Contents
Catalog Links
Share

EO3765 Bits to Bullets Offensive Cyber Operations

This course establishes a foundation for advanced study in cyber operations pertinent to DoD and DoN missions. An extensive introduction of principles associated with computer engineering is provided, beginning with computer architecture, CPU interaction with memory and peripherals, and Linux operating system design. An introductory discussion of C language compilation, binary process loading and execution, and x86/64 assembly language is provided to include static and dynamic disassembly. Most of the course focuses on network traffic analysis and offensive cyber operations to include traffic collection and analysis; network reconnaissance, exploitation, exfiltration and lateral movement; and APT cyber tactics and techniques. The course will also address tools commonly used in offensive cyber capability development (e.g., Ghidra, gdb, Metasploit, Wireshark). PREREQUISITES: EO2701 or EC2700 or consent of instructor.

Cross Listed Courses

None

Prerequisite

EO2701 or EC2700 or consent of instructor

Corequisite

None

Lecture Hours

3

Lab Hours

2

Course Learning Outcomes

    • Describe the abstract model of a CPU known as the file clerk mode and how a CPU is able to function using instructions and memory movement.
    • Describe and draw the architecture of a CPU and how it interfaces with storage devices and peripherals in order to execute machine instructions.
    • Explain how the Linux Operation system implements different processes to effectively and saftely operate within the CPU architecture.
    • Explain the C compilation process and how the different steps affect the resulting machine code.
    • Explain how a x86/64 ELF binary is loaded into memory, dynamically linked to libraries, and finally executed, beginning with the first instruction within main.
    • Recognize x86/64 assembly instructions and explain how they map to C code constructs.
    • Develop understanding and use Ghidra to statically disassemble x86/64 ELFs and identify important functions, strings, and instructions.
    • Learn processes and use gdb to dynamically disassemble x86/64 ELFs and identify function calls, stack and heap operations, and follow variables as they move through different memory locations.
    • Explain how an x86/64 CPU running the linux operating system communicates over a TCP/IP network using socket calls.
    • Understand and demonstrate how to use Wireshark to capture and filter network traffic and recover encoded key informational elements.
    • Explain the structure and process of communication for common protocols used on the internet and explain and demonstrate how Wireshark can effectively collect and filter those protocols.
    • Using captured and analyzed traffic, describe how network collection locations affect the packets captured and the contents within those packets.
    • Explain and demonstrate how to passively and actively conduct foot printing and reconnaissance on an unknown network of interest.
    • Describe and compare the risks and rewards of network scanning and enumeration and how various techniques could increase or decrease the outcome.
    • Explain the SSH tunnelling technique and how it benefits covert infrastructure concealment.
    • Demonstrate the tactics, techniques, and procedures of exploitation, exfiltration, and lateral movement through the use of Metasploit.
    • Explain how command and control of implants are implemented.
    • Synthesizing the prior objectives, describe how APTs both mirror and diverge from the tactics, techniques, and procedures learned using Metasploit.