The Chiron Experience
Chiron's Cybersecurity Training methodology facilitates critical thinking by immersing students in live adversarial emulation scenarios which forces a student to perform, practice and develop skills for a specific job role. Chiron's team of subject matter experts have years of experience performing in the Domain Roles within Information Operations Teams. This allows Chiron's training to focus on the known skills needed by individuals or teams operating and defending key assets of an organization. Chiron's training portfolio is not centered on knowledge based multiple choice exams. We value and pride our success by developing students who can perform with skill on the job, not by measuring a student by how well they can define a term or recite a theory.
MODES OF DELIVERY
- Instructor Led Live Training (ILT)
- Asynchronous Training (ASYNC)
- Virtual Instructor Live Training (VILT)
Cyber Core Operations™(CCO)™
While Cyber Core Operations is not a "domain", it is a critical component of the learning and development process of IO Professionals. Cyber Core Operations is a base requirement needed to successfully operate within the specific domain areas of Cyber Protection, Threat Emulation, Discovery and Counter-Infiltration, or Developer. Core skills are being recognized as a major learning gap in the development of IO professionals when transitioning from other IT Functions or having knowledge competency without time on the keyboard. The core provides the critical technical skills foundation for any IO professional or aspiring technical administration professional since it focuses on "how things work" and starts the process of critical thinking from a technical point of view opposed to knowledge, policy and definition memorization.Course Descriptions
CoursesView all COP™ courses
CYBER OPERATIONS PREP (COP)
This is an intense, hands-on course designed to take students through a wide variety of topics relevant to operationally-focused cyber missions within the offensive and defensive arenas. Students will receive highly technical and mission relevant training needed to significantly minimize the burden of on-the-job training required to immediately impact operations. This 4-week course focuses heavily on the TCP/IP stack, deep-packet analysis, network forensics, Windows and *NIX system operator fundamentals, malware triage and the post-compromise forensics of remote targets.
Cyber Protection Professional™ (CPP)™
The mission of the Cyber Protection Professional (CPP) is to use the methodologies and processes of "Blue Teams" to proactively secure and defend information assets. CPP members are highly skilled and versed in the tools, techniques and procedures to identify, protect and evaluate information systems and supporting technologies. CPP teams perform various tasks related to protecting information and information systems such as verifying network base-lines and systems configurations, performance evaluations of anti-virus and intrusion detection systems and architectures, performing host-based assessments identifying vulnerabilities and anomalies that are outside of established base-line configurations and provide recommendations for and in some cases persistent monitoring of network performance. CPP team members develop and implement incident response plans and develop and apply risk mitigation strategies that enhance the overall security, defense and recovery posture of the network.Course Descriptions
CoursesView all CPP™ courses
This two-week course is focused on the methodologies and processes used by professional "Blue" teams in corporate and government spaces. Instructors use open-source tools to teach students methodologies of securing a network and its hosts. Students will learn the necessary skills to successfully identify: the customer's network, tools required and allowed, mission scope & key terrain, then map the network, and its hosts.
Cyber Threat Emulation Professional (CTEP)™
The mission of the Cyber Threat Emulation Professional (CTEP) is to emulate the adversary. The CTEP performs its mission by coupling an in-depth understanding of the behaviors and techniques utilized by the threat in concert with advanced exploitation techniques to perform penetration tests. CTEPs utilize the methodologies of the adversary to conduct Open Source Information Gathering (OSINT), scanning and enumeration, network mapping, exploitation to gain access to and remain persistent within networks. The goal of the CTEP is to identify those areas of weakness within a network and provide those findings to the CPP for mitigation.Course Descriptions
CoursesView all CTEP™ courses
ADVERSARIAL THREAT MODELING AND EMULATION
The Adversarial Threat Modeling and Emulation course is an intense, hands-on course that takes students through each stage of offensive operations methodologies using tradecraft, stealth and detection avoidance as the key principals. Students will gain proficiency with open-source penetration tools and learn techniques in vulnerability scanning, remote and client-side exploitation, and advanced post-exploitation techniques targeting both Windows and UNIX based operating systems.
