A uniquely TrainedSecurity Force

Training

07

Training

root9B understands the cognitive aspects of cyber operations. Our curriculum provides the hands-on technical skills students require to attain a variety of advanced cybersecurity qualifications. We instill the knowledge, skills, and abilities necessary for our students to defeat the adversary.

dynamic development of skills

building a foundation of security principles

Customizable curriculum
and real-world
environment
simulation

Available Courses

Below are our available courses. Please check back often as our course offerings are updated regularly. Government organizations, please contact root9b directly via training@root9b.com for pricing and purchasing information.

November 13, 2017
 (
Honolulu, HI
)
December 4, 2017
 (
Colorado Springs, CO
)
February 5, 2018
 (
Colorado Springs, CO
)
February 26, 2018
 (
San Antonio, TX
)
May 7, 2018
 (
Honolulu, HI
)
June 4, 2018
 (
Annapolis Junction, MD
)
August 27, 2018
 (
Colorado Springs, CO
)
December 3, 2018
 (
Columbia, MD
)

 

PowerShell has become one of most recognized and prevailing tools provided by Microsoft. Network Defenders and Aggressors have also realized the value of PowerShell and now have incorporated PowerShell into their standard tactics. This course is meant to train those who have little to no experience in PowerShell and make them proficient enough to learn on their own. This course does not simply teach students to use specific commands but rather, it focuses on teaching the students how to help themselves, assist coworkers, and cultivate a foundation in PowerShell that will stand the test of time.

COURSE objective

This course will educate the students on the very basics of scripting and PowerShell. This will ensure that all students will understand the same terminology to equalize those who have had exposure to PowerShell and those who haven’t. After foundational information, the course will proceed with a focus with a balance of instructor lecture and course exercises. Each lesson will progress the student, leveraging information learned from previous lessons to create a study flow of development and concept reinforcement. The course will finish with a cap stone to test the students application of all the previous materials discussed.

root9B reserves the right to cancel or change a class at any time, including but not limited to, lack of participation, classroom, equipment or trainer availability. All courses require a minimum of 6 attendees. Notification will be provided within 14 days of the class, whenever possible. Registrants will be issued a course voucher for the next available course in the event of a course cancellation. root9B is not liable for any direct, or indirect, consequential or special damages that may be incurred due to a cancellation of a scheduled class, including, but not limited to, cancellation penalties for transportation or accommodations. The customer or student's sole remedy shall be a voucher for future training.

October 2, 2017
 (
Honolulu, HI
)
October 16, 2017
 (
San Antonio, TX
)
January 2, 2018
 (
Annapolis Junction, MD
)
January 8, 2018
 (
San Antonio, TX
)
January 15, 2018
 (
Honolulu, HI
)
January 29, 2018
 (
Columbia, MD
)
March 12, 2018
 (
Augusta, GA
)
April 2, 2018
 (
Annapolis Junction, MD
)
April 23, 2018
 (
San Antonio, TX
)
May 29, 2018
 (
San Antonio, TX
)
May 29, 2018
 (
Honolulu, HI
)
July 9, 2018
 (
Columbia, MD
)
July 30, 2018
 (
San Antonio, TX
)
August 6, 2018
 (
Augusta, GA
)
August 23, 2018
 (
Annapolis Junction, MD
)
September 17, 2018
 (
Honolulu, HI
)
October 8, 2018
 (
San Antonio, TX
)
October 15, 2018
 (
Columbia, MD
)
November 13, 2018
 (
Annapolis Junction, MD
)

root9B’s Adversary Tactics and Techniques course is an intense 5-week hands-on course that teaches students the methodology and technical details of how attackers recon, gain access to, pivot, and remain hidden within a target network, and any artifacts their actions may leave behind. Whether they’re on a path to become pen-testers, red team members, or cyber hunters, the Adversary Tactics and Techniques course prepares students to excel by establishing a firm foundation in operational cyber exploitation methodologies. Future pen-testers will know how to infiltrate networks, and cyber defense analysts and operators will be better equipped to identify the tell-tale signs of an intrusion in progress. The course takes students with a basic understanding of computers and computer networks to a level where they are capable of executing fundamental exploitation operations in Windows and Linux environments.

