Course Description
Unlock the elite realm of cyber operations with the Boston Cybernetics Institute's "Unix Access" course, meticulously crafted for advanced professionals in the cybersecurity field. Over the course of 45 intensive days, you'll immerse yourself in the critical disciplines of Shellcoding, Reverse Engineering, Exploitation, and Exploit Mitigations. Our course is tailored to resonate with both private sector cyber professionals and US military personnel, ensuring relevance and applicability in diverse operational landscapes.
"Unix Access" transcends traditional pedagogy, leveraging real-world scenarios that underscore the necessity of operating effectively in hostile environments. Our hands-on approach is cultivated through decades of DoD research expertise, ensuring you're not just learning, but applying knowledge to overcome genuine cybersecurity challenges. The course emphasizes operational effectiveness, allowing you to tailor your skills to meet specific mission criteria—from data exfiltration to asserting overt effects on designated targets.
Our rigorous training regimen is built upon the foundation of survivability, evaluating each solution's endurance against adversarial scrutiny. This philosophy is woven into the course's very fabric, fostering a mindset of resilient development and strategic foresight.
With BCI's "Unix Access," you're not just advancing your skillset; you're preparing to outmaneuver sophisticated threats. You'll leave equipped with a comprehensive Jupyter Notebook—your personalized reference manual—ensuring continuous growth and preparedness for any cyber battlefield, whether in corporate security or national defense.
Seize the opportunity to be among the select few who can navigate the complexities of Unix systems with unmatched expertise. Join us and cement your position at the forefront of cybersecurity innovation.
Curriculum Overview: Detailed Course Breakdown
Shellcoding
In the realm of Unix systems, shellcoding is a critical skill for any Senior CNO Developer. Our intensive exploration of shellcoding will arm you with the ability to write concise, stealthy, and powerful code that interacts directly with the operating system's kernel. This segment of the course will immerse you in the intricacies of creating custom shellcode for various Unix environments. You will:
Master the development of assembly-level shellcode, fine-tuning your ability to manipulate system calls and craft code that operates under the constraints of minimal footprint and maximum evasion.
Engage in sophisticated exercises designed to challenge your skills in crafting shellcode that circumvents modern defensive measures, such as non-executable stacks and address space layout randomization (ASLR).
Learn to encode and encrypt shellcode to sidestep signature-based detection, exploring the use of polymorphic and metamorphic techniques that leave static analysis tools confounded.
Explore dynamic payload generation and memory management strategies to deploy shellcode in restrictive or highly monitored environments, ensuring successful execution without triggering security alarms.
This comprehensive module is not just about writing code; it's about developing a deep understanding of how Unix-based systems operate at the lowest levels and leveraging this knowledge to create software that can persist, undetected, and effectively perform in hostile domains.
Reverse Engineering
Reverse engineering stands as one of the most valuable skills in the cybersecurity toolkit, allowing professionals to peel back the layers of software to understand its composition and behavior. In this course, you will:
Dive into the systematic process of deconstructing compiled Unix binaries, gaining insight into how applications function without access to the source code.
Utilize state-of-the-art tools and techniques to translate machine code back to human-readable assembly, picking apart complex software piece by piece to identify underlying structures and algorithms.
Develop strategies for uncovering hidden vulnerabilities and backdoors within legitimate code, using this knowledge to reinforce the security of your own systems or to understand potential attack vectors in others'.
Study various obfuscation techniques used to protect software and learn methods to unravel them, thereby enhancing your capacity to analyze and understand protected binaries.
Through real-world scenarios and case studies, you will not only learn the theoretical aspects of reverse engineering but also its practical applications in both offensive and defensive cybersecurity operations.
Exploitation
Exploitation is the practical application of discovered vulnerabilities. This course will guide you through the advanced techniques and methodologies necessary to exploit weaknesses in Unix systems. You will:
Understand the principles of developing and deploying exploits against known vulnerabilities, focusing on the intricacies of Unix-based environments.
Learn to write and implement custom exploits that leverage buffer overflows, format string vulnerabilities, race conditions, and other common weaknesses.
Develop a keen sense for identifying exploitation opportunities in seemingly secure systems and applications, sharpening your instinct for offensive cybersecurity.
Explore the ethical and legal implications of exploitation within a controlled environment, ensuring a comprehensive understanding of the responsibilities that come with this knowledge.
This segment emphasizes hands-on experience, situating you in scenarios that mimic real-world security challenges, pushing you to apply your skills against systems equipped with various defensive measures.
Exploit Mitigations
A robust cybersecurity defense is not complete without a thorough understanding of exploit mitigations. In this section, you will:
Examine the latest exploit mitigation technologies and techniques, understanding how they are implemented in Unix systems to protect against a wide range of attacks.
