group they are infiltrating. The student’s government boss permits them to perform this exploit in order to strengthen the relationship with the crime group so they can continue gathering important intel about them. The student’s attack provides the crime group a persistent foothold on the targeted computer.
- Exploit a better-protected computer
The crime group now asks the students to strengthen their last exploit because a recompilation of the server’s code has apparently turned on data execution prevention (DEP). They need to re-implement the exploit using return-oriented programming (ROP) so it works well in the altered environment.
- Improve off-the-shelf malware
The student’s boss explains that “off-the-shelf" Metasploit payloads (which students have been using until now) are typically recognized by most antivirus software. He asks the students to experiment with a variety of ways to obscure such payloads to evade detection.
- Write your own shellcode payload
The Russian hacker group asks the students to design a custom payload for them. Students must deliver working a shellcode that deletes Windows security logs.
- Spearphish a company
The crime group asks the students, working undercover, to gain access into a defense contractor’s network through a spearphishing attack on an HR person’s machine. Posing as a job applicant, students create a fake persona and resume, which is infected with a custom payload, reply to the job posting, infect the HR person’s machine, and gain a persistent foothold in the company’s network.
- Hack a database and exfiltrate data
Working undercover in the crime group and using the persistent foothold gained on an HR person’s machine, students access the company’s personnel database using SQL injection and exfiltrate data (which is scrubbed before passing it on to the crime group).
- Hack a foreign intelligence service
Human intelligence determines that the cyber crime group is connected to a Russian security agency. On behalf of the US government, students spearphish the leader of the crime group, use a keylogger to obtain his login credentials, and then surreptitiously log into his computer. Using access provided by the crime boss’s computer, they then gain a foothold on a Russian intelligence officer’s machine. Students exploit a vulnerability in a Python framework to gain access to a C2 database of classified information from which they exfiltrate a key document.
Students who aspire to professional careers in defensive cybersecurity.
Students will learn to:
- Reverse engineer unknown binary (executable) files using static and dynamic analysis
- Conduct open source intelligence
- Exploit server and application software using buffer overflow exploits and return-oriented programming
- Exploit database systems using SQL injection
- Develop custom shellcode exploits
- Evade antivirus software
- Spearphish a trusting victim
- Plan and conduct a complex cyber attack
- Pivot through a network
- Exfiltrate data
Successful completion of the Cybersecurity Defense course.
Students must be US citizens or green card holders to be eligible to enroll in this course.
This certificate is offered in collaboration with Socratic Arts.