from training to education building offensive curriculum
play

From Training to Education: Building Offensive Curriculum from - PowerPoint PPT Presentation

May 13, 2023 •255 likes •507 views

From Training to Education: Building Offensive Curriculum from Training Certifications * or Why I watched the entire movie library over Spring Break By: Michael Kranch CANSec 2018 October 27-28 Who Am I? B.S. / M.S. in Computer

  1. From Training to Education: Building Offensive Curriculum from Training Certifications * or “Why I watched the entire movie library over Spring Break” By: Michael Kranch CANSec 2018 – October 27-28

  2. Who Am I? • B.S. / M.S. in Computer Science • U.S. Army Cyber Officer • Assistant Professor USMA (West Point) • Coach of the Capture the Flag (CTF) Team • Coach of the Cyber Defense Team www.mjkranch.com Michael Kranch (www.mjkranch.com) Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018 “From Training to Education,” CANSec 2018

  3. Warning: Opinions Follow Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  4. So What? • Developing offensive courses is hard but important • Industry security certifications provide a useful blueprint • Real-world applicability • Tested Framework • Motivation (Gamification) • Incorporating the academic mindset (the why) to the industry training (the what) provides the best hybrid experience for your students. Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  5. How did I get here? Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  6. Coaching a CDC Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  7. Then I Visited the Red Team Image removed Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  8. Offensive Curriculum is Hard • Breadth of Subject Matter • Diverse pre-requisites (really skills) • IT or CS or both? • Troubleshooting is hard • Large Infrastructure Requirement • Maintaining intentionally breakable systems • Fast Evolution of Material • New tools / techniques • New exploits (Eternal Blue) Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  9. Offensive Curriculum is Hard • Breadth of Subject Matter • Diverse pre-requisites (really skills) • IT or CS or both? • Troubleshooting is hard • Large Infrastructure Requirement • Maintaining intentional breakable systems • Fast Evolution of Material • New tools / techniques • New exploits (Eternal Blue) • Legal / Network Issues Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  10. Leverage Industry Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  11. Leverage Industry Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  12. Penetration Testing With Kali • Course by Offensive Security (Kali Linux) • Introduces students to ethical hacking tools and techniques • Initial Exercises • 7 hours of provided videos • 350+ page pdf lab guide • Local Kali VM / Private Windows 7 Lab Machine • Accessed via private VPN • Interactive Lab • 40 Public Machines • ~15 Additional Machines on 3 additional subnets • Certification (OSCP) - a unique 24-hour performance based exam • Very low pass rate Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  13. CS485: Ethical Hacking Pilot • Teaching Methodology • All requirements issued at start of semester • Lessons simply deeper discussion of course material • Extensive use of Gamification • Progress tracked live via course website • Culminating live performance based final exam • Students • 2017 - 6 Students • 4 Seniors, 1 Junior, 1 Sophomore • All CS • 2018 – 12 Students • 6 Seniors, 5 Juniors, 1 Sophomore • 8 CS, 2 IT, 1 EE, 1 Math Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  14. Gamification Examples Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  15. Gamification Examples Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  16. Gamification Examples Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  17. Gamification Examples Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  18. Gamification Examples Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  19. Gamification Examples Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  20. Gamification Examples Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  21. Live Performance Based Exam Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  22. Results • Gamification provided extra motivation (passion) • Individual Competition • Team Cooperation • Incentive to work ahead of deadlines • Perseverance through frustrating troubleshooting • Class format provided deeper understanding • Answer questions / issues from material • Focus on “why” and did not have to discuss much “how” • Only possible with smaller class size • Students internalized the hacker mindset • 8/18 earned OSCP Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  23. So What? • Developing offensive courses is hard but important • Industry security certifications provide a useful blueprint • Real-world applicability • Tested Framework • Motivation (Gamification) • Incorporating the academic mindset (the why) to the industry training (the what) provides the best hybrid experience for your students. Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

  24. Thank you! Questions? www.mjkranch.com Michael Kranch (www.mjkranch.com) “From Training to Education,” CANSec 2018

Recommend

Model Instructor Training Curriculum Association of National Stakeholders in Traffic Safety

Model Instructor Training Curriculum Association of National Stakeholders in Traffic Safety

Model Instructor Training Curriculum Association of National Stakeholders in Traffic Safety Education (ANSTSE) Novice Teen Driver Education and Training Administrative Standards (NTDETAS) 2017 Revisions Instructor Qualification

393 views • 35 slides
education Further Education and Training (FET) Post primary education Dictionary NAMES OF

education Further Education and Training (FET) Post primary education Dictionary NAMES OF

How do you create flexible pathways for students to continue to higher education? Share the practices in your organization to learn from each other. Vocational eduation and Training (VET) Higher = education Further Education and Training

549 views • 6 slides
Standardized Curriculum WAP Training Plans and Resources Goals of Standardized Curriculum

Standardized Curriculum WAP Training Plans and Resources Goals of Standardized Curriculum

Standardized Curriculum WAP Training Plans and Resources Goals of Standardized Curriculum Compile institutional knowledge Create baseline Core Competencies Flexibility Sections Editable Useful to instructors of

700 views • 31 slides
National Qualifications Frameworks: Building Bridges between Education and Training Systems?