The course begins by establishing a firm foundation on the Windows and Linux operating systems and how those systems communicate on networks, and finishes with using offensive tools, tactics, and procedures on those operating systems, with an emphasis on protecting assets and acquired accesses. Students will learn the technical details of how fundamental exploit techniques are executed and why they work. Modules covering topics from packet analysis to pivoting and tunneling are done in a way that emphasizes a capability independent mindset.

The course is taught by leading professionals in the cyber security field. All instructors have either had previous experience conducting cyber operations within the Intelligence Community, or have been pen-testers or red team members within the military or government. This experience is leveraged to enhance training and best prepare students to execute their organization’s mission no matter what cyber terrain they operate in.

The course focuses on five major topics: Windows, Linux, Networking, Tactical Forensics, and Adversary Methodologies & Exploitation Techniques. Every course module is taught through the use of numerous hands-on exercises designed to reinforce the practical application and employment of the most fundamental techniques used by sophisticated cyber organizations. Students learn by following along with the instructor and completing complex exercises designed to force students to think outside of the box and act within a dynamic environment. As students learn the concepts, they are simultaneously challenged to develop and apply their critical thinking skills to produce innovative solutions to complex problems. Additionally, students are taught advanced techniques and procedures to hide their tracks and remain hidden. Students will develop and demonstrate their skills throughout the course by achieving cyber objectives in live virtual environments. 

The final week of the course includes several days of extensive exercises that require students to gradually combine everything learned in the previous modules, culminating in a final scenario that simulates a full-scale cyber operation. Students leave the ATT course with a thorough understanding of the exploitation process and the technical knowledge to perform a full range of fundamental cyber operations on target networks.

root9B reserves the right to cancel or change a class at any time, including but not limited to, lack of participation, classroom, equipment or trainer availability. All courses require a minimum of 6 attendees. Notification will be provided within 14 days of the class, whenever possible. Registrants will be issued a course voucher for the next available course in the event of a course cancellation. root9B is not liable for any direct, or indirect, consequential or special damages that may be incurred due to a cancellation of a scheduled class, including, but not limited to, cancellation penalties for transportation or accommodations. The customer or student's sole remedy shall be a voucher for future training.

October 9, 2017
 (
Annapolis Junction, MD
)
October 23, 2017
 (
Colorado Springs, CO
)
December 11, 2017
 (
Annapolis Junction, MD
)
January 8, 2018
 (
Honolulu, HI
)
February 12, 2018
 (
San Antonio, TX
)
February 26, 2018
 (
Colorado Springs, CO
)
May 21, 2018
 (
Colorado Springs, CO
)
June 25, 2018
 (
Annapolis Junction, MD
)
July 9, 2018
 (
Augusta, GA
)
July 9, 2018
 (
Honolulu, HI
)
October 1, 2018
 (
San Antonio, TX
)
November 5, 2018
 (
Annapolis Junction, MD
)
November 26, 2018
 (
Columbia, MD
)
November 26, 2018
 (
Honolulu, HI
)
December 17, 2018
 (
Colorado Springs, CO
)

This five (5)-day Instructor-Led Training (ILT) course teaches network defenders to collect, analyze and apply targeted cyber intelligence to defensive operations in order to proactively act on and adapt to sophisticated and dedicated attacks by cyber adversaries. As malicious software incorporates more advanced counter-detection techniques, the limited signature and heuristic analysis capabilities of anti-virus software and Intrusion Detection and Prevention Systems (IDS/IPS) become less and less effective. White-listing and sandboxing technologies have proven to mitigate many host-based attacks, but additional methodologies of analysis and attribution of known and unknown APT actors are needed to positively identify and prioritize the most formidable threats to the network. This course applies the Intelligence Cycle to the full-spectrum exercise of proactive network defense. It is intended as the core competency of Threat Intelligence operations and as the precursor to additional technical intelligence collection courses. It further serves to provide students with the all-source methodology of employing cyber collection sources and disciplines in a cumulative effort to apply to network defensive postures. When properly employed, this process fosters a cyber environment of preemptive action and provides network defenders and operators with an understanding of the tools, techniques and procedures (TTPs) needed to generate the timely and relevant intelligence that is required to preemptively apply network fortifications before compromise and to respond to cyber events in an expeditious manner.

