CE-WRL-003

Exploitation Analysis

Responsible for identifying access and intelligence collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.

Tasks

T0591: Perform analysis for target infrastructure exploitation activities
T0775: Produce network reconstructions
T1012: Expand network access
T1013: Conduct technical exploitation of a target
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1023: Identify critical technology procurement requirements
T1026: Determine procurement requirements
T1031: Implement intelligence collection requirements
T1077: Assess the organization's cybersecurity architecture
T1091: Perform authorized penetration testing on enterprise network assets
T1096: Perform privacy impact assessments (PIAs)
T1107: Evaluate functional requirements
T1211: Track targets
T1359: Perform penetration testing
T1519: Design system security measures
T1520: Update system security measures
T1563: Implement system security measures
T1635: Access targeted networks
T1663: Identify potential avenues of access in digital technologies
T1667: Conduct independent in-depth target and technical analysis
T1677: Develop intelligence collection plans
T1689: Create comprehensive exploitation strategies
T1690: Identify exploitable technical or operational vulnerabilities
T1736: Communicate tool requirements to developers
T1745: Identify gaps in understanding of target technology
T1751: Locate targets
T1757: Coordinate exploitation operations
T1758: Determine potential implications of new and emerging hardware and software technologies
T1772: Identify indications and warnings of target communication changes or processing failures
T1785: Profile network administrators and their activities

Knowledges

K0470: Knowledge of Internet and routing protocols
K0551: Knowledge of targeting cycles
K0655: Knowledge of intelligence fusion
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0690: Knowledge of requirements analysis principles and practices
K0691: Knowledge of cyber defense tools and techniques
K0692: Knowledge of vulnerability assessment tools and techniques
K0695: Knowledge of programming principles and practices
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0718: Knowledge of network communications principles and practices
K0721: Knowledge of risk management principles and practices
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0732: Knowledge of intrusion detection tools and techniques
K0734: Knowledge of Risk Management Framework (RMF) requirements
K0735: Knowledge of risk management models and frameworks
K0744: Knowledge of operating system (OS) systems and software
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0759: Knowledge of client and server architecture
K0766: Knowledge of data asset management principles and practices
K0770: Knowledge of system administration principles and practices
K0773: Knowledge of telecommunications principles and practices
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0791: Knowledge of defense-in-depth principles and practices
K0792: Knowledge of network configurations
K0807: Knowledge of web mail tools and techniques
K0812: Knowledge of digital communication systems and software
K0815: Knowledge of intelligence collection management processes
K0816: Knowledge of front-end intelligence collection systems and software
K0828: Knowledge of supply chain risk management standards and best practices
K0834: Knowledge of technology procurement principles and practices
K0837: Knowledge of hardening tools and techniques
K0838: Knowledge of supply chain risk management policies and procedures
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0860: Knowledge of malware signature principles and practices
K0915: Knowledge of network architecture principles and practices
K0920: Knowledge of risk management policies and procedures
K0923: Knowledge of operating system structures and internals
K0960: Knowledge of content management system (CMS) capabilities and applications
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0969: Knowledge of cyber-attack tools and techniques
K0973: Knowledge of system persistence tools and techniques
K0974: Knowledge of intelligence collection development processes
K0977: Knowledge of intelligence collection management tools and techniques
K0979: Knowledge of information searching tools and techniques
K0980: Knowledge of intelligence collection sources
K0983: Knowledge of computer networking principles and practices
K0984: Knowledge of web security principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K1000: Knowledge of evasion principles and practices
K1001: Knowledge of evasion tools and techniques
K1004: Knowledge of reporting policies and procedures
K1011: Knowledge of network addressing principles and practices
K1013: Knowledge of midpoint collection principles and practices
K1014: Knowledge of network security principles and practices
K1015: Knowledge of network topology principles and practices
K1024: Knowledge of partnership policies and procedures
K1033: Knowledge of scripting principles and practices
K1035: Knowledge of target research tools and techniques
K1041: Knowledge of target intelligence gathering tools and techniques
K1042: Knowledge of target selection policies and procedures
K1046: Knowledge of terminal collection
K1047: Knowledge of environmental collection
K1100: Knowledge of analytical tools and techniques
K1101: Knowledge of analytics
K1105: Knowledge of non-attributable networks
K1108: Knowledge of traceroute tools and techniques
K1187: Knowledge of organizational objectives
K1221: Knowledge of supply chain risk management practices
K1231: Knowledge of target requirements

Skills

S0066: Skill in identifying gaps in technical capabilities
S0156: Skill in performing packet-level analysis
S0214: Skill in evaluating accesses for intelligence value
S0221: Skill in extracting information from packet captures
S0248: Skill in performing target system analysis
S0385: Skill in communicating complex concepts
S0430: Skill in collaborating with others
S0433: Skill in creating analytics
S0434: Skill in extrapolating from incomplete data sets
S0435: Skill in analyzing large data sets
S0436: Skill in creating target intelligence products
S0437: Skill in identifying targets of interest
S0440: Skill in identifying target vulnerabilities
S0441: Skill in describing target vulnerabilities
S0497: Skill in developing client organization profiles
S0499: Skill in performing intelligence collection analysis
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0505: Skill in performing intrusion data analysis
S0507: Skill in collecting terminal or environment data
S0509: Skill in evaluating security products
S0512: Skill in extracting metadata
S0515: Skill in identifying partner capabilities
S0543: Skill in scanning for vulnerabilities
S0544: Skill in recognizing vulnerabilities
S0555: Skill in performing capabilities analysis
S0556: Skill in performing requirements analysis
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0566: Skill in developing signatures
S0567: Skill in deploying signatures
S0579: Skill in preparing reports
S0584: Skill in configuring network devices
S0585: Skill in installing network devices
S0600: Skill in collecting relevant data from a variety of sources
S0673: Skill in translating operational requirements into security controls
S0690: Skill in performing midpoint collection data analysis
S0698: Skill in creating intelligence collection requirements
S0699: Skill in creating plans in support of remote operations
S0703: Skill in depicting data on a network map
S0704: Skill in performing target analysis
S0709: Skill in developing analytics
S0712: Skill in evaluating data source quality
S0715: Skill in generating operation plans
S0723: Skill in interpreting vulnerability scanner results
S0725: Skill in performing network visualization
S0727: Skill in performing data fusion
S0732: Skill in recognizing malicious network activity in traffic
S0733: Skill in interpreting malicious network activity in traffic
S0736: Skill in researching software vulnerabilities
S0737: Skill in researching software exploits
S0749: Skill in determining relevant information
S0752: Skill in evading network detection
S0755: Skill in reconstructing a network
S0758: Skill in performing wireless network analysis
S0759: Skill in identifying requirements
S0791: Skill in presenting to an audience
S0824: Skill in communicating with customers
S0854: Skill in performing data analysis
S0862: Skill in performing geospatial analysis
S0864: Skill in performing intercept related information (IRI) analysis
S0869: Skill in performing metadata analysis
S0874: Skill in performing network traffic analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)