National Qualifications Frameworks: Building Bridges between Education and Training Systems?

National Qualifications Frameworks: Building Bridges between Education and Training Systems? Experiences from Selected African Countries by Hans Krnner to be presented at the Third International Congress of the Management of Quality in the

948 views • 30 slides
FOR DOCUMENT Club Workshop Subhead text TRAINING & EDUCATION Welcome TRAINING &

FOR DOCUMENT Club Workshop Subhead text TRAINING & EDUCATION Welcome TRAINING &

TRAINING & EDUCATION TRAINING & EDUCATION RULES OF GOLF 2019 MAIN HEAD FOR DOCUMENT Club Workshop Subhead text TRAINING & EDUCATION Welcome TRAINING & EDUCATION Contents 1. New Terminology 2. New Principles 3. Areas of

706 views • 41 slides
Country Presentation: Ethiopia Regional Workshop and Seminar on Capacity Building, Education and

Country Presentation: Ethiopia Regional Workshop and Seminar on Capacity Building, Education and

Country Presentation: Ethiopia Regional Workshop and Seminar on Capacity Building, Education and Training Review Service (ETRES) Self-Assessment and ETRES Missions, Knowledge Management, and the Development of Education and Training Strategies

859 views • 16 slides
ESC Core Curriculum for the General Cardiologist ESC Education Conference - 31 January 2019

ESC Core Curriculum for the General Cardiologist ESC Education Conference - 31 January 2019

ESC Core Curriculum for the General Cardiologist ESC Education Conference - 31 January 2019 Felix C. Tanner ESC Core Curriculum for the General Cardiologist The ESC Core Curriculum for the General Cardiologist provides a training framework

337 views • 10 slides
Opening up GIS Training and Education Building an IIGLU Patrick Weber 1 , Claire Ellul 1 ,

Opening up GIS Training and Education Building an IIGLU Patrick Weber 1 , Claire Ellul 1 ,

Opening up GIS Training and Education Building an IIGLU Patrick Weber 1 , Claire Ellul 1 , Catherine (Kate) Jones 2 1 Dept. of Civil, Environmental and Geomatic Engineering, University College London, Gower Street, London WC1E 6BT

269 views • 8 slides
Update on Iowa SEC ELL Consortium Project Funded by US Department of Education Enhanced

Update on Iowa SEC ELL Consortium Project Funded by US Department of Education Enhanced

Update on Iowa SEC ELL Consortium Project Funded by US Department of Education Enhanced Assessment Grant Presented at: Surveys of Enacted Curriculum Collaborative Leader Training and Project Planning School Improvement using Curriculum and

780 views • 18 slides
Specialised Training, Education and Experiential Resources (STEER) (Capacity Building Hub for

Specialised Training, Education and Experiential Resources (STEER) (Capacity Building Hub for

Specialised Training, Education and Experiential Resources (STEER) (Capacity Building Hub for Sustainable Energy for All ) Sustainable Energy for All Forum 4-6 June 2014, UN HQs, New York Ibrahim Hafeezur Rehman, Director, Social Transformation

438 views • 12 slides
THE NEW CURRICULUM THE NEW NATIONAL CURRICUL UM 1988 Education Reform Act brings in the

THE NEW CURRICULUM THE NEW NATIONAL CURRICUL UM 1988 Education Reform Act brings in the

THE NEW CURRICULUM THE NEW NATIONAL CURRICUL UM 1988 Education Reform Act brings in the first National Curriculum (along with GCSEs) 2014 Curriculum focus on Excellence and Core Skills and more knowledge based More ambitious end of

198 views • 19 slides
MILIND V. DIWAN CURRICULUM VITAE Physics Department, Building 510E, Brookhaven National

MILIND V. DIWAN CURRICULUM VITAE Physics Department, Building 510E, Brookhaven National

MILIND V. DIWAN CURRICULUM VITAE Physics Department, Building 510E, Brookhaven National Laboratory, Upton, NY 11973-5000 Tel: (631) 344-3327 E-mail: diwan@bnl.gov EDUCATION 1982 Bachelor of Arts 1984 Master of Science 1988 Doctor of Philosophy

258 views • 3 slides
CAPACITY BUILDING OBJECTIVES FOR THIS TRAINING MANUAL CAPACITY BUILDING Capacity building is

CAPACITY BUILDING OBJECTIVES FOR THIS TRAINING MANUAL CAPACITY BUILDING Capacity building is

HALDI POTTI A MEMBER TRAINING MANUAL ON: CAPACITY BUILDING OBJECTIVES FOR THIS TRAINING MANUAL CAPACITY BUILDING Capacity building is measurable improvement in an organizations ability to fulfill its mission. ...to strengthen

