Course Description
Step into the battlefield of cyber warfare with Boston Cybernetics Institute's elite training in Unix Persistence, a comprehensive 50-day journey designed for seasoned professionals in the cybersecurity domain. This specialized course is meticulously crafted to enhance the operational capabilities of both private sector security experts and US military personnel, ensuring that your skills are not only current but also formidable against the sophisticated threats of the digital age.
Embark on an exploration of Unix System Architecture, delving into the intricacies that make Unix-based systems the backbone of critical operations. From the foundational Build Environments and Software Frameworks to the complexities of the Linux Kernel, you will gain a commanding understanding of the systems that run the world's most secure networks.
Master the mechanisms that drive process and thread management, and achieve proficiency in Memory Management, ensuring that your applications are optimized for efficiency and stealth. The Synchronous I/O Multiplexing sessions will empower you with the ability to handle high-volume, real-time data with agility and precision—a skill paramount in both offensive and defensive operations.
Dive into the world of Executables and Management Mechanisms, where the focus is on maintaining persistence and evading detection in hostile environments. Our course addresses the need for robust Network Programming, providing you with the tools to craft impenetrable communications and control systems.
Understanding Devices and Drivers, and Security Mechanisms will place you at the forefront of hardware-software interaction, allowing you to safeguard or exploit the most sensitive elements of an operating system. The File System Objects module will round out your knowledge, ensuring you are adept at manipulating and leveraging system resources for strategic advantage.
Our experienced DoD research instructors, who thrive on constant innovation and efficiency, will lead you through real-world scenarios and hands-on keyboard experiences. With our Capture-the-Flag (CTF) influenced methodology, every lesson is an exercise in practical problem-solving, providing immediate feedback, and fostering an environment where peer-teaching and collaborative challenges are the norms.
The Unix Persistence course is not just a learning experience; it's an investment in your strategic skill set, equipping you with the knowledge to design, implement, and test solutions against increasingly sophisticated defensive security technologies. By understanding the historical context through case studies and applying these lessons to real-world applications, you will leave BCI prepared to elevate the security posture of your organization and maintain a tactical edge over adversaries.
Embrace the challenge, enrich your expertise, and become a master of Unix Persistence with Boston Cybernetics Institute. Secure your place today and ensure that your cybersecurity capabilities are as relentless and enduring as the platforms you protect and penetrate.
Curriculum Overview: Detailed Course Breakdown
Unix System Architecture
The core of Unix forms the foundation upon which secure computing stands. In this module, we delve deep into the Unix System Architecture, exploring how its layered design supports a secure and robust environment for computer network operations. We'll dissect the user interface, kernels, hardware abstraction layer, and the shell environment, understanding how each layer can be fortified against cyber threats. The focus will be on how the architecture can be navigated and manipulated to maintain persistence on a host without detection, a critical skill for both offensive and defensive cyber operations.
Build Environments and Software Frameworks
Build environments are the unsung heroes of software development. This course offers an in-depth look at various build environments and software frameworks that are pivotal in developing Unix-based systems. We will cover how to customize and secure these environments, ensuring the integrity of the build process and the confidentiality of the codebase. Understanding these environments is key to creating software that can resist tampering and maintain its intended functionality in a hostile environment.
Linux Kernel
The Linux Kernel is at the heart of any Unix system, and mastering it is essential for any senior CNO developer. Our sessions will cover the kernel's role in managing system resources and enforcing security policies. Participants will learn to navigate kernel-level operations and manipulate kernel modules — skills necessary for developing software that interacts with system hardware in a secure and controlled manner, and for understanding the potential attack vectors that adversaries might exploit.
Processes
Processes are the lifeblood of a Unix system, and this course will teach you how to expertly manage and secure them. We will study process creation, execution, and monitoring, emphasizing how to manage these processes to ensure secure and efficient system operation. Understanding processes from a security standpoint allows for the design of software that can effectively hide from or resist adversary detection and termination.
Threads
Threads allow for concurrent operations within a process. In this part of the course, students will learn about thread synchronization, scheduling, and their implications on system stability and security. Mastery of threads is crucial for creating software that can efficiently execute multiple tasks in a secure manner, while also preventing race conditions and other concurrency-related security issues.
Memory Management
A deep understanding of memory management is essential for developing resilient software. We cover memory allocation, paging, segmentation, and how to protect against common vulnerabilities like buffer overflows and memory leaks. Memory management from a cybersecurity perspective is not just about efficient resource use but also about safeguarding against exploitation techniques used in advanced persistent threats.
Synchronous I/O Multiplexing
Input/Output (I/O) operations can be a system's Achilles' heel if not managed correctly. This course will cover the mechanisms of synchronous I/O multiplexing, allowing for the handling of multiple I/O streams. We will explore how to use these mechanisms to optimize performance and protect against I/O-based vulnerabilities, a common vector for denial-of-service attacks and other exploitations.
Executables
Understanding the creation and management of executables is paramount. We explore the anatomy of Unix executables, focusing on binary formats, linking, loading, and runtime execution. This knowledge is critical for reverse engineering and the development of software that must remain hidden or resilient against reverse engineering by adversaries.
Management Mechanisms
In this module, we cover the various management mechanisms inherent to Unix systems. We will explore how these mechanisms can be used to maintain system integrity and security, focusing on their application in secure software deployment and operation within contested cyber environments.
