Courses
Cyber Core (CYB)
Network Fundamentals (NETFUND)
The Networking Fundamentals course introduces core networking concepts, protocols, and analysis techniques required to understand how data moves across modern networks. Students develop foundational knowledge of network architectures, addressing, routing, and common protocols while gaining hands-on experience analyzing packet-level traffic. Emphasis is placed on practical interpretation of network behavior using packet analyzers, protocol inspection, and passive observation. By the end of the course, students will be able to explain how networks function at multiple layers, interpret packet captures, identify common protocols and services, and analyze network traffic to support troubleshooting, security analysis, and further cyber training. The course concludes with a Culmination Exercise (CULEX) that reinforces foundational networking concepts through applied packet analysis and network interpretation.
Intended Audience: Individuals new to networking or cybersecurity, including entry-level IT personnel, junior cyber practitioners, and students seeking foundational network knowledge required for further training in cyber defense, threat hunting, or cyber operations. No prior networking experience is required.
Linux Fundamentals (LINFUND)
The Linux Fundamentals course provides a structured introduction to the Linux operating system with emphasis on command-line interaction, process management, filesystem structure, networking, logging, and security fundamentals. Students develop practical familiarity with Linux systems through hands-on labs that reinforce navigation, file management, process inspection, account and permission management, and basic scripting. The course establishes a foundational operational understanding of Linux required for further training in cyber defense, incident response, threat hunting, and cyber operations. The course concludes with a Culmination Exercise (CULEX) that validates foundational Linux proficiency through scenario-driven host analysis.
Intended Audience: Individuals new to Linux or cybersecurity, including entry-level IT personnel, junior cyber practitioners, and students preparing for further training in cyber defense, incident response, threat hunting, or cyber operations. No prior Linux or scripting experience is required.
Windows Fundamentals (WINFUND)
The Windows Fundamentals course provides a structured introduction to the Windows operating system with emphasis on core components, filesystem architecture, networking, and security mechanisms. Students develop practical familiarity with Windows internals through hands-on labs that reinforce command-line navigation, registry interaction, process inspection, and basic security analysis. The course is designed to establish a strong operational foundation for further training in cyber defense, incident response, threat hunting, and cyber operations. The course concludes with a Culmination Exercise (CULEX) that validates foundational Windows proficiency through scenario-driven host analysis.
Intended Audience: Individuals new to Windows internals or cybersecurity, including entry-level IT personnel, junior cyber practitioners, and students preparing for further training in cyber defense, incident response, or cyber operations. No prior Windows internals or scripting experience is required.
iOS Fundamentals (IOSF)
The iOS Fundamentals course provides a structured introduction to the iOS operating system with emphasis on system architecture, data storage, security mechanisms, and artifact analysis. Students develop foundational understanding of how iOS devices store, protect, and expose data through backups, application containers, keychain services, and system databases. The course emphasizes practical analysis of iOS data structures such as plists, SQLite databases, and backups, including controlled examination of system behavior under standard and modified trust conditions. This course establishes baseline mobile operating system knowledge required for further training in mobile forensics, incident response, intelligence analysis, and cyber operations.
Intended Audience: Individuals new to mobile operating systems or cybersecurity, including entry-level IT personnel, junior cyber practitioners, and students preparing for further training in mobile forensics, incident response, threat hunting, or cyber operations. No prior iOS internals, mobile analysis, or development experience is required.
Android Fundamentals (ANDF)
Android Fundamentals introduces students to the Android operating system from a security and analysis perspective. The course provides foundational knowledge of Android architecture, application structure, authentication mechanisms, data storage, and filesystem artifacts. Students learn how Android applications are packaged, permissioned, executed, and how security-relevant artifacts are created and stored on the device. The course emphasizes platform familiarity, artifact awareness, and basic security analysis rather than exploit development or reverse engineering. Hands-on labs reinforce emulator usage, SQLite analysis, APK inspection, permission assessment, and examination of malicious application behavior.
Intended Audience: This course is intended for students new to Android and mobile security concepts, including junior cyber operators, analysts, mobile examiners, and security practitioners who require foundational familiarity with Android systems. No prior mobile security experience is required.
Defensive Operations (CND)
Basic Secure Configuration of Operating Systems (BSCOS)
The Basic Secure Configuration of Operating Systems course is a two-day, entry-level course focused on multi-platform secure system configuration. Students learn the tools, techniques, and procedures necessary to reduce attack surface, mitigate vulnerabilities, and apply organizational security policies across Windows and Linux systems. The course emphasizes procedural execution using provided guidance, including STIGs and IAVAs, rather than independent analysis or system design. Students conclude with a comprehensive capstone exercise in which they harden systems within a small network environment using Active Directory and host-based configuration controls.
