Cyber Warfare: CYBER WARFARE – INTRO

This post is also available in: English

CYBER WARFARE – INTRO

Duration : 40 Hours

The Cyber Warfare Stage A course introduces students of the Information Security domain to the dark and sophisticated world of Cyber Warfare. It’s all about knowledge, technique, initiative and fast reaction acquired from former experience and practice. In that sense, Cyber Defense is different from Information Security, and a Cyber Defense Unit is unlike an Information Security Unit.

The course covers relevant international statutory issues together with technical practices, from intelligence organizations and mobs to advanced approaches of Attack and Defense and modern standards dealing with National Cyber Warfare.

The course will help you build up your knowledge in the fields of defensive strategy, attacking techniques, intelligence, investigations, vulnerabilities assessment, reverse engineering, sensitive organizations and threat intelligence.

Objectives

Providing an elaborate overview on different Cyber Warfare aspects, both attack and defense, including case-studying of most recent and sophisticated attacks that global governments and financial institutions were subjected to.

Pre- requisites

Background in IT as well as software development or intelligence.

Course Outline

Module 1: Introduction to Cyber Warfare

  • National Cyber Security vs. Organizational Cyber Security
  • Basic Concepts and Principles

Module 2: The Cyber Landscape

  • Attackers perspectives:
    • Cyber Threats
    • Identity and Trust
    • Cyber Landscape
  • Defenders perspectives
    • Cyber Landscape
    • The Modern Enterprise
    • Technology Environment Defined
    • The Digital Age – Complexity
  • Cyber Risk Management
    • Risk management definition
    • Asset Mapping & Classification
    • Risk Analysis
    • Risk Mitigation Techniques
    • Strategies for Risk Managers
    • Organizational Risk Distribution
    • Effective & Efficient

Module 3: Cyber Warfare Main Players

  • Hacker groups
  • Power Measurement
  • National Agencies & Armies
  • Global Cyber Militia’s
  • Cyber Crime Groups
  • Cyber Terror Groups
  • Hacktivists & Anarchists
  • Cyber Crime Markets & TOR
  • International Attacks History

Module 4: CSIRT: Computer Security Incident Response Team

  • Services
    • Reactive
    • Proactive Services
  • Artifact Handling
  • CSIRT around the world

Phase 2: Cyber Warfare Defense

Module 1: Defense Strategy and Cyber Operations

  • Cyber Defense Strategy
    • Principles and concepts
    • Functionalities
    • Roles and Responsibilities
    • Cyber Unit structure
  • Managing Cyber Security
    • Management Best Practices
    • Security Metrics, Maturity model

Module 2: Cyber Defense Technologies & Tactics

  • InfoSec Traditional Technologies review
  • Dedicated cyber tools
  • Guards
  • Advanced tools
  • Embedded systems protection

Module 3: Detection & Response

  • Situational Awareness & Cyber SOC
  • Detection methods & Behavior Analysis
  • SIEM systems
  • Forensics Capabilities
  • Incident Response
  • Active Response

Phase 3: Cyber Warfare Offense and Threats in Depth

Module 1: Cyber Weapons Evolution

  • IATF Attack Classes
  • Vulnerabilities world
    • Vulnerability definition
    • Classifying and Prioritizing Software Vulnerabilities
    • CVSS
    • 0-Day Vulnerabilities

Module 2: Advanced Cyber Threats

  • Attack sequence and Targeted Attacks
  • Threat Landscape Cyber Weapon Architecture
  • Targeting and Exploitation Cycle
  • Botnet & Trojans architecture Control and Command
  • Stuxnet
  • Traffic Hijack
  • DNS Attacks
  • DoS/DDoS Attack
  • Advanced Attack Elements
  • Embedded Systems

Phase 4: Cyber Warfare Attack Vectors, Tools & Research

Module 1: Hackers and Terminology

  • Hackers Skills
  • Characteristics of attackers
  • The Attack Sequence

Module 2: Hackers and Terminology

  • Hackers Skills
  • Characteristics of attackers
  • The Attack Sequence

Module 3: Attack Vectors

  • Misconfiguration
  • Kernel Flaws
  • Buffer Overflow
  • Insufficient Input Validation
  • Symbolic Links
  • File Descriptor
  • Race Condition
  • Incorrect File/Directory Permission
  • Social Engineering

Module 4: Attack Tools

  • Public Tools & Exploits
  • Private Tools & Exploits (0 day)
  • Attack Frameworks
  • Attack Distros
  • Information Gathering
  • Information Gathering Tools
  • Vulnerability detection
  • Penetration Tools
  • Privilege Escalation
  • Clean-up & Rootkits

Module 5: Reconnaissance

  • Low technology reconnaissance
  • Gathering relevant target information
  • Domain Name interrogation
  • Network topology and path determination
  • Countermeasures and defenses
  • Services Enumeration
  • Target Mapping
  • Vulnerability detection

Module 6: Penetration/Attacks

  • Network Attacks
  • Eavesdropping
  • Data Modification
  • Identity Spoofing (IP Address Spoofing)
  • Password-Based Attacks
  • Denial-of-Service Attack
  • Man-in-the-Middle Attack
  • Compromised-Key Attack
  • Sniffer Attack
  • MITM Attack
  • Exploitation – Example – Metasploit
  • System Attacks
  • Mobile Attacks & Wireless Attacks
  • Web Attacks
  • SQL Injection

Module 7: Cyber Intelligence

  • Types of Intelligence
  • The Intelligence Cycle
  • OSINT tools review
  • OSINT Examples

Phase 5: Cyber Warfare Attack Presentations

Module 1: CIP & SCADA

  • Critical Infrastructure protection & SCADA
    • The critical infrastructures
    • The history of SCADA Attacks
    • SCADA Architecture and components
    • SCADA Communication
    • SCADA Risks and Exposures
    • SCADA Defense strategies
    • SCADA 3rd party security tools

Module 2: Hardware Security

  • Risks
  • “Chinese technologies”
  • NFC Tags
  • DOK’s
  • Routers
  • Bios
  • Car threats

Module 3: The Dark Path of Files

  • Hidden Content in files
  • Why Antivirus is insufficient?
  • Utilizing features to abuse