Defensive Cyberspace Operations

Course #CY4700

Est.imated Completion Time: 3 months


This course explores methods to discover adversarial presence on a network and defend against adversarial TTPs (tactics, techniques, and procedures). Topics include, but are not limited to: the cyber kill chain, techniques the adversary uses to remain hidden within a compromised network, adversarial command and control, malware triage, mitigation of malware and eviction of an adversary from an operational network. Labs assignments will reinforce material taught in class.

Included in degrees & certificates

  • 225


  • CY3000
  • CS3690

Learning Outcomes

Upon completion of this course, the student will be able to:
  • Explain the stages of the cyber kill chain, including reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives, and apply them to the defense of network systems.
  • Describe cyber reconnaissance techniques, such as foot printing, scanning, and enumeration, understanding common adversarial tactics, techniques, and tools (TTPs) to identify potential threats.
  • Understand the fundamentals of network design concepts, including firewalls, DMZs, network segmentation, Host-based Intrusion Detection Systems (HIDS), Network-based Intrusion Detection Systems (NIDS), and Security Information and Event Management (SIEM) systems, to enhance the network security posture.
  • Demonstrate proficiency in network hardening practices to mitigate vulnerabilities and strengthen defenses against cyber-attacks.
  • Identify and analyze malware persistence methods, command and control mechanisms, and employ appropriate countermeasures to mitigate their impact on network systems.
  • Conduct malware analysis and triage to identify and assess potential threats within the network environment.
  • Utilize intrusion detection tools effectively to detect and respond to cyber threats in real-time.
  • Employ techniques for locating adversaries within the network, including analyzing network traffic and identifying anomalous behavior.
  • Implement strategies for the eviction of adversaries from the network, utilizing techniques such as beaconing detection and command and control mitigation.
  • Describe and perform post-incident analysis and assessment of cyber-attacks, including evaluating the effectiveness of defensive measures and identifying areas for improvement in network security.
  • Apply principles of remote live forensics for incident response, utilizing tools such as Sysinternals to investigate and mitigate cyber incidents effectively.
  • Participate in practical exercises focused on hunting for adversaries within the network environment and implementing effective eviction strategies.
Offerings database access
Asset Publisher

Application Deadlines

  •  08 Jul 2024

    Fall Quarter applications due

Asset Publisher

Academic Calendar

No upcoming events.