Intended Audience: Individuals new to cybersecurity or system administration, including entry-level IT personnel, junior defenders, and students seeking foundational experience with secure system configuration. No prior security experience is required.
Basic Security Fundamentals (BSF)
The Basic Security Fundamentals course introduces core concepts, terminology, and technologies that underpin modern cybersecurity operations. Students gain foundational understanding of information assurance principles, security policies, cryptography, access control, operating system hardening, and common security technologies. The course emphasizes practical exposure to Windows and Linux environments, administrative tooling, and defensive mechanisms to build a strong baseline for advanced security, cyber operations, and incident response training. The course concludes with a Culmination Exercise (CULEX) that reinforces foundational security concepts across multiple domains.
Intended Audience: Individuals new to cybersecurity, IT professionals transitioning into security roles, and students seeking foundational knowledge required for further training in cyber defense, penetration testing, or cyber operations. No prior security experience is required.
Linux Hardening (LINHARD)
The Linux Hardening course provides hands-on instruction in securing Linux systems through policy enforcement, access control, service hardening, auditing, and system monitoring. Students learn to configure authentication mechanisms, enforce least privilege, harden boot and runtime environments, secure network services, and establish logging and auditing pipelines to support defensive operations. Emphasis is placed on practical configuration, validation, and operational sustainment rather than theoretical security concepts. By the end of the course, students will be able to implement layered hardening controls and evaluate system security posture in alignment with defined operational requirements. The course concludes with a Culmination Exercise (CULEX) that requires students to harden and assess a Linux system using structured defensive methodologies.
Intended Audience: Cyber defenders, system administrators, and security practitioners with foundational Linux knowledge who are responsible for securing, maintaining, or assessing Linux systems. This course is intended for students who have completed Linux Fundamentals or possess equivalent experience and are transitioning from basic system administration to defensive hardening and security enforcement roles.
Windows Enterprise Hardening (WEH)
Windows Enterprise Hardening develops practical skills for securing Windows systems and supporting network infrastructure in enterprise environments. Students learn to apply layered defensive controls across network devices, Windows hosts, and Active Directory to reduce attack surface, enforce policy, and improve auditability. The course emphasizes configuration, validation, and policy enforcement rather than theory, with extended hands-on labs focused on access control, authentication, auditing, baseline enforcement, and security standards implementation. Students conclude with a challenging Culmination Exercise (CULEX) requiring them to harden and validate a Windows enterprise environment against defined security objectives.
Intended Audience: Intermediate-level cyber defense practitioners, system administrators, and network defenders responsible for securing Windows enterprise environments. This course is intended for students possessing foundational knowledge of TCP/IP networking, Windows operating system administration, and basic Active Directory concepts. Prior completion of foundational Windows administration training, or equivalent experience, is strongly recommended.
Offensive Operations (CNE)
Basic Computer Network Exploitation (BCNE)
The Basic Computer Network Exploitation course introduces foundational offensive security concepts and techniques through hands-on exploitation of Windows and Linux systems in controlled environments. Students learn how attackers perform reconnaissance, gain initial access, escalate privileges, maintain persistence, and move within a network. The course emphasizes command-line proficiency, structured tradecraft, and repeatable workflows rather than advanced exploitation or custom tooling. Students conclude with a Culmination Exercise (CULEX) that requires executing a basic end-to-end exploitation workflow across multiple hosts.
Intended Audience: Individuals new to offensive security, junior cyber operators, and security practitioners seeking foundational hands-on experience with exploitation techniques. Students should have basic familiarity with computer systems but do not need prior penetration testing or red team experience.
CNE Fundamentals and Offensive OSINT (CFOO)
CNE Fundamentals and Offensive OSINT introduces students to foundational computer network exploitation concepts with a strong emphasis on offensive open-source intelligence (OSINT) and target development. The course teaches students how attackers collect, analyze, and operationalize publicly available information to support reconnaissance, targeting, and exploitation activities. Students progress from OSINT tradecraft and intelligence development to basic scanning, payload generation, and exploitation frameworks, emphasizing how intelligence-driven targeting informs early-stage access and client-side attack techniques. The course emphasizes structured workflows, ethical constraints, and repeatable methodologies rather than advanced exploitation or custom tooling. Students conclude with a Culmination Exercise (CULEX) integrating OSINT-driven targeting and basic exploitation techniques.
