Embark on a transformative journey with Boston Cybernetics Institute's Senior CNO Developer Course, tailored exclusively for seasoned cybersecurity professionals eager to master the art of Windows persistence. Over the span of 50 intensive days, this course will immerse you in the advanced tactics and strategies essential for crafting robust, stealthy, and resilient software systems capable of thriving in the most adversarial environments.
With a curriculum designed by DoD-experienced instructors, you will delve into the complex anatomy of Windows operating systems. From the foundational elements to intricate subsystems, you will learn to navigate and manipulate Objects and Handles, orchestrate Processes and Threads, and master File and Device I/O with precision. The course rigorously covers Networking, Memory Management, and the intricate dance of Interprocess Communication, ensuring your capabilities are not just effective, but strategically superior.
In the realm of defense, your enhanced skills in leveraging the Windows Registry, Services, and the Component Object Model (COM) will become pivotal in crafting operational software that evades detection and persists against countermeasures. The utilization of Crypto Next Generation (CNG) and .NET Framework fortifies your technical arsenal, ensuring you are equipped to address and overcome the sophisticated security measures encountered in modern theaters of cyber warfare.
Our hands-on, keyboard-centric approach, reinforced with real-world CTF exercises and minimal lectures, is designed to simulate the pressures and challenges you'll face in the field. The training culminates with deploying your solutions against instrumented targets, ranging from simple to complex, allowing you to experience the full spectrum of adversary perspectives.
Whether you're safeguarding national security or protecting corporate interests, the Senior CNO Developer Course is your pivotal step towards becoming an architect of impenetrable systems. Join us at BCI, where the only boundary to cyber capability is the extent of your ingenuity. Secure your seat and forge the future of operational effectiveness.
Curriculum Overview: Detailed Course Breakdown
The "Windows Persistence" course at Boston Cybernetics Institute offers a comprehensive deep dive into the building blocks and advanced components of Windows systems critical for sophisticated Cyber Network Operations (CNO). Over the course of 50 days, participants will engage with a curriculum meticulously designed to elevate their skill set in developing robust and persistent software capabilities. Here’s a closer look at the material we’ll cover:
A robust build environment is the cornerstone of any cyber security-focused development, particularly when crafting persistent systems. In this section, we delve into the specifics of configuring a build environment tailored for the development of cyber security tools. This includes selecting and setting up compilers, debuggers, and other essential tools that are compatible across various versions of Windows. We focus on creating environments that can build both kernel and user-mode utilities, which are often the backbone of persistent mechanisms in CNO operations.
Understanding the bedrock of Windows OS is crucial for cyber security professionals aiming to develop or mitigate persistent threats. We provide an extensive overview of Windows internals, including the kernel, system services, the Windows API, and the subsystems that support the OS's graphical user interface. This knowledge is essential for identifying potential security vulnerabilities that can be used for or against persistence mechanisms.
Objects and Handles
In Windows, objects and handles are central to resource management. This section covers how security descriptors and access controls are applied to these objects, imparting an understanding of how to securely manage handles while avoiding leaks that could be exploited by malicious entities to gain persistence or escalate privileges.
Processes are fundamental to the operation of Windows systems. We explore process creation, management, security contexts, and how processes can be manipulated to maintain persistence on a compromised system. Cyber security implications, such as process hollowing and injection techniques, are studied in detail.
Threads are the smallest sequence of programmed instructions that can be managed independently by the scheduler. This module covers thread synchronization, concurrency, and the implications of thread safety in the context of cyber security. We examine how threads can be exploited to execute code within other processes, aiding in the development of stealthy, persistent payloads.
Correct synchronization of concurrent operations is pivotal to maintain system stability and security. We dissect various synchronization primitives offered by Windows, such as mutexes, semaphores, and events, and their role in preventing race conditions and deadlocks, which are often exploited in cyber attacks.
File and Device I/O
File systems and device I/O operations are potential targets for persistent threats. This section covers secure file operations, the role of file permissions, and how device I/O can be monitored or manipulated by malicious software to gain or maintain access to a system.
Networking is a double-edged sword in cyber security: it allows for communication and data transfer, but also for data exfiltration and command and control (C2) operations. Our course covers network stack intricacies, protocol security, and the development of covert channels to evade network defenses.
Robust memory management is key to preventing software vulnerabilities. We look at Windows memory architecture, how memory can be allocated and managed securely, and how mismanagement can lead to security vulnerabilities like buffer overflows, which can be exploited for persistent access.
Libraries (DLL / Static)
Understanding how to properly utilize dynamic and static libraries is essential in CNO tool development. We discuss secure library use, the implications of side-loading vulnerabilities, and how libraries can be a vector for persistent threats.
Windows security features are both an obstacle and an asset in cyber operations. We dissect features like User Account Control (UAC), security tokens, and Windows Defender, teaching students how these can be navigated or leveraged to maintain operational security and persistence.
The Windows Registry acts as the database for the system configuration. We explore how the registry can be safely manipulated for legitimate purposes, and how it can be used by attackers to achieve persistence by running malware at system startup.
Interprocess Communication (IPC) Mechanisms
IPC is crucial for the coordination between processes running on the same machine. This section covers the various IPC mechanisms in Windows, such as pipes and shared memory, and how they can be secured or exploited by cyber threats to maintain persistence.
Windows services run in the background and are often used by software to perform routine tasks. We discuss how services can be created and managed securely, and how malicious services can be used for persistence and privilege escalation.
