The Intermediate Cyber Operations course develops an understanding of adversary techniques by examining how offensive actions manifest across network traffic, host artifacts, and defensive telemetry. Students execute scanning, exploitation, persistence, and lateral movement techniques while simultaneously analyzing packet captures, memory artifacts, logs, and intrusion detection alerts generated by those actions. The course emphasizes detection-aware tradecraft, enabling both defenders and attackers to understand how common tools and techniques appear on the wire and on the host. Students conclude with a Culmination Exercise (CULEX) that requires executing and analyzing offensive operations from a defensive and hunt-focused perspective.
Intended Audience: Cyber defenders, threat hunters, penetration testers, and security practitioners who possess foundational networking and operating system knowledge and want to understand how offensive techniques generate observable network and host-based artifacts.