Overview

This course explores methods to discover adversarial presence on a network and defend against adversarial TTPs (tactics, techniques, and procedures). Topics include, but are not limited to: the cyber kill chain, techniques the adversary uses to remain hidden within a compromised network, adversarial command and control, malware triage, mitigation of malware and eviction of an adversary from an operational network. Labs assignments will reinforce material taught in class.

Prerequisites

• CY3000
• CS3690
• Or consent by instructor

Learning Outcomes

Upon completion of this course, the student will be able to:

• Explain the stages of the cyber kill chain, including reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives, and apply them to the defense of network systems.
• Describe cyber reconnaissance techniques, such as foot printing, scanning, and enumeration, understanding common adversarial tactics, techniques, and tools (TTPs) to identify potential threats.
• Understand the fundamentals of network design concepts, including firewalls, DMZs, network segmentation, Host-based Intrusion Detection Systems (HIDS), Network-based Intrusion Detection Systems (NIDS), and Security Information and Event Management (SIEM) systems, to enhance the network security posture.
• Demonstrate proficiency in network hardening practices to mitigate vulnerabilities and strengthen defenses against cyber-attacks.
• Identify and analyze malware persistence methods, command and control mechanisms, and employ appropriate countermeasures to mitigate their impact on network systems.
• Conduct malware analysis and triage to identify and assess potential threats within the network environment.
• Utilize intrusion detection tools effectively to detect and respond to cyber threats in real-time.
• Employ techniques for locating adversaries within the network, including analyzing network traffic and identifying anomalous behavior.
• Implement strategies for the eviction of adversaries from the network, utilizing techniques such as beaconing detection and command and control mitigation.
• Describe and perform post-incident analysis and assessment of cyber-attacks, including evaluating the effectiveness of defensive measures and identifying areas for improvement in network security.
• Apply principles of remote live forensics for incident response, utilizing tools such as Sysinternals to investigate and mitigate cyber incidents effectively.
• Participate in practical exercises focused on hunting for adversaries within the network environment and implementing effective eviction strategies.