CSFI: Defensive Cyber Operations Engineer (DCOE)


3 Days


Employees of federal, state and local governments; and businesses working with the government.


Course Description:

Develop your cyber operations skills for the deployment of CNA, CND, and CNE.

In this hands-on course, you will gain a better understanding of cyber operations (CO) for the deployment of computer network attack (CNA), computer network defense (CND), and computer network exploitation (CNE), against an adversary to achieve objectives and cause effects in support of a mission set.

This course, founded on concept operations and real cyber capabilities, provides you with the understanding, tools, and processes needed to conduct malware analysis with real-world malicious code samples to dissect. You will prepare and plan an effective offensive and defensive strategy, as well as evaluate covert protocols. Analysis of system specific, non-descript tools will be introduced to aid in attack and defense.

This course is one of the course requirements for the Defensive Cyberspace Operations Engineer (CSFI-DCOE) certification exam.

Certification: Defensive Cyberspace Operations Engineer (CSFI-DCOE)

Note: This course requires you to bring your own laptop preloaded with VMware Workstation 9 or 10.

What You’ll Learn

  • Classes of malware
  • System monitoring
  • Malware analysis tools
  • Socio-technological engineering
  • Forensics and counter-forensics
  • Analysis of kernel level rootkits
  • Network evasion techniques and countermeasures

Who Needs to Attend

Anyone interested in the field of cyber warfare/cyber operations and/or looking to expand a cybersecurity career, including cyber commanders, information operations officers, information security/assurance professionals, cybersecurity consultants, cyber strategists, military members (J2, J3, J6, J9 types), SOC/NOC security analysts, network security engineers, penetration testers, auditors, government officials, and security engineers.

Follow-On Courses

CSFI-DCOE individuals must attend three virtual cyber drills a year to remain certified and maintain operational skills.

Course Outline

1. Malware Analysis for Cyber Operations

  • Trends in malicious code growth
  • Classes of malware
  • Attack vectors
  • Surface analysis of malware
  • Run-time analysis of malware
  • System monitoring
  • Debuggers
  • Static reverse engineering of malware
  • Disassemblers
  • Malware analysis tools (obfuscation methods used by malware authors)
    • CND Focus
  • Malware mutation and development (US, Five Eyes, and NATO nations only)
    • CNA Focus

2. Defensive Cyber Operations

  • Attack canvas
    • Preparing and planning an effective strategy offensively and defensively
    • Passive, active, and covert reconnaissance and counter-reconnaissance
    • Analysis of tactical, physical, and cyber locations
    • Socio-technological engineering
    • High-value cyber targeting
  • Exploitation frameworks and tools
    • Disinformation on the cyber battleground
    • Forensics and counter-forensics on the cyber landscape
    • Analysis of systems specific, non-descript tools to aid in attack and defense
    • Attacks and defense against high level routing protocols
    • Malware analysis, reverse engineering, and re-assembling
  • Evaluation of covert protocols: tunneling, steganography, packet rate limiting, streams
    • Offensive and defensive analysis and execution of system level attacks against Windows
    • Offensive and defensive analysis and execution of Windows based rootkits
      • Overt and covert
    • Analysis of kernel level rootkits in BSD, Linux, Windows, and Solaris
    • Unix Security
      • Unix based systems for offense and defense
    • Buffer, stack, and heap overflows
  • Analysis of bypassing security measures (DEP, ASLR, and Bastille)
    • Usage of the Metasploit framework
    • Shell-coding and an overview of obfuscation
    • Automating an offensive and defensive environment
    • Fault injections for offensive purposes
    • Wireless attack vectors and defenses
  • Network analysis
    • Network evasion techniques and countermeasures
    • VoIP security exploitation and defense
    • Evaluating web technologies attacks, trends, and countermeasures
    • Automating web attacks for a perfect web


You will have access to virtual labs during class for hands-on training.