Delve into the complexities of stack canaries, DEP, ASLR, and other mitigation strategies, learning how they function to thwart exploitation attempts.
Study the limitations and weaknesses of these mitigations, learning how they can be bypassed or leveraged to strengthen your own security posture.
Engage in exercises that not only teach you how to implement these mitigations but also how to test and evaluate their effectiveness in live environments.
By understanding both sides of the coin—exploitation and mitigation—you will emerge from this course as a well-rounded cybersecurity professional, capable of developing, assessing, and reinforcing secure systems.
Who Should Take This Course?
This comprehensive course is designed for individuals who are passionate about the field of cybersecurity and possess a foundational understanding of programming and Unix systems. It is particularly well-suited for:
Security Professionals: Individuals who are currently in the field of cybersecurity and looking to deepen their technical expertise in offensive and defensive techniques.
Software Developers: Programmers who wish to understand the security implications of their code and learn methods to safeguard against exploitation.
System Administrators: Those responsible for maintaining Unix systems who need to understand how vulnerabilities are exploited and how to implement effective mitigations.
IT Analysts: Professionals involved in vulnerability assessment and penetration testing who require advanced skills in reverse engineering and exploitation to identify and rectify security flaws.
Aspiring Ethical Hackers: Individuals seeking to enter the field of ethical hacking and wanting to gain a robust skill set that includes shellcoding, reverse engineering, and exploit development.
Computer Science Students: Upper-level undergraduate and graduate students in computer science or related fields who are looking to specialize in cybersecurity.
Participants should come prepared for an intensive learning experience that blends theory with practical, hands-on exercises. Critical thinking, problem-solving, and a willingness to tackle complex challenges will be key to making the most of this course. Whether you aim to protect systems or test their limits, this course will equip you with the knowledge and skills necessary to excel in the dynamic field of cybersecurity.
About Boston Cybernetics Institute
Boston Cybernetics Institute, PBC was created by former MIT Lincoln Lab cybersecurity researchers to give meaningful niche cyber instruction to a new generation of cybersecurity professionals.
We avoid the normal style of teaching with PowerPoint and lectures, opting to provide instead real-life engaging instruction that takes place in a customized environment. We have given our style of instruction to multiple DoD agencies, US commercial companies, and international companies.
Instructors at Boston Cybernetics Institute
Jeremy Blackthorne
President of the Boston Cybernetics Institute
Jeremy Blackthorne is a Lead Instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. Blackthorne is the co-creator and instructor for the Rensselaer Polytechnic Institute (RPI) courses: Modern Binary Exploitation, Spring 2015 and Malware Analysis, Spring 2013. Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps and is an alumnus of RPISEC. He holds a BS and MS in computer science. Blackthorne was an active member of the Student Security Club and CTF team, RPISEC, from 2012 to 2015, where he taught seminars on Reverse-Engineering, Exploitation, and various other Cybersecurity topics.
Clark Wood
security researcher and instructor
Clark Wood is a security researcher and instructor at the Boston Cybernetics Institute (BCI), focusing on Reverse Engineering, Exploitation, and CI/CD. He recently built a Reverse-Engineering and Exploitation platform for a DoD customer and is the Lead Engineer for BCI’s Government Services. Clark was formerly on the technical staff at MIT Lincoln Laboratory where he was a member of the Cyber System Assessments Group. Clark holds a BA in Economics from the University of Florida, a BS and MS in Computer Science from Florida State University, and a Master’s in Technology and Policy from MIT.
Rodolfo Cuevas
security researcher and instructor
Rodolfo Cuevas is a security researcher and instructor at BCI, where he focuses on understanding how design constraints can be used to limit the impact of an attacker on a system. His research combines the adversarial mindset with approaches influenced by Systems and Control Theory. Rodolfo was a staff member at MIT Lincoln Laboratory and began his career as a RADAR and Ballistic Missile Defense System (BMDS) analyst. Later, Rodolfo transitioned to evaluating and Red-Teaming tactical and commercial cyber systems in support of DoD and other government programs. Rodolfo holds a BS, M.Eng., and M.S. in Electrical and Computer Engineering from Cornell University.
Reed Porada
security researcher and instructor
Reed Porada is a security researcher and instructor at BCI, focused on getting to the "so what" of both defensive and offensive cyber measures. Reed also leads BCI training in Cyber Systems Analysis, focusing on developing systems-thinking skills of developers up to managers. Reed was a staff member at MIT Lincoln Laboratory for ten years, where he was responsible for Test and Evaluation, Test Automation Research, Red-Teaming of Cyber Systems, and Blue System Architectures. Reed was a computer scientist at the Naval Research Laboratory focused on wireless communication systems. He holds a BS in Computer Science from the University of Maryland, College Park and an MS in Software Engineering from Carnegie Mellon University.
Check Out Our Other Courses Too!