Component Object Model (COM)
COM is a binary-interface standard for software components. This module covers how COM can be used to extend the functionality of applications and how it can be exploited for persistent access by cyber adversaries.
Crypto Next Generation (CNG) / Bcrypt
Cryptography is essential in securing data and communications. We go over the CNG API in Windows, discussing secure cryptographic practices and how weaknesses in cryptographic implementations can be exploited.
.NET and .NET Framework
The .NET Framework is a popular target for attackers due to its widespread use. We cover secure coding practices in .NET, common vulnerabilities, and how the .NET runtime can be used to create persistent mechanisms in CNO operations.
Debugging skills are vital for both developing secure software and analyzing potential security threats. This section emphasizes the importance of debugging in the cyber security domain, including techniques for reverse engineering and understanding malware operations.
Each of these topics will be examined through the lens of cyber security, with an emphasis on developing a comprehensive understanding of how each can be used to create secure systems, as well as how they can be exploited for persistent access. The course material is designed not just to impart knowledge, but to apply it in practical, hands-on scenarios that reflect real-world cyber security challenges.
Who Should Take This Course?
This course is meticulously designed for a diverse range of professionals who are passionate about delving into the depths of Windows internals and cyber security. It is ideal for:
Cyber Security Enthusiasts: Whether you're starting out or looking to deepen your expertise, this course offers a comprehensive exploration into the mechanisms of Windows that are often leveraged in security exploits.
Software Developers: If you're involved in developing Windows applications and want to fortify your coding practices against security vulnerabilities, this course provides the knowledge to understand and protect against common attack vectors.
IT Professionals: System administrators and network engineers will benefit from a better understanding of the underlying systems they manage, enabling them to spot and mitigate security risks more effectively.
Aspiring Malware Analysts: Those looking to enter the field of malware analysis and reverse engineering will find this course a strong foundation, covering the techniques and knowledge needed to analyze and combat malware.
Incident Responders and Forensic Analysts: Professionals who deal with the aftermath of cyber-attacks can gain insights into advanced persistent threats (APTs) and how they manifest and persist in systems.
Penetration Testers and Ethical Hackers: Understanding the intricacies of Windows systems is crucial for those tasked with testing and improving security postures through ethical hacking.
Security Researchers: If your work involves uncovering and understanding new vulnerabilities, this course provides the technical grounding to analyze and report on security flaws effectively.
This course is crafted to not only impart theoretical knowledge but also to provide hands-on experience through labs, exercises, and CTF-style challenges that mirror real-world scenarios. The course is designed to mold participants into elite CNO developers, capable of crafting software that remains effective and undetectable within hostile environments, ensuring operational success for both private sector security teams and military cyber operations.
About Boston Cybernetics Institute
Boston Cybernetics Institute, PBC was created by former MIT Lincoln Lab cybersecurity researchers to give meaningful niche cyber instruction to a new generation of cybersecurity professionals.
We avoid the normal style of teaching with PowerPoint and lectures, opting to provide instead real-life engaging instruction that takes place in a customized environment. We have given our style of instruction to multiple DoD agencies, US commercial companies, and international companies.
Instructors at Boston Cybernetics Institute
President of the Boston Cybernetics Institute
Jeremy Blackthorne is a Lead Instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. Blackthorne is the co-creator and instructor for the Rensselaer Polytechnic Institute (RPI) courses: Modern Binary Exploitation, Spring 2015 and Malware Analysis, Spring 2013. Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps and is an alumnus of RPISEC. He holds a BS and MS in computer science. Blackthorne was an active member of the Student Security Club and CTF team, RPISEC, from 2012 to 2015, where he taught seminars on Reverse-Engineering, Exploitation, and various other Cybersecurity topics.
security researcher and instructor
Clark Wood is a security researcher and instructor at the Boston Cybernetics Institute (BCI), focusing on Reverse Engineering, Exploitation, and CI/CD. He recently built a Reverse-Engineering and Exploitation platform for a DoD customer and is the Lead Engineer for BCI’s Government Services. Clark was formerly on the technical staff at MIT Lincoln Laboratory where he was a member of the Cyber System Assessments Group. Clark holds a BA in Economics from the University of Florida, a BS and MS in Computer Science from Florida State University, and a Master’s in Technology and Policy from MIT.
security researcher and instructor
Rodolfo Cuevas is a security researcher and instructor at BCI, where he focuses on understanding how design constraints can be used to limit the impact of an attacker on a system. His research combines the adversarial mindset with approaches influenced by Systems and Control Theory. Rodolfo was a staff member at MIT Lincoln Laboratory and began his career as a RADAR and Ballistic Missile Defense System (BMDS) analyst. Later, Rodolfo transitioned to evaluating and Red-Teaming tactical and commercial cyber systems in support of DoD and other government programs. Rodolfo holds a BS, M.Eng., and M.S. in Electrical and Computer Engineering from Cornell University.
security researcher and instructor
Reed Porada is a security researcher and instructor at BCI, focused on getting to the "so what" of both defensive and offensive cyber measures. Reed also leads BCI training in Cyber Systems Analysis, focusing on developing systems-thinking skills of developers up to managers. Reed was a staff member at MIT Lincoln Laboratory for ten years, where he was responsible for Test and Evaluation, Test Automation Research, Red-Teaming of Cyber Systems, and Blue System Architectures. Reed was a computer scientist at the Naval Research Laboratory focused on wireless communication systems. He holds a BS in Computer Science from the University of Maryland, College Park and an MS in Software Engineering from Carnegie Mellon University.