Mainstream media coverage of hacker groups and their exploits has left the public thinking that all of cyber security is black magic. While many attacks involve some advanced networking and coding techniques, the majority of compromises are carried out by much less sophisticated attackers. Many of these individuals have learned the process of compromising servers and networks in the same way that all of us have learned technology; by researching online. The days of creating and compiling your own exploit code are long since passed. Most attackers are using "point and pwn" utilities like Armitage, Cain & Able, Metasploit and the Social Engineers Toolkit (SET) to cause havoc for organizations worldwide.
We believe that to emulate the various cyber threat vectors, it is critical to understand what most attacks have in common - their methodology. Bringing together decades of experience in government, military, commercial and academic cyber security training and consulting, our instructors have developed and implemented multiple threat emulation methodologies. While methodologies change over time to account for new technologies and techniques, the concepts involved remain constant. This course teaches a flexible methodology for use in emulating external and internal network intrusion threat vectors in a heavily hands-on lab environment.
Impact and Relevance of Today's Cyber Attacks.
Reconnaissance Techniques Used by Most Intruders.
Network, Host and Service Discovery Methods.
Processes Employed to Enumerate System and User Information.
How System Vulnerabilities are Identified.
Multiple Tactics Used to Penetrate Systems.
Various Techniques to Escalate System Privileges.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.