Royal Military College of Canada

Department of Electrical and Computer Engineering
Computer Security Lab (CSL)

Computer Security Courses Scheduled for 2018 - 2019:

Course Location Dates
Short Course in Networks & Security (SCINS) RMC - Kingston 29 April to
10 May 2019


28 October to
8 November 2019

20 April to
1 May 2020
Malware Analysis Short Course (MASC) Ottawa 21 October to
18 November 2019

27 February to
26 March 2020
Intrusion Detection & Extrusion Analysis Skills (IDEAS) RMC - Kingston 3 to 12
February 2020
Exploitation Techniques Course (ETC) Ottawa 2 to 30
March 2020
Short Course in Digital Forensics Investigation Techniques (DigForIT) RMC - Kingston 29 April to
3 May 2019


20 to 24
April 2020
Platform Cyber Mission Assurance (Pilot) RMC - Kingston 4 to 15
May 2020
Computer Network Security Graduate Program
Description of the full term courses offered as part of the Graduate Programme of study at RMC
RMC - Kingston Fall Semester 2018
& Winter Semester 2019


If you are interested in details regarding the short courses please contact csl-courses@rmcc-cmrc.ca


Course Descriptions

Short Course in Networks and Security (SCINS) –
Course Length: 2 weeks
Course Format: The course consists of a mixture of classroom lectures (50%) and hands-on lab exercises and challenges (50%). The course culminates in a 2-day Red-on-Blue Cyber Defence Exercise.
Prerequisites: Canadian Forces Network Defense Analyst (NDA) course or equivalent background.
Objective: The primary objective of this course is to provide the students with an introduction to computer networks and to the security issues surrounding computer networks. The philosophy throughout the course is to provide a high ratio of hands-on practice to class-based learning. The course is designed to provide the foundation material necessary before attending more specialized training in computer security.
Course Outline:
  • Computer Networks - Lecture and lab topics include traversing networks, internetwork routing, network hardware and devices, network architectures and characterizing a network.
  • Internet Protocols - Lecture and lab topics include link layer protocols, network layer protocols, transport layer protocols, application layer protocols, and the domain name service.
  • Operating System Security - Lecture topics include an introduction to operating systems, basic Windows architecture, vulnerabilities and defences, basic UNIX architecture, vulnerabilities and defences, and file systems.
  • Security Architecture - Lecture and lab topics include password protection, access control, firewalls and other perimeter defences, intrusion detection systems, and exploitation devices.
  • Security Foundations - Lecture and lab topics include number systems, computer memory, cryptography, asymmetric cryptography, and steganography.
  • Security Management - Lecture and lab topics include computer network threats, computer network attacks, vulnerability assessment, information warfare and network defence organization and process models.

Back to Course List

Intrusion Detection & Extrusion Analysis Skills (IDEAS) –
Course description currently being revised to include extended length
Course Length: NEW - 7 days
Course Format: The course consists of a mixture of classroom lectures (40%) and challenging hands-on lab work (60%). The course culminates in a 2-day network traffic investigation exercise.
Prerequisites: SCINS or equivalent background.
Objective: The objective of this course is to provide students with theoretical and practical intrusion detection analysis techniques as well as network traffic analysis skills.
Course Outline:
Traditional perimeter defences, and traditional intrusion detection, focus primarily on server-side attacks; modern threats largely include client-side attack methods, and require a very different defence posture. This course covers traditional perimeter defence investigation techniques as well as architectures and techniques for investigating client-side attacks. The limitations of signature-based detection are illustrated and basic anomaly detection is taught and applied. The theories of the “defensible network” and the principles of Network Security Monitoring help guide the course. The course includes a review of supporting architectures for the defensible network. The requirement for, and the uses of, different investigation data sources are emphasized; data sources include: alerts, full content, data flows, and statistics/models. The importance of event correlation is also emphasized.

Back to Course List

Malware Analysis Short Course (MASC) -
Course Length: 5 weeks
Course Format: Each week consists of 2 days of classroom instruction and supervised hands-on practical analysis followed by 1 day of independent investigation (homework).
Prerequisites:
  • Successful completion of a pre-study distance learning package provided by the Canadian Forces School of Communications and Electronics (CFSCE);
  • or
  • Students with an academic background in community college level Computer Programming or Computer Technology, or university level Computer Science or Computer Engineering may request to be exempt from the pre-study package. Exemption is at the discretion of the course loading authority in consultation with the instructor.
Objective: The Malware Analysis Short Course (MASC) provides a basic foundation in the concepts and application of static and dynamic analysis for the purpose of reverse engineering malicious software.
Course Outline:
MASC provides a basic foundation in the concepts and application of static and dynamic analysis for the purpose of reverse engineering malicious software. The course consists of a series of lectures along with in-class exercises and challenging labs. The static analysis techniques include: fingerprinting malware, packed and obfuscated malware, portable executable file format, the execution environment including static, run-time and dynamic linking, x86 architecture, disassembly of malware, recognition of code constructs in assembly, the Windows API and Registry. The dynamic analysis techniques include: creation of a malware analysis environment, process and DLL monitoring including registry and file system changes, run-time debugging, memory maps, threads and stacks, malware behaviour and recognition, malware launching including process injection, data encoding, and packers and unpacking.

Back to Course List

Exploitation Techniques Course (ETC) -
Course Length: 5 weeks
Course Format: Each week consists of 2 days of classroom instruction and supervised hands-on "ethical hacking" followed by 1 day of independent capture-the-flag challenges (homework).
Prerequisites: MASC or equivalent background.
Objective: The Exploitation Techniques Course provides a basic foundation in the concepts and application of ethical hacking and penetration testing techniques for the purpose of better understanding the context of cyber operations.
Course Outline:
Those operating in the cyber domain who are tasked with the defense of networks and computer systems must have a sound understanding of the threats that they face and of the techniques used by their adversaries; this course discusses the fundamentals of Cyber threats and attack techniques, with a heavy focus on practical applications. Topics will include: current cyber threat categories and general capabilities, attack techniques including local privilege escalation on the Linux Operating system, advanced SQL injection and cross-site scripting, stack buffer overflows, backdoors, remote access tools and pivoting. The course also introduces malware construction and exploit writing including assembly level program flow control and return oriented programming.

Back to Course List

Short Course in Digital Forensics Investigation Techniques (DigForIT) -
Course Length: 1 week
Course Format: The course consists of a mixture of classroom lectures and challenging hands-on lab work.
Prerequisites: SCINS or equivalent background.
Objective: The objective of this course is to provide students with a basic foundation in digital forensics theory and techniques.
Target Audience: This course is designed for students who currently