676 views • 23 slides
STEM Education in Mongolia Regional STEM Symposium, Bangkok, Thailand 27-30 May 2019 Topics for

STEM Education in Mongolia Regional STEM Symposium, Bangkok, Thailand 27-30 May 2019 Topics for

STEM Education in Mongolia Regional STEM Symposium, Bangkok, Thailand 27-30 May 2019 Topics for Today Brief information about Mongolia STEM Curriculum Education system Curriculum innovation Teachers Teacher training

1.24k views • 16 slides
Challenges and opportunities Trends to address New concepts for: Offensive sea

Challenges and opportunities Trends to address New concepts for: Offensive sea

Challenges and opportunities Trends to address New concepts for: Offensive sea control Sea based AAW Weapons development Increasing offensive sea control capacity Addressing defensive and constabulary

561 views • 25 slides
Economics and Sustainability: Methodology in Property and Construction Market Education Authors:

Economics and Sustainability: Methodology in Property and Construction Market Education Authors:

CIB W89 International Conference on Building Education and Research BEAR 2006 Construction Sustainability and Education Session 4A Curriculum Design (IV) Shangri La Hotel Hong Kong Wednesday 12 th April 2006 09.20 09.40AM Economics and

271 views • 10 slides
Training, Education and Building Capacity Presentation of SEESAC Activities Ivan Zverhanovski

Training, Education and Building Capacity Presentation of SEESAC Activities Ivan Zverhanovski

Training, Education and Building Capacity Presentation of SEESAC Activities Ivan Zverhanovski Team Leader a.i. UNDP/SEESAC SEESAC and SALW Control in SEE SEESAC joint initiative of the UNDP and the RCC since 2002 Mandate = support all

456 views • 11 slides
Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool:

Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool:

Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool: Overview Overview Today I am going to introduce you to the Physical Education Curriculum Analysis Tool the PE CAT. The PECAT was developed by

592 views • 45 slides
INDONESIA M ATHEMATICS Country Profile of Indonesia and Science Curriculum in Indonesia R. Ahmad

INDONESIA M ATHEMATICS Country Profile of Indonesia and Science Curriculum in Indonesia R. Ahmad

S CIENCE T ECHNOLOGY TEACHER EDUCATION IN E NGINEERING INDONESIA M ATHEMATICS Country Profile of Indonesia and Science Curriculum in Indonesia R. Ahmad Zaky El Islami Lecturer at Department of Science Education Faculty of Teacher Training

480 views • 46 slides
MAIN HEAD FOR DOCUMENT Club Workshop Subhead text TRAINING & EDUCATION Welcome

MAIN HEAD FOR DOCUMENT Club Workshop Subhead text TRAINING & EDUCATION Welcome

TRAINING & EDUCATION TRAINING & EDUCATION RULES OF GOLF 2019 MAIN HEAD FOR DOCUMENT Club Workshop Subhead text TRAINING & EDUCATION Welcome TRAINING & EDUCATION Contents 1. New Terminology 2. New Principles 3. Areas of

852 views • 41 slides
Teacher Training MATCH Chess Curriculum Dr. Teresa Parr Developed by Chess Grandmaster

Teacher Training MATCH Chess Curriculum Dr. Teresa Parr Developed by Chess Grandmaster

Teacher Training MATCH Chess Curriculum Dr. Teresa Parr Developed by Chess Grandmaster Maurice Ashley & Dr. Teresa Parr. IES funded research project Used for training and the main curriculum for Exploring the Malleability of

489 views • 17 slides
Asset Upload System for Land & Building Assets Ministry of Education Fall Training Session

Asset Upload System for Land & Building Assets Ministry of Education Fall Training Session

PUT TITLE HERE Asset Upload System for Land & Building Assets Ministry of Education Fall Training Session September 2009 0 Land & Building TCA Asset Data Collection Asset Data Collection Land & Building TCA Ministry will be

470 views • 24 slides
New Child Passenger Safety Technician Certification Training Revised Curriculum Update

New Child Passenger Safety Technician Certification Training Revised Curriculum Update

New Child Passenger Safety Technician Certification Training Revised Curriculum Update Originally presented at Lifesavers 2019, edited. www.cpsboard.org CPS BBQ Big Burning Questions When will the revised curriculum be released? How long

416 views • 39 slides
Gifted and Talented Education Isa DeArmas Ed.D. Director of Curriculum and Instruction

Gifted and Talented Education Isa DeArmas Ed.D. Director of Curriculum and Instruction

Parent Information Meeting Saugus Union School District Gifted and Talented Education Isa DeArmas Ed.D. Director of Curriculum and Instruction Gifted and Talented Education G.A.T.E. Authorized by Education Code ( EC ) sections

535 views • 31 slides

More recommend