• Classroom
Course Description

The current threat landscape is shifting. Traditional defenses are failing us. We need to develop new strategies to defend ourselves. Even more importantly, we need to better understand who is attacking us and why. You may be able to immediately implement some of the measures we discuss in this course, while others may take a while. Either way, consider what we discuss as a collection of tools at your disposal when you need them to annoy attackers, determine who is attacking you, and, finally, attack the attackers.

SEC550: Active Defense, Offensive Countermeasures and Cyber Deception is based on the Active Defense Harbinger Distribution live Linux environment funded by the Defense Advanced Research Projects Agency (DARPA). This virtual machine is built from the ground up for defenders to quickly implement Active Defenses in their environments. The course is very heavy with hands-on activities - we won't just talk about Active Defenses, we will work through labs that will enable you to quickly and easily implement what you learn in your own working environment.

Learning Objectives

  • Track bad guys with callback Word documents
  • Use Honeybadger to track web attackers
  • Block attackers from successfully attacking servers with honeyports
  • Block web attackers from automatically discovering pages and input fields
  • Understand the legal limits and restrictions of Active Defense
  • Obfuscate DNS entries
  • Create non-attributable Active Defense Servers
  • Combine geolocation with existing Java applications
  • Create online social media profiles for cyber deception
  • Easily create and deploy honeypots

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Infrastructure Support
  • Incident Response