WIRELESS EXPLOITATION AND ATTACK
Wireless Exploitation and Attack is an intense, hands-on course that takes students through the most common and current techniques for gaining access to a wireless network. Students will gain proficiency with open-source wireless attack tools and methodology.
POWERSHELL FOR RED TEAMING
The PowerShell for Red Teaming Course (PoRT) is based on the methodologies and processes used by professional government and corporate penetration testers, but with a strong emphasis on utilizing Windows PowerShell to leverage the .NET framework and Windows Management Instrumentation. PoRT focuses on scanning, host enumeration, remote and local exploitation, as well as tool building and scripting, with an emphasis on avoiding detection by users or security products.
Discovery and Counter-Infiltration Professional (DCIP)™
The mission of the Discovery and Counter-Infiltration Professional (DCIP) is to seek out and hunt for the adversary within a network. DCIP members couple experience with an in-depth understanding of the methodologies, tools, techniques and tradecraft of the adversary to identify the behaviors not detected by tradition monitoring or detection methods. DCIP teams identify anomalous behavior through the use of both commercially and organically developed assets that develop signatures and heuristics that can be deployed to protect follow-on incidents from happening again. DCIPs perform in-depth timeline, log and traffic analysis to map out the incident and collect the data needed to implement real-time solutions to the customer.Course Descriptions
CoursesView all DCIP™ courses
Reverse Engineering Malware
Students will be taught the fundamentals of malicious code analysis beginning with the configuration of a malware analysis lab in order to gain an understanding of the components of a malware analysis toolbox and to discover each component that contributes to either behavioral or code analysis techniques. In most instances, one is unlikely to have the source code to a piece of malware.
Malware Analysis and Threat Assessment
This 5-day course will cover the basic of malware analysis from both static and behavioral perspectives. Students will learn to identify, hash, retrieve, and determine what threats and capabilities the malware presents on target hosts.
CNO ATTACK AND DEFEND
This rigorous, hands-on course is designed to take students through a wide variety of topics relevant to operationally-focused cyber missions within the offensive and defensive arena. This
course focuses heavily on deep packet inspection, statistical flow record analysis, post-exploitation forensics, intrusion detection, network tunneling, and malware network behavior. Extensive network analysis is conducted throughout each stage of the hacker methodology to include packet capturing of scanning, service enumeration, exploitation, man-in-the-middle techniques, and
Cyber Development Professional™ (CDP)™
The mission of the CNO Development Professional (CDP) is to enable other IO Domain teams. CDPs combine their understanding of platforms, protocols, and APIs to produce solutions that verify the integrity of existing systems, facilitate configuration and administration and enable situational awareness on hosts and in networks. CDPs use a secure Software Development Lifecycle to create robust products that improve security by making opaque systems transparent.Course Descriptions
CoursesView all CDP™ courses
PYTHON FOR EXPLOITERS
The Python for Exploiters Course challenges students to implement their own custom attack frameworks for use during penetration testing and other activities. Students will no longer need to rely on a framework written and designed by someone else during assignments, they will use a tool that they created, free of known and compromising signatures. By leveraging what they have learned in the past with Python and new concepts introduced in the course, students will design and develop a framework that is both extensible and easy to use.
The Python Programming Course is a concentrated, hands-on course that arms students with the skills and knowledge to leverage the Python programming language in everyday computer network operations. Students will start at the beginning with Python, no assumptions are made on prior skill level, and work towards becoming proficient in the language both in reading source code and designing and developing their own applications.
CNO DEVELOPERS CAPABILITIES
This is an intense, hands-on course designed to take students through the steps needed to develop their own exploits on both Windows and Unix-based operating systems. The course begins with an overview of Python, which is used to develop and deliver most of the exploits. After, students create custom shellcode in Assembly Language, learning how to properly groom the registers and stack for execution.