COURSE OVERVIEW

Students will learn how to apply all-source cyber intelligence-informed operational methodologies, including proactive cyber analysis, to accurately identify risks from specific threats. This is delivered through method-driven instruction of Intelligence Analysis techniques taught by experienced Intelligence Community (IC) professionals. The instructors will teach the intelligence-driven operations cycle – data collection, exploitation, analysis, reporting and dissemination – to develop the student’s methods of identifying threats and assessing and prioritizing risk. Students will be introduced to cyber intelligence sourcing, risk management and assessment, indicators of compromise, application and assessment of adversarial profiles and TTPs to proactively defend networks.

The principle objective of this course is to equip network defenders, intelligence analysts, and other security operations personnel with a modern methodology to characterizing, investigating, attributing, and responding to advanced cyber threats in a collaborative, real-time environment. Students should expect to leave this course with proficiency in intelligence-driven network defense operations.

root9B reserves the right to cancel or change a class at any time, including but not limited to, lack of participation, classroom, equipment or trainer availability. All courses require a minimum of 6 attendees. Notification will be provided within 14 days of the class, whenever possible. Registrants will be issued a course voucher for the next available course in the event of a course cancellation. root9B is not liable for any direct, or indirect, consequential or special damages that may be incurred due to a cancellation of a scheduled class, including, but not limited to, cancellation penalties for transportation or accommodations. The customer or student's sole remedy shall be a voucher for future training.

September 25, 2017
 (
San Antonio, TX
)
October 23, 2017
 (
Columbia, MD
)
November 27, 2017
 (
San Antonio, TX
)
November 27, 2017
 (
New York City, NY
)
January 8, 2018
 (
Columbia, MD
)
February 5, 2018
 (
Annapolis Junction, MD
)
March 12, 2018
 (
San Antonio, TX
)
May 7, 2018
 (
Annapolis Junction, MD
)
July 9, 2018
 (
Colorado Springs, CO
)
July 16, 2018
 (
Augusta, GA
)
July 16, 2018
 (
Honolulu, HI
)
September 10, 2018
 (
San Antonio, TX
)
September 24, 2018
 (
Columbia, MD
)
November 26, 2018
 (
Colorado Springs, CO
)
December 3, 2018
 (
Honolulu, HI
)

HUNT OPERATIONS AND WINDOWS END-POINT DATA COLLECTION & ANALYSIS

The first of three courses in root9B’s HUNT Certification program is designed to train cybersecurity professionals to actively defend critical Windows systems. The course exposes students to a “Think like the Adversary” mindset in order to actively detect sophisticated and tailored adversary attacks. This course establishes the foundation upon which the root9B HUNT Certification is based; preparing cybersecurity professionals to HUNT for evidence of adversary presence within their network that was previously not detected by automated enterprise security devices and software.

Rather than just reacting to network attacks, students will learn methods to remotely interrogate systems and analyze data to proactively identify systems targeted by an adversary. Students will exercise the identification of malicious code, evidence of adversary presence, and lateral movement within a network. Throughout the program, instructors will share their experience in cybersecurity, operations, and tool development. This will provide students an appreciation of the challenges they face in countering the cyber adversary.

The HUNT[WINDOWS] course starts with a discussion on the concepts of real-time detection and identification of adversary attacks. Students will be exposed to advanced Windows operating system concepts, with an emphasis on adversary file manipulation and persistence techniques used to bypass cybersecurity systems and infrastructure. Follow-on training courses in root9B’s HUNT (Active Adversary Pursuit) series will focus on Linux- and Network- based methodologies and operations.

root9B reserves the right to cancel or change a class at any time, including but not limited to, lack of participation, classroom, equipment or trainer availability. All courses require a minimum of 6 attendees. Notification will be provided within 14 days of the class, whenever possible. Registrants will be issued a course voucher for the next available course in the event of a course cancellation. root9B is not liable for any direct, or indirect, consequential or special damages that may be incurred due to a cancellation of a scheduled class, including, but not limited to, cancellation penalties for transportation or accommodations. The customer or student's sole remedy shall be a voucher for future training.

