Designed by operators for operators, this accelerated course is designed to help understand communications tunneling techniques and tradecraft related to cyber operations. We provide hands-on instruction on performing tunneling from SSH tunnels, proxy tunnels, TOR tunneling over SOCKS and other tunneling mechanisms through open-source projects and commercial systems. Participants of this course will be able to tunnel traffic using our cyber-range to become adept and familiarized with tunneling techniques by the first day. The second day of this course focuses on tradecraft associated with tunneling techniques learned. We provide the tools to visualize and understand how network defenders can identify tunneling techniques and how they can prevent such activity.
Learning Objectives
Learning objectives:
- Tunneling over SSH
- Tunneling over Proxies
- Tunneling over TOR with SOCKS
- Tunneling over open-source projects
- Tunneling over commercial systems
- Tunneling tradecraft
- Identification and mitigation of malicious tunneling activity
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Network Services
- Cyber Defense Analysis
- Collection Operations
- Cyber Operations
- Threat Analysis
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.