Intended Audience: Individuals new to offensive security and cyber operations, including junior cyber operators, analysts, and security practitioners seeking foundational experience in OSINT, reconnaissance, and early-stage exploitation workflows. No prior exploitation experience is required, but basic familiarity with networking and operating systems is beneficial.
Basic Cyber Exploitation Analysis (BCEA)
The Basic Cyber Exploitation Analysis course provides foundational pipeline training for personnel entering an exploitation analyst work role. The course emphasizes structured operational processes, mission analysis, information gathering, target profiling, and exploitation support activities. Students learn how exploitation operations are planned, supported, executed, and documented within a governed cyber operations environment. Instruction blends conceptual understanding with hands-on application through checks on learning (COLAs), labs, and a midterm knowledge assessment. Students progress from understanding the exploitation analyst role and operational environment to supporting mission planning, executing guided exploitation workflows, and producing mission artifacts. The course culminates in a Culmination Exercise (CULEX) requiring students to support and execute a basic exploitation operation in accordance with defined processes and constraints.
Intended Audience: Entry-level cyber personnel, junior analysts, and pipeline students preparing to support or perform duties within an exploitation analyst work role. This course is designed for individuals new to cyber operations who require structured, role-specific training rather than broad multi-role exposure.
Intermediate Pen Testing (IPT)
The Intermediate Penetration Testing course focuses on the methodologies and tradecraft used by professional penetration testers operating within legal and ethical boundaries. The course is built around attacker behaviors and techniques while maintaining a strong emphasis on professional testing standards, rules of engagement, and reporting. Students progress through the penetration testing lifecycle, including information gathering, scanning and service enumeration, vulnerability mapping, exploitation of perimeter and internal systems, post-exploitation, and reporting. The course culminates in a six-hour Culmination Exercise (CULEX) requiring students to gain initial access to a target network and maneuver through multiple systems to achieve defined objectives.
Intended Audience: Cyber operators, penetration testers, and security practitioners who possess foundational networking and security knowledge and are ready to develop structured penetration testing skills. This course is intended for students seeking hands-on experience with common tools, methodologies, and workflows used during real-world penetration testing engagements.
Powershell for Red Teaming (PORT)
PowerShell for Red Teaming teaches practical PowerShell skills tailored to offensive operations and operational tradecraft, with strong emphasis on detection awareness. Students move from core PowerShell constructs to intermediate scripting, remote execution, persistence patterns, and tooling used in modern engagements. The course balances technique with detection/defense considerations so learners understand both execution and observability. The week culminates with a PowerShell-only Capture-the-Flag (CTF) style Culmination Exercise (CULEX) that validates scripting, automation, remote execution, and reporting skills in a controlled environment.
Intended Audience: Cyber operators, red team personnel, and penetration testers who require practical PowerShell proficiency for offensive operations in Windows environments. Students should already be comfortable with basic PowerShell usage and Windows internals and be prepared to apply scripting techniques in detection-aware, operational scenarios.
Wireless Computer Network Exploitation (WCNE)
Wireless Computer Network Exploitation provides a structured exploration of modern wireless technologies and their security implications. This course equips students with the knowledge and skills needed to evaluate, test, and exploit wireless technologies in support of cyber operations. Over five days, students examine the foundations of RF communication, dissect 802.11 protocols, and assess weaknesses in Wi-Fi security standards. The course emphasizes applied analysis and exploitation of wireless devices and access points, including IoT systems. Students finish with a comprehensive Culmination Exercise that validates their ability to conduct reconnaissance, execute attacks, and assess risk in wireless environments.
Intended Audience: Cyber operators, penetration testers, and red team personnel who require foundational-to-intermediate proficiency in wireless reconnaissance, exploitation, and credential capture. Participants should have a basic understanding of networking concepts and offensive security fundamentals and be prepared to apply wireless attack techniques in controlled lab environments.
Penetration Testing with Active Directory (PTAD)
Penetration Testing Active Directory prepares students to enumerate, analyze, exploit, and dominate Windows enterprise domains using modern red-team and penetration testing techniques throughout an Active Directory forest containing seven domains. Students progress through the full Active Directory attack lifecycle: directory structure analysis, LDAP-based queries and enumeration, credential extraction, Kerberos manipulation, lateral movement across domain trusts, privilege escalation, and domain compromise. The course emphasizes operational tradecraft using tools such as PowerShell, Impacket, Mimikatz, BloodHound, Rubeus, and advanced Windows exploitation frameworks. Students conclude with a Culmination Exercise (CULEX) requiring real-time offensive operations and documentation in a multi-domain enterprise scenario.
