Course Descriptions

Short Course in Networks and Security (SCINS)
Course Length: 2 weeks
Course Format: The course consists of a mixture of classroom lectures (50%) and hands-on lab exercises and challenges (50%). The course culminates in a 2-day Red-on-Blue Cyber Defence Exercise.
Prerequisites: Canadian Forces Network Defense Analyst (NDA) course or equivalent background.
Objective: The primary objective of this course is to provide the students with an introduction to computer networks and to the security issues surrounding computer networks. The philosophy throughout the course is to provide a high ratio of hands-on practice to class-based learning. The course is designed to provide the foundation material necessary before attending more specialized training in computer security.
Course Outline:
Computer Networks - Lecture and lab topics include traversing networks, internetwork routing, network hardware and devices, network architectures and characterizing a network. Internet Protocols - Lecture and lab topics include link layer protocols, network layer protocols, transport layer protocols, application layer protocols, and the domain name service. Operating System Security - Lecture topics include an introduction to operating systems, basic Windows architecture, vulnerabilities and defences, basic UNIX architecture, vulnerabilities and defences, and file systems. Security Architecture - Lecture and lab topics include password protection, access control, firewalls and other perimeter defences, intrusion detection systems, and exploitation devices. Security Foundations - Lecture and lab topics include number systems, computer memory, cryptography, asymmetric cryptography, and steganography. Security Management - Lecture and lab topics include computer network threats, computer network attacks, vulnerability assessment, information warfare and network defence organization and process models.

Back to Course List

Intrusion Detection & Extrusion Analysis Skills (IDEAS) Course description currently being revised to include extended length
Course Length: 8 days
Course Format: The course consists of a mixture of classroom lectures (40%) and challenging hands-on lab work (60%). The course culminates in a 2-day network traffic investigation exercise.
Prerequisites: SCINS or equivalent background.
Objective: The objective of this course is to provide students with theoretical and practical intrusion detection analysis techniques as well as network traffic analysis skills.
Course Outline:
Traditional perimeter defences, and traditional intrusion detection, focus primarily on server-side attacks; modern threats largely include client-side attack methods, and require a very different defence posture. This course covers traditional perimeter defence investigation techniques as well as architectures and techniques for investigating client-side attacks. The limitations of signature-based detection are illustrated and basic anomaly detection is taught and applied. The theories of the defensible network and the principles of Network Security Monitoring help guide the course. The course includes a review of supporting architectures for the defensible network. The requirement for, and the uses of, different investigation data sources are emphasized; data sources include: alerts, full content, data flows, and statistics/models. The importance of event correlation is also emphasized.

Back to Course List

Malware Analysis Short Course (MASC) -
Course Length: 5 weeks
Course Format: Each week consists of 2 days of classroom instruction and supervised hands-on practical analysis followed by 1 day of independent investigation (homework completed outside the classroom).
Prerequisites: SCINS or equivalent background; Successful completion of a pre-study distance learning package provided by the Canadian Forces School of Communications and Electronics (CFSCE); or Students with an academic background in community college level Computer Programming or Computer Technology, or university level Computer Science or Computer Engineering may request to be exempt from the pre-study package. Exemption is at the discretion of the course loading authority in consultation with the instructor.
Objective: The Malware Analysis Short Course (MASC) provides a basic foundation in the concepts and application of static and dynamic analysis for the purpose of reverse engineering malicious software.
Course Outline:
MASC provides a basic foundation in the concepts and application of static and dynamic analysis for the purpose of reverse engineering malicious software. The course consists of a series of lectures along with in-class exercises and challenging labs. The static analysis techniques include: fingerprinting malware, packed and obfuscated malware, portable executable file format, the execution environment including static, run-time and dynamic linking, x86 architecture, disassembly of malware, recognition of code constructs in assembly, the Windows API and Registry. The dynamic analysis techniques include: creation of a malware analysis environment, process and DLL monitoring including registry and file system changes, run-time debugging, memory maps, threads and stacks, malware behaviour and recognition, malware launching including process injection, data encoding, and packers and unpacking.