October 2, 2017
 (
San Antonio, TX
)
October 30, 2017
 (
Columbia, MD
)
December 4, 2017
 (
San Antonio, TX
)
December 4, 2017
 (
New York CIty, NY
)
January 15, 2018
 (
Columbia, MD
)
February 12, 2018
 (
Annapolis Junction, MD
)
March 19, 2018
 (
San Antonio, TX
)
May 14, 2018
 (
Annapolis Junction, MD
)
July 16, 2018
 (
Colorado Springs, CO
)
July 23, 2018
 (
Augusta, GA
)
July 23, 2018
 (
Honolulu, HI
)
September 17, 2018
 (
San Antonio, TX
)
October 1, 2018
 (
Columbia, MD
)
December 3, 2018
 (
Colorado Springs, CO
)
December 10, 2018
 (
Honolulu, HI
)

HUNT OPERATIONS AND LINUX END-POINT DATA COLLECTION AND ANALYSIS

The second course in the HUNT Certification program is designed to train cybersecurity professionals to actively defend critical Linux systems and infrastructure. This 5-day advanced course exposes students to a “Think like the Adversary” mindset in order to actively pursue and detect adversary activity targeting Linux based systems. This course, when combined with the other two levels, will prepare cybersecurity professionals for the root9B HUNT Certification; preparing cybersecurity professionals to HUNT for evidence of adversary presence within their Linux systems that is not detected by automated enterprise security devices and software.

This level of the HUNT training program starts with discussions on the concepts of real-time detection and identification of adversary attacks. The goal of the course is to teach the required skills, knowledge, and methodologies for the student to determine if an adversary is successfully avoiding detection from automated security products and maintaining persistence in a Linux network environment. Other topics include remote host-based forensics, malware analysis, adversary deterrence, and system protection.

Students will learn to detect and identify attacks, create mitigation techniques, and develop effective time-sensitive response plans. Students will be presented with real-world situations and leave with the ability to perform HUNT (Active Adversary Pursuit) operations on Linux machines in a corporate network.


root9B reserves the right to cancel or change a class at any time, including but not limited to, lack of participation, classroom, equipment or trainer availability. All courses require a minimum of 6 attendees. Notification will be provided within 14 days of the class, whenever possible. Registrants will be issued a course voucher for the next available course in the event of a course cancellation. root9B is not liable for any direct, or indirect, consequential or special damages that may be incurred due to a cancellation of a scheduled class, including, but not limited to, cancellation penalties for transportation or accommodations. The customer or student's sole remedy shall be a voucher for future training.

September 25, 2017
 (
Honolulu, HI
)
October 9, 2017
 (
San Antonio, TX
)
November 6, 2017
 (
Columbia, MD
)
December 11, 2017
 (
San Antonio, TX
)
December 11, 2017
 (
New York City, NY
)
January 15, 2018
 (
Columbia, MD
)
February 20, 2018
 (
Annapolis Junction, MD
)
March 26, 2018
 (
San Antonio, TX
)
May 21, 2018
 (
Annapolis Junction, MD
)
July 23, 2018
 (
Colorado Springs, CO
)
July 30, 2018
 (
Augusta, GA
)
July 30, 2018
 (
Honolulu, HI
)
September 24, 2018
 (
San Antonio, TX
)
October 8, 2018
 (
Columbia, MD
)
December 10, 2018
 (
Colorado Springs, CO
)
December 17, 2018
 (
Honolulu, HI
)

HUNT OPERATIONS AND NETWORK DATA COLLECTION & ANALYSIS

The third course in the HUNT Certification program is designed to train cybersecurity professionals to collect and analyze data from a network using a holistic approach beyond single node analysis. This 5-Day advanced course exposes students to a “Think Like the Adversary” mindset in order to actively pursue and detect adversary activity targeting network-based systems and infrastructure. When combined with the other two levels, this course will prepare cybersecurity professionals for the root9B HUNT Certification; enabling cybersecurity professionals to HUNT for evidence of adversary presence within their network systems and infrastructure that goes undetected by automated security devices and software.