Intended Audience: Cyber operators, penetration testers, red team members, and enterprise security professionals who require structured tradecraft for enumerating and exploiting Windows Active Directory environments.
Penetration Testing with Enterprise Tools (PTET)
The Penetration Testing with Enterprise Tools course focuses on the methodologies and tradecraft used by professional penetration testers operating within legal and ethical boundaries. The course is built around attacker behaviors and techniques while maintaining a strong emphasis on professional testing standards, rules of engagement, and reporting. Students progress through the penetration testing lifecycle, including information gathering, scanning and service enumeration, vulnerability mapping, exploitation of perimeter and internal systems, post-exploitation, and reporting. The course culminates in a six-hour Culmination Exercise (CULEX) requiring students to gain initial access to a target network and maneuver through multiple systems to achieve defined objectives.
Intended Audience: Cyber operators, penetration testers, and security practitioners who possess foundational networking and security knowledge and are ready to develop structured penetration testing skills. This course is intended for students seeking hands-on experience with common tools, methodologies, and workflows used during real-world penetration testing engagements.
Linux CNE (LINCNE)
Linux CNE develops advanced operator proficiency in host-centric reconnaissance, exploitation, persistence, lateral movement, and evasion within Linux-based enterprise environments. The course emphasizes realistic, detection-aware tradecraft modeled after modern adversary workflows, requiring learners to navigate defended systems, containerized services, and web-exposed applications under operational constraints. Students progress from initial access and host-level situational awareness to advanced privilege escalation, covert tunneling, container escapes, and remote exploitation of Linux services. Instruction blends conceptual tradecraft with repeatable, operator-ready workflows. Students conclude with a mission-driven Culmination Exercise (CULEX) that integrates the week's techniques in a timed operational scenario.
Intended Audience: Advanced cyber operators, red team personnel, and CNE/CNO practitioners who require deep, hands-on capability in Linux host exploitation, persistence, privilege escalation, lateral movement, and web/container-based attack workflows. Participants should have prior experience with Linux command-line operations and offensive security fundamentals.
Windows CNE (WINCNE)
Windows CNE develops advanced operator skills for conducting targeted Windows host reconnaissance, persistence, privilege escalation, lateral movement, and remote exploitation within controlled environments. The course emphasizes detectable tradecraft, evasion techniques, and defensive considerations so participants learn both offensive techniques and how they appear from a detection standpoint. Instruction balances conceptual tradecraft with repeatable procedures and lab exercises; learners finish the week by demonstrating integrated capability in a timed Culmination Exercise (CULEX).
Intended Audience: Personnel performing Computer Network Exploitation (CNE), red team operations, or adversary emulation who require advanced host-level skills for reconnaissance, persistence, escalation, and movement within Windows environments.
Tactical Cyber Operations (TCO)
Tactical Cyber Operations develops advanced hands-on capability for designing, deploying, and operating covert, network-connected single-board computer (SBC) platforms in contested or constrained environments. Students learn to build and configure Linux-based SBCs for wireless reconnaissance, IoT protocol analysis, out-of-band communications, and persistent remote access. The course emphasizes operational tradecraft, attribution risk management, device hardening, and tamper detection while balancing functionality and stealth. Students progress from hardware build and wireless sensing to cloud-enabled command-and-control, peripheral exploitation, and OPSEC-aware deployment. The course concludes with a mission-driven Culmination Exercise (CULEX) requiring students to design, deploy, and validate a non-attributable leave-behind device that enables remote access and data collection under defined constraints.
Intended Audience: This course is intended for advanced cyber operators, red team personnel, intelligence support specialists, and technical practitioners who require hands-on experience deploying covert, network-enabled devices for sensing, access, and remote operations. Students should have prior experience with Linux systems, networking fundamentals, and basic scripting. Familiarity with wireless technologies or IoT concepts is beneficial but not required.
ICS/Network Exploitation (ICSEC)
Industrial Control System Exploitation develops advanced operator capability to analyze, enumerate, and exploit live industrial control system (ICS) environments using real hardware platforms. The course focuses on programmable logic controllers (PLCs), human–machine interfaces (HMIs), industrial communication protocols, and sector-specific control technologies, including maritime and vehicle systems. Students progress from foundational OT architecture and device programming to live protocol analysis, system enumeration, and controlled exploitation of industrial processes. Instruction emphasizes protocol fluency, safety-aware exploitation, and realistic attacker workflows rather than indiscriminate disruption. Hands-on labs are delivered using custom-built live training kits, requiring students to adapt techniques to physical constraints, timing dependencies, and operational risk.