Network Programming
Network programming is the backbone of CNO development. This course includes an extensive examination of socket programming, protocol implementation, and network stack interaction. Participants will learn to develop network applications with a strong emphasis on security, enabling the creation of software that can communicate stealthily and resist network-based attacks.
Devices and Drivers
Interfacing with devices at the driver level is a powerful capability. Our curriculum includes in-depth coverage of Unix device management, driver development, and how these components interact with the rest of the system. Understanding device drivers is essential for the development of software that operates at the hardware level, a common requirement for sophisticated cyber operations.
Security Mechanisms
Unix systems come with an array of built-in security mechanisms. We dissect these mechanisms, such as permissions, access control lists, and user authentication features. Understanding and leveraging these mechanisms are crucial for developing software that can operate securely and persist on a system despite efforts to detect and remove unauthorized software.
File System Objects
The final piece of the puzzle is the file system, where all data ultimately resides. This course will cover the manipulation and management of file system objects, understanding how they can be used or misused by both developers and adversaries. We will look at securing data at rest, file system permissions, and how to develop software that interacts with the file system in a manner that is both effective and discreet.
Who Should Take This Course?
This course is designed for cybersecurity professionals, system administrators, and software developers with a focus on Computer Network Operations (CNO). Individuals who will benefit the most include:
Cybersecurity Analysts and Operators: Those who are looking to deepen their understanding of Unix systems to better detect, respond to, and mitigate cyber threats.
Software Developers: Programmers seeking specialized knowledge in creating secure, efficient, and robust Unix-based applications, especially within a cybersecurity context.
System Administrators: Admins aiming to fortify Unix systems against cyber attacks and ensure secure system configurations.
CNO Practitioners: Professionals involved in offensive and defensive cyber operations who require a deep technical understanding of Unix system internals to develop or counter sophisticated cyber tools and techniques.
IT Professionals: Individuals looking to broaden their expertise in Unix systems, focusing on security aspects to enhance their career in IT security.
Students should ideally have a basic understanding of operating systems and a keen interest in the cybersecurity implications of system architecture and software development. Those with a passion for delving into the technical intricacies of Unix and a drive to apply this knowledge in the field of cybersecurity will find this course particularly rewarding.
About Boston Cybernetics Institute
Boston Cybernetics Institute, PBC was created by former MIT Lincoln Lab cybersecurity researchers to give meaningful niche cyber instruction to a new generation of cybersecurity professionals.
We avoid the normal style of teaching with PowerPoint and lectures, opting to provide instead real-life engaging instruction that takes place in a customized environment. We have given our style of instruction to multiple DoD agencies, US commercial companies, and international companies.
Instructors at Boston Cybernetics Institute
Jeremy Blackthorne
President of the Boston Cybernetics Institute
Jeremy Blackthorne is a Lead Instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. Blackthorne is the co-creator and instructor for the Rensselaer Polytechnic Institute (RPI) courses: Modern Binary Exploitation, Spring 2015 and Malware Analysis, Spring 2013. Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps and is an alumnus of RPISEC. He holds a BS and MS in computer science. Blackthorne was an active member of the Student Security Club and CTF team, RPISEC, from 2012 to 2015, where he taught seminars on Reverse-Engineering, Exploitation, and various other Cybersecurity topics.
Clark Wood
security researcher and instructor
Clark Wood is a security researcher and instructor at the Boston Cybernetics Institute (BCI), focusing on Reverse Engineering, Exploitation, and CI/CD. He recently built a Reverse-Engineering and Exploitation platform for a DoD customer and is the Lead Engineer for BCI’s Government Services. Clark was formerly on the technical staff at MIT Lincoln Laboratory where he was a member of the Cyber System Assessments Group. Clark holds a BA in Economics from the University of Florida, a BS and MS in Computer Science from Florida State University, and a Master’s in Technology and Policy from MIT.
Rodolfo Cuevas
security researcher and instructor
Rodolfo Cuevas is a security researcher and instructor at BCI, where he focuses on understanding how design constraints can be used to limit the impact of an attacker on a system. His research combines the adversarial mindset with approaches influenced by Systems and Control Theory. Rodolfo was a staff member at MIT Lincoln Laboratory and began his career as a RADAR and Ballistic Missile Defense System (BMDS) analyst. Later, Rodolfo transitioned to evaluating and Red-Teaming tactical and commercial cyber systems in support of DoD and other government programs. Rodolfo holds a BS, M.Eng., and M.S. in Electrical and Computer Engineering from Cornell University.
Reed Porada
security researcher and instructor
Reed Porada is a security researcher and instructor at BCI, focused on getting to the "so what" of both defensive and offensive cyber measures. Reed also leads BCI training in Cyber Systems Analysis, focusing on developing systems-thinking skills of developers up to managers. Reed was a staff member at MIT Lincoln Laboratory for ten years, where he was responsible for Test and Evaluation, Test Automation Research, Red-Teaming of Cyber Systems, and Blue System Architectures. Reed was a computer scientist at the Naval Research Laboratory focused on wireless communication systems. He holds a BS in Computer Science from the University of Maryland, College Park and an MS in Software Engineering from Carnegie Mellon University.