Back to Course List

Exploitation Techniques Course (ETC) -
Course Length: 5 weeks
Course Format: Each week consists of 2 days of classroom instruction and supervised hands-on "ethical hacking" followed by 1 day of independent capture-the-flag challenges (homework).
Prerequisites: MASC or equivalent background.
Objective: The Exploitation Techniques Course provides a basic foundation in the concepts and application of ethical hacking and penetration testing techniques for the purpose of better understanding the context of cyber operations.
Course Outline:
Those operating in the cyber domain who are tasked with the defense of networks and computer systems must have a sound understanding of the threats that they face and of the techniques used by their adversaries; this course discusses the fundamentals of Cyber threats and attack techniques, with a heavy focus on practical applications. Topics will include: current cyber threat categories and general capabilities, attack techniques including local privilege escalation on the Linux Operating system, advanced SQL injection and cross-site scripting, stack buffer overflows, backdoors, remote access tools and pivoting. The course also introduces malware construction and exploit writing including assembly level program flow control and return oriented programming.

Back to Course List

Short Course in Digital Forensics Investigation Techniques (DigForIT) -
Course Length: 1 week
Course Format: The course consists of a mixture of classroom lectures and challenging hands-on lab work.
Prerequisites: SCINS or equivalent background.
Objective: The objective of this course is to provide students with a basic foundation in digital forensics theory and techniques.
Target Audience: This course is designed for students who currently have a basic understanding of computer security and who wish to learn the fundamentals of digital forensics with practical applications.
Course Outline:
Digital forensics is a branch of forensic science which focuses on the recovery and analysis of information found in digital systems. It has a wide range of applications including intelligence gathering, incident response, private, corporate and criminal investigations. In this course, students will develop a basic understanding of digital forensics theory and techniques and will apply these to investigate incidents involving malicious user activity and malware on common operating systems. Topics of study are image acquisition, volume and partition recovery, file systems structure, recovery of deleted files, operating systems artifacts, e-mail systems, web browser activities, USB drives activities, timeline reconstruction and volatile memory analysis.

Back to Course List

Security of Platform / Operational Technology Systems (SPOTS) -
Course Length: 10 Days
Course Format: The course consists of a mixture of classroom lectures (60%) and challenging hands-on exercise and lab work (40%).
Prerequisites: Students attending this course should have experience in systems engineering in at least one of the following general employment areas: Project Management, Systems Engineering and/or Life-Cycle Materiel Management, and have taken the RMC Short Course in Network Security (SCINS) or an equivalent.
Objective: This course provides a comprehensive introduction to cybersecurity issues unique to platform and operational technology systems. The course is engineering focused and includes advanced technical concepts within computer security. This course prepares graduates to guide and/or provide advice to Weapons System Managers and (WSMs) and/or Project Management Offices (PMOs) on platform/OT cybersecurity matters such as: a) security threat and vulnerability assessments, b) security architecture and protection measures, and c) defensive cyber operation support.
Target Audience: System Cybersecurity Engineers, Project Managers or Life Cycle Material Managers working in cybersecurity roles.
Course Outline: The course is organized by modules and topics. Each module consists of lectures and at least one hands-on exercise and one hands-on lab. There are six modules on this course: Operational and Platform Technology Protocols Software Security Hardware Security Security Architecture Security Management Capstone Exercise that wraps together knowledge from the above modules in a combined tabletop and technical exercise.

Back to Course List

Short Course in Cybersecurity Risk Assessment Methodology (SCCRAM) -
Course Length: 5 Days
Course Format: The course consists of a mixture of classroom lectures (60%) and challenging table-top exercise work (40%).
Prerequisites: Students attending this course should have significant experience in at least one of the following general employment areas: Project Management, Systems Engineering and/or Life-Cycle Materiel Management.
Objective: The Short Course in Cybersecurity Risk Assessment Methodology (SCCRAM) introduces the student to the concepts and application of cybersecurity risk assessment.
Target Audience: System Cybersecurity Engineers, Project Managers or LCMMs working in cybersecurity roles.
Course Outline: Students are taught the application of a Platform Technology (PT) cybersecurity risk assessment process and the application of the Risk-based Cyber Mission Assurance Process (RCMAP). General topics within cybersecurity risk assessment include Security Scope Definition, Security Risk Assessment and Security Development. Topics within RCMAP include Mission Criticality Analysis and Asset Valuation (MCAAV), Risk Assessment and Security Development.
Comments: SCCRAM is conducted by faculty of the Royal Military College (RMC) Computer Security Lab (CSL), augmented by instructors from ADM(Mat). This course is tailored to suit the particular needs of a given course serial and may be conducted over 3 or 4 days. For example, when delivering the course to an audience whose military platform is an aircraft, the Platform cybersecurity risk assessment process will have an airworthiness nexus and the CSL instructor staff will be augmented by subject matter experts from within the Directorate of Technical Airworthiness and Engineering Support (DTAES).

Back to Course List