This level of the HUNT training program starts with discussion on remote identification of infrastructure devices and supporting systems in the network and develops a plan to perform systematic remote interrogation, analytics, and adversary pursuit. The goal of the course is to teach the methodologies to conduct remote interactive HUNT operations to determine if a breach has occurred and define appropriate mechanisms for analysis and mitigation.

Students will learn to collect, normalize, visualize and analyze data across a network from various sources. This course focuses on capturing the adversary’s ability to compromise a network, conduct lateral movement, establish C2, tunnel, and exfiltrate data. Students will be trained to identify covert communications, malicious activity, and other network data anomalies. Various open source and custom developed remote interrogation techniques will be used to analyze different networking devices and supporting systems to include logging and alerts. Students will be presented with real-world situations and leave with the ability to perform HUNT (Active Adversary Pursuit) operations across a corporate network.

root9B reserves the right to cancel or change a class at any time, including but not limited to, lack of participation, classroom, equipment or trainer availability. All courses require a minimum of 6 attendees. Notification will be provided within 14 days of the class, whenever possible. Registrants will be issued a course voucher for the next available course in the event of a course cancellation. root9B is not liable for any direct, or indirect, consequential or special damages that may be incurred due to a cancellation of a scheduled class, including, but not limited to, cancellation penalties for transportation or accommodations. The customer or student's sole remedy shall be a voucher for future training.

November 7, 2017
 (
Honolulu, HI
)
January 3, 2018
 (
San Antonio, TX
)
January 3, 2018
 (
Colorado Springs, CO
)
February 21, 2018
 (
Colorado Springs, CO
)
March 5, 2018
 (
Columbia, MD
)
August 20, 2018
 (
Annapolis Junction, MD
)
September 5, 2018
 (
Colorado Springs, CO
)
November 14, 2018
 (
San Antonio, TX
)

Threat Intelligence (TI) provides crucial defense posturing for proactive defense against malicious actors. Alternatively, the application of the intelligence processes to reactive incident response protocols offers valuable insight and context into the likely threat vector, the stage of the attack plan and the motive of a cyber adversary. This threat insight and attack context greatly reduces the time it takes to respond to an event.

COURSE OVERVIEW

This course will present through scenario based instruction, utilization of the intelligence cycle (Planning, Collection, Analysis, and Dissemination) to guide students through the process of discovering an event as well as the consequent investigation of an incident. Students will use intelligence to reorient their strategic response plan to leverage the power of tailored response and recovery to greatly reduce reaction times. Students will learn to apply intelligence collection and analytic methodologies to both internal forensic investigation and external threat intelligence by coupling the hands on application of threat intelligence collection and analysis to digital forensic doctrines and techniques.

root9B reserves the right to cancel or change a class at any time, including but not limited to, lack of participation, classroom, equipment or trainer availability. All courses require a minimum of 6 attendees. Notification will be provided within 14 days of the class, whenever possible. Registrants will be issued a course voucher for the next available course in the event of a course cancellation. root9B is not liable for any direct, or indirect, consequential or special damages that may be incurred due to a cancellation of a scheduled class, including, but not limited to, cancellation penalties for transportation or accommodations. The customer or student's sole remedy shall be a voucher for future training.

Advanced Cybersecurity Training

root9B employs Top Secret (TS) cleared instructors and subject matter experts in the field of advanced computer network operations.

Our training areas include:

  • Advanced Cyber Operations
  • HUNT Methodologies
  • Computer Network Exploitation for Defenders
  • Advanced Computer Network Exploitation for Defenders
  • Windows Fundamentals
  • Firewall Exploitation and Administration for Defenders
  • Linux Fundamentals
  • Computer Forensics In-depth
  • Malware Analysis
  • Network Defense Administration
  • Wireless Exploitation and Attack for Defenders
  • Mobile Device Exploitation and Forensics
  • Windows Network Administration
  • Industrial Control System Protection