Mainstream media coverage of hacker groups and their exploits have left the public thinking that all of cyber security is black magic. While many attacks involve some advanced networking and coding techniques, the majority of compromises are carried out by much less sophisticated attackers. The majority of these individuals have learned the process of compromising servers and networks in the same way that all of us have learned technology: by researching online. The days of creating and compiling your own exploit code are long since past. Most attackers are using “point and pwn” utilities like Armitage, Cain & Able, and the Social Engineers Toolkit (SET) to cause havoc for organizations worldwide.
We believe that to emulate the various cyber threat vectors, it is critical to understand what most attacks have in common: their methodology. Bringing together decades of experience in government, commercial and academic cyber security training and consulting, our instructors have developed and implemented multiple threat emulation methodologies. While methodologies change over time to account for new technologies and techniques, the concepts involved remain constant. This course provides a flexible methodology for use in emulating external and internal network intrusion threat vectors.