Embark on a transformative 45-day journey into the intricate world of Windows systems with Boston Cybernetics Institute's premier "Windows Access" course. Designed for seasoned cybersecurity professionals and strategic military personnel, this course delves into the advanced techniques and unorthodox strategies necessary for mastering Computer Network Operations (CNO) within the complex Windows environment.
Our curriculum is tailored to reflect the real-world challenges of operating within adversarial digital landscapes, ensuring operational effectiveness, suitability, and survivability of software. With a focus on the pivotal areas of Windows Knowledge, Vulnerability Classes, Reverse Engineering, and more, participants will engage in rigorous hands-on keyboard training—synthesized through our innovative use of Jupyter Notebooks for an immersive learning experience.
This Senior CNO Developer Course is not just an educational pathway; it is a strategic enabler. Whether you are safeguarding national security interests or protecting corporate digital assets, the skills acquired here will empower you and your organization to anticipate, navigate, and overcome sophisticated cyber threats.
Join forces with fellow professionals and benefit from the expertise of our DoD research-experienced instructors, as you collectively harness the power of Windows systems to secure your operations. "Windows Access" is more than a course—it's an investment in tactical excellence and a pledge to technological superiority in the cyber domain. Secure your place at the forefront of CNO development, and redefine what it means to be at the cutting edge of cybersecurity and military cyber operations.
Curriculum Overview: Detailed Course Breakdown
The course begins by establishing a foundational understanding of Windows operating systems. Participants will explore the intricacies of Windows architecture, system calls, and the Windows API. This segment equips students with the essential knowledge required to navigate the complexities of Windows environments and sets the stage for advanced exploration of system vulnerabilities.
We will dissect the various classes of vulnerabilities that plague Windows systems, including but not limited to buffer overflows, race conditions, and privilege escalation vectors. Our approach is to categorize and analyze each class, equipping students with the ability to identify and exploit weaknesses inherent to the Windows operating system.
Reverse engineering is an art and a science; it's the backbone of understanding malicious software and developing countermeasures. Students will be taught sophisticated reverse engineering techniques using tools like IDA Pro and WinDbg. This module emphasizes hands-on experience in decompiling binaries and interpreting code without source access, a critical skill in CNO operations.
In-depth coverage of Windows memory management is crucial for effective exploitation. The course covers memory allocation, process address space, and the handling of executable code in memory. Understanding these aspects is vital for developing reliable exploits and avoiding detection by modern memory protection mechanisms.
This section delves into the core of exploitation, with a focus on the development and refinement of exploitation primitives. Students will learn to manipulate memory and execute arbitrary code, enabling them to turn potential vulnerabilities into actual vectors of attack.
Creating custom shellcode is an essential skill for any CNO developer. This course will provide the expertise to write and optimize shellcode for various scenarios within Windows environments, taking into account the unique constraints and defensive measures present in targeted systems.
As Windows continues to evolve, so do its defenses. This course segment addresses the latest exploit mitigation techniques deployed by Windows, such as ASLR, DEP, and Control Flow Guard (CFG). Students will not only learn how these mitigation strategies work but also how to bypass them, a critical skill for effective CNO.
Students will embark on the proactive side of cyber operations through vulnerability research. This involves identifying unknown vulnerabilities (zero-days) and understanding their potential impact. The course teaches systematic approaches to discovering and analyzing these vulnerabilities, a key aspect of maintaining a competitive edge in cyber operations.
Windows Kernel Topics:
The course concludes with advanced topics related to the Windows kernel, the core of the operating system. Participants will study kernel mode vs. user mode, driver development, and the exploitation of kernel vulnerabilities. This knowledge is imperative for those looking to develop or mitigate rootkits and other low-level malicious software.
Who Should Take This Course?
This course is meticulously designed for cybersecurity professionals who aspire to specialize in offensive cyber operations and exploit development within Windows environments. It is particularly beneficial for:
Penetration Testers: If you're looking to deepen your understanding of advanced exploitation techniques and move beyond surface-level vulnerabilities, this course is for you.
Security Researchers: For those who spend their time hunting for zero-days and developing patches, this course provides the necessary skills to understand and exploit complex vulnerabilities.
Malware Analysts: Individuals tasked with dissecting and neutralizing malware will find the reverse engineering and shellcoding modules invaluable.
Incident Responders: If you're on the front lines of cyber defense, understanding how exploits are crafted can greatly improve your ability to respond to and mitigate attacks.
Software Developers: Secure coding requires an understanding of how vulnerabilities are exploited. This course will arm you with that knowledge, making you a more robust programmer.
Government or Military Personnel: Those engaged in national security and tasked with developing or defending against cyber tools will gain significant insights from the deep technical focus on Windows systems.
Through these detailed course, participants will emerge as formidable CNO developers with specialized expertise in Windows systems, capable of crafting sophisticated cyber capabilities and fortifying defenses against the most advanced adversaries.
About Boston Cybernetics Institute
Boston Cybernetics Institute, PBC was created by former MIT Lincoln Lab cybersecurity researchers to give meaningful niche cyber instruction to a new generation of cybersecurity professionals.
We avoid the normal style of teaching with PowerPoint and lectures, opting to provide instead real-life engaging instruction that takes place in a customized environment. We have given our style of instruction to multiple DoD agencies, US commercial companies, and international companies.
Instructors at Boston Cybernetics Institute
President of the Boston Cybernetics Institute
Jeremy Blackthorne is a Lead Instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. Blackthorne is the co-creator and instructor for the Rensselaer Polytechnic Institute (RPI) courses: Modern Binary Exploitation, Spring 2015 and Malware Analysis, Spring 2013. Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps and is an alumnus of RPISEC. He holds a BS and MS in computer science. Blackthorne was an active member of the Student Security Club and CTF team, RPISEC, from 2012 to 2015, where he taught seminars on Reverse-Engineering, Exploitation, and various other Cybersecurity topics.
security researcher and instructor
Clark Wood is a security researcher and instructor at the Boston Cybernetics Institute (BCI), focusing on Reverse Engineering, Exploitation, and CI/CD. He recently built a Reverse-Engineering and Exploitation platform for a DoD customer and is the Lead Engineer for BCI’s Government Services. Clark was formerly on the technical staff at MIT Lincoln Laboratory where he was a member of the Cyber System Assessments Group. Clark holds a BA in Economics from the University of Florida, a BS and MS in Computer Science from Florida State University, and a Master’s in Technology and Policy from MIT.
security researcher and instructor
Rodolfo Cuevas is a security researcher and instructor at BCI, where he focuses on understanding how design constraints can be used to limit the impact of an attacker on a system. His research combines the adversarial mindset with approaches influenced by Systems and Control Theory. Rodolfo was a staff member at MIT Lincoln Laboratory and began his career as a RADAR and Ballistic Missile Defense System (BMDS) analyst. Later, Rodolfo transitioned to evaluating and Red-Teaming tactical and commercial cyber systems in support of DoD and other government programs. Rodolfo holds a BS, M.Eng., and M.S. in Electrical and Computer Engineering from Cornell University.
security researcher and instructor
Reed Porada is a security researcher and instructor at BCI, focused on getting to the "so what" of both defensive and offensive cyber measures. Reed also leads BCI training in Cyber Systems Analysis, focusing on developing systems-thinking skills of developers up to managers. Reed was a staff member at MIT Lincoln Laboratory for ten years, where he was responsible for Test and Evaluation, Test Automation Research, Red-Teaming of Cyber Systems, and Blue System Architectures. Reed was a computer scientist at the Naval Research Laboratory focused on wireless communication systems. He holds a BS in Computer Science from the University of Maryland, College Park and an MS in Software Engineering from Carnegie Mellon University.