Intended Audience: Advanced cyber operators, red team personnel, and ICS/OT security practitioners who require hands-on experience assessing and exploiting live industrial control systems. Students should have prior experience with networking, Linux systems, and basic exploitation concepts. Familiarity with industrial or embedded systems is beneficial but not required.
Detection & Threat Hunting (DET)
Basic Computer Forensics (BCF)
Basic Computer Forensics introduces foundational concepts and practical skills for collecting, preserving, and analyzing digital evidence from computer systems. Students learn how forensic investigations are conducted, how common attack vectors leave artifacts, and how data is acquired and examined in a forensically sound manner. The course emphasizes disk structure, file systems, deleted data, and core forensic artifacts across Windows and Linux systems. Hands-on labs focus on evidence acquisition, file system analysis, artifact interpretation, and introductory use of forensic tools. Students finish the course with the ability to perform basic forensic analysis and explain findings in a structured manner.
Intended Audience: This course is intended for junior cyber defenders, incident responders, analysts, and technical personnel who require foundational knowledge of computer forensics. No prior forensic experience is required. Familiarity with basic operating system concepts is helpful but not mandatory.
Intermediate Computer Forensics (ICF)
Intermediate Computer Forensics builds upon foundational forensic skills to develop deeper investigative capability across storage media, memory, file systems, and user activity artifacts. Students learn to conduct structured forensic investigations involving disk imaging, memory acquisition and analysis, file and partition recovery, artifact correlation, and evidence reporting. The course emphasizes analytical decision-making, evidence correlation across sources, and investigative workflow rather than tool-centric operation alone. Hands-on labs focus heavily on memory forensics using Volatility, advanced file system analysis, and integrated host investigations. Students conclude with a Culmination Exercise (CULEX) requiring full-scope forensic analysis and professional reporting.
Intended Audience: This course is intended for cyber defenders, incident responders, forensic analysts, and investigators who have completed introductory forensic training or possess equivalent experience. Students should already understand basic forensic principles, disk imaging concepts, and file systems.
Intermediate Incident Response (IIR)
The Intermediate Incident Response course develops hands-on skills for identifying, investigating, and responding to security incidents in enterprise environments. Students learn to apply structured incident response methodology to real-world intrusions affecting Windows and Linux systems, including unauthorized access, malware execution, persistence, and lateral movement. The course emphasizes evidence handling, live response, artifact analysis, timeline reconstruction, and scoping impact while maintaining forensic integrity. Students conclude with a Culmination Exercise (CULEX) requiring them to investigate an active intrusion and produce structured investigative findings.
Intended Audience: Cyber defenders, incident responders, threat hunters, and security practitioners who possess foundational networking and operating system knowledge and are ready to develop practical, hands-on incident response skills.
Intermediate Cyber Operations (ICO)
The Intermediate Cyber Operations course develops an understanding of adversary techniques by examining how offensive actions manifest across network traffic, host artifacts, and defensive telemetry. Students execute scanning, exploitation, persistence, and lateral movement techniques while simultaneously analyzing packet captures, memory artifacts, logs, and intrusion detection alerts generated by those actions. The course emphasizes detection-aware tradecraft, enabling both defenders and attackers to understand how common tools and techniques appear on the wire and on the host. Students conclude with a Culmination Exercise (CULEX) that requires executing and analyzing offensive operations from a defensive and hunt-focused perspective.
Intended Audience: Cyber defenders, threat hunters, penetration testers, and security practitioners who possess foundational networking and operating system knowledge and want to understand how offensive techniques generate observable network and host-based artifacts.
Threat Hunt (THUNT)
Threat Hunting develops advanced, hypothesis-driven capability for proactively identifying adversary activity across host and network environments. Students learn to translate threat intelligence into structured hunting hypotheses aligned to adversary tradecraft and the MITRE ATT&CK framework. Through hands-on investigation, students hunt for persistence mechanisms, obfuscated malware, lateral movement, and command-and-control activity using host telemetry, network data, and federated hunting platforms. The course emphasizes analytical rigor, behavioral detection, and evidence correlation over alert-driven response. Students conclude with a mission-oriented Culmination Exercise (CULEX) requiring execution of the full hunting lifecycle, reconstruction of an intrusion timeline, and production of a structured incident report.
Intended Audience: Cyber defenders, incident responders, and threat hunters with prior experience in Windows, Linux, and network telemetry who are transitioning from reactive detection to proactive, hypothesis-driven threat hunting. This course is intended for practitioners responsible for identifying stealthy adversary behavior across enterprise host and network data sources.
Cyber Software Development (CSD)
PowerShell Bootcamp (POBO)
PowerShell Bootcamp provides foundational scripting skills for automating tasks, interacting with Windows systems, and building reusable command-line tooling using PowerShell. Students learn core scripting constructs including variables, data types, flow control, functions, error handling, and interaction with the Windows operating system. The course emphasizes hands-on scripting, structured problem-solving, and safe scripting practices rather than advanced exploitation or framework development. By the end of the course, students will be able to write, debug, and execute PowerShell scripts that interact with files, processes, the registry, WMI, and .NET objects. The course concludes with a Culmination Exercise (CULEX) requiring students to integrate scripting concepts into a functional automation solution.
Intended Audience: Individuals new to scripting or automation, including junior cyber operators, system administrators, analysts, and IT personnel who require foundational PowerShell skills. No prior scripting experience is required, though basic familiarity with Windows systems and command-line usage is beneficial.
Python Programming (PYPRO)
Python Programming develops intermediate-level scripting and software development skills using Python for automation, data handling, and system interaction. Students build upon basic programming concepts to write structured Python code using strings, collections, functions, modules, file input/output, networking, and object-oriented design. The course emphasizes readable code, modular design, error handling, and practical scripting workflows applicable to cybersecurity, automation, and systems engineering tasks. Hands-on labs reinforce each concept through progressively complex exercises, culminating in a Culmination Exercise (CULEX) requiring students to integrate Python concepts into a complete, functional solution.
Intended Audience: This course is intended for students who possess basic programming or scripting experience and want to develop practical Python skills for automation and system interaction. Typical students include cyber operators, analysts, system administrators, and technical practitioners. Prior experience with basic scripting or command-line environments is recommended.
Intermediate Computer Exploitation Development (ICED)
The Intermediate Computer Exploitation Development course introduces students to foundational exploit development concepts through hands-on construction and analysis of memory corruption–based exploits in Linux and Windows environments. The course focuses on understanding how vulnerabilities manifest at the binary and memory level, how shellcode and staged payloads are developed, and how common defensive mechanisms are bypassed. Students progress through fundamental exploit development concepts, including assembly language, shellcode creation, and binary analysis, to building functional exploits that integrate multiple defensive bypass techniques. Emphasis is placed on exploit mechanics, payload staging, and defensive mitigation awareness rather than tool-driven exploitation or operational tradecraft. The course culminates in a structured exploitation exercise requiring students to finalize, refine, and validate a working exploit.
Intended Audience: This course is intended for experienced cyber operators, vulnerability analysts, and developers who already possess strong foundational knowledge of Linux or Windows systems and are seeking an introduction to exploit development. Students should be comfortable with command-line environments, basic scripting, binary debugging, and low-level system concepts. This course is NOT intended for students new to exploitation or general computer network exploitation techniques. Familiarity with exploitation workflows, scripting, and operating system internals is strongly recommended.
Python for Red Teaming (PYRE)
Python for Red Teaming develops advanced Python scripting skills for offensive security and red team operations. Students learn to design and implement Python-based tooling to support reconnaissance, scanning, fingerprinting, exploitation, and post-exploitation workflows. The course emphasizes tradecraft-aware tool development, operational reliability, and adaptability rather than reliance on prebuilt frameworks. Students build threaded scanners, packet manipulation tools using Scapy, fingerprinting utilities, and exploitation scripts targeting real-world vulnerabilities. Instruction focuses on how Python enables customization, automation, and scalability in offensive operations. The course culminates in a Culmination Exercise (CULEX) requiring students to integrate Python tooling across multiple phases of a red team operation. An optional interactive challenge environment (PyFight) is available throughout the course to provide additional hands-on practice and reinforce Python problem-solving skills. PyFight is not graded and does not factor into course completion.
Intended Audience: This course is intended for advanced cyber operators, red team members, penetration testers, and offensive security practitioners who already possess solid Python fundamentals. Students should be comfortable with scripting, networking concepts, and basic exploitation workflows. Completion of an intermediate Python course (e.g., CSD200) or equivalent experience is strongly recommended.