Level: Foundation

Cyber Vanguard Series- Cyber Storm Assault Tactics

5 Day | Instructor Led

All actions in war, regardless of the level, are based upon either taking the initiative or reacting in response to the opponent. By taking the initiative, we dictate the terms of the conflict and force the enemy to meet us on our terms. The initiative allows us to pursue some positive aim even if only to preempt an enemy initiative. It is through the initiative that we seek to impose our will on the enemy.

Inquire About:
Cyber Vanguard Series- Cyber Storm Assault Tactics

Ideal Candidates for Cyber Vanguard Series- Cyber Storm Assault Tactics Class

CyberSAT is intended for those who are team leads for HUNT, Protection, or Incident Response Teams.General Intrusion Detection Analysts, System Administrators, and Security Architects can benefit from this course in learning how to design, build, and operate the enterprise network, in order to counteract, expose, and respond to attacks.

Cyber Vanguard Series- Cyber Storm Assault Tactics Prerequisites

Systems administration experience, familiarization with TCP/IP, and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ Prep Course.

What You'll Get in Cyber Vanguard Series- Cyber Storm Assault Tactics

What You'll Learn in Cyber Vanguard Series- Cyber Storm Assault Tactics

• How best to prepare for an eventual breach
• The step-by-step approach used by many computer attackers
• Proactive and reactive defenses for each stage of a computer attack
• How to identify active attacks and compromises
• The latest computer attack vectors and how you can stop them
• How to properly contain attacks
• How to ensure that attackers do not return
• How to recover from computer attacks and restore systems for business
• How to understand and use hacking tools and techniques
• Strategies and tools for detecting each type of attack
• Attacks and defenses for Windows, Unix, switches, routers, and other systems
• Application-level vulnerabilities, attacks, and defenses
• How to develop an incident handling process and prepare a team for battle
• Legal issues in incident handling

Cyber Vanguard Series- Cyber Storm Assault Tactics Certification


Cyber Vanguard Series- Cyber Storm Assault Tactics Outline


  • What does your network reveal?
  • Are you leaking too much information?
  • Using Whois lookups, ARIN, RIPE and APNIC
  • Domain Name System harvesting
  • Data gathering from job postings, websites, and government databases
  • Recon-ng
  • Pushpin
  • Identifying publicly compromised accounts
  • Maltego
  • FOCA for metadata analysis
  • Locating and attacking unsecure wireless LANs
  • War dialing with War-VOX for renegade modems and unsecure phones
  • Port scanning: Traditional, stealth, and blind scanning
  • Active and passive Operating System fingerprinting
  • Determining firewall filtering rules
  • Vulnerability scanning using Nessus and other tools
  • CGI scanning with Nikto
Intrusion Detection System (IDS) Evasion
  • Foiling IDS at the network level: Fragmentation and other tricks
  • Foiling IDS at the application level: Exploiting the rich syntax of computer languages
  • Using Fragroute and Web Attack IDS evasion tactics
  • Bypassing IDS/IPS with TCP obfuscation techniques


Network-Level Attacks
  • Session hijacking: From Telnet to SSL and SSH
  • Monkey-in-the-middle attacks
  • Passive sniffing
Gathering and Parsing Packets
  • Active sniffing: ARP cache poisoning and DNS injection
  • DNS cache poisoning: Redirecting traffic on the Internet
  • Using and abusing Netcat, including backdoors and nasty relays
  • IP address spoofing variations
Operating System and Application-level Attacks
  • Buffer overflows in-depth
  • The Metasploit exploitation framework
  • Format string attacks
Netcat: The Attacker's Best Friend
  • Transferring files, creating backdoors, and shoveling shell
  • Netcat relays to obscure the source of an attack
  • Replay attacks


Password Cracking
  • Analysis of worm trends
  • Password cracking with John the Ripper
  • Rainbow Tables
  • Password spraying
Web Application Attacks
  • Account harvesting
  • SQL Injection: Manipulating back-end databases
  • Session Cloning: Grabbing other users' web sessions
  • Cross-Site Scripting
Denial-of-Service Attacks
  • Distributed Denial of Service: Pulsing zombies and reflected attacks
  • Local Denial of Service


Maintaining Access
  • Backdoors: Using Poison Ivy, VNC, Ghost RAT, and other popular beasts
  • Trojan horse backdoors: A nasty combo
  • Rootkits: Substituting binary executables with nasty variations
  • Kernel-level Rootkits: Attacking the heart of the Operating System (Rooty, Avatar, and Alureon)
Covering the Tracks
  • File and directory camouflage and hiding
  • Log file editing on Windows and Unix
  • Accounting entry editing: UTMP, WTMP, shell histories, etc.
  • Covert channels over HTTP, ICMP, TCP, and other protocols
  • Sniffing backdoors and how they can really mess up your investigations unless you are
  • aware of them
  • Steganography: Hiding data in images, music, binaries, or any other file type
  • Memory analysis of an attack
Putting It All Together
  • Specific scenarios showing how attackers use a variety of tools together
  • Analyzing scenarios based on real-world attacks
  • Learning from the mistakes of other organizations
  • Where to go for the latest attack info and trends
  • Building an incident response kit
  • Identifying your core incident response team
  • Instrumentation of the site and system
  • Signs of an incident
  • First steps
  • Chain of custody
  • Detecting and reacting to Insider Threats
  • Documentation strategies: video and audio
  • Containment and quarantine
  • Pull the network cable, switch and site
  • Identifying and isolating the trust model
  • Evaluating whether a backup is compromised
  • Total rebuild of the Operating System
  • Moving to a new architecture
  • Who makes the determination to return to production?
  • Monitoring to system
  • Expect an increase in attacks
Special Actions for Responding to Different Types of Incidents
  • Espionage
  • Inappropriate use
Incident Record-keeping
  • Pre-built forms
  • Legal acceptability
Incident Follow-up
  • Lessons learned meeting
  • Changes in process for the future


Hands-on Analysis
  • Target dossier creation
  • Nmap port scanner
  • Nessus vulnerability scanner
  • Network mapping
  • Netcat: File transfer, backdoors, and relays
  • More Metasploit
  • Exploitation using built in OS commands
  • Privilege escalation
  • Advanced pivoting techniques


A. Erlich


I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin


The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.

Top Related Courses

The BEC XXE exercise is a customized, six-hour, Cyber Range exercise hosted on ManTech’s Advanced Cyber Range Environment (ACRE). Lead by expert cyber security engineers, the exercise can be executed in a classroom and remotely. In this exercise, BEC-based attacks are simulated. Participants will be introduced to variations of the BEC attack (both external and internal) and will capture, preserve and recover network and host-based artifacts from the attacks. They will also determine the origin of the attacks, the extent of the compromise, and any on-going activity related to it. Discussion focuses on blue team threat hunter tasks. This exercise uses a hands-on keyboard approach to create realistic technical training and management interaction opportunities where participants respond to and report events as identified. Participants are engaged via an Incident Response "Observe/Engage" Model and are encouraged to view the attack as if it were happening to their institutions in real time. Participants are asked to share what they have done or would do based on the facts provided.

Cyber Vanguard Series - Cyber Strike takes the offensive and defensive assault tactics and applies them in several different real world scenarios. The entire course is hands on and builds upon the skills and knowledge the students have previously received. Applications include Offensive only - Hunt Teaming, Data Harvesting, and Asset Extraction, Defensive Only – Defending Your Assets, Setting Active Intrusion Systems, Vulnerability Assessment and Remediation, and Offensive and Defensive – Capture the Flag, where teams are pitted against each other to protect their own resources while attacking the opposing team.

This two-day instructor-led course provides an introduction to using Mandiant for Intelligent Response (MIR) as an incident response tool. Labs take students through a breach, teaching how to perform sweep hit analysis, build live response scripts, basic unknown binary analysis, and basic Indicator of Compromise (IOC) creation.

© 2019 Ultimate Knowledge Insitute | All Rights Reserved
GSA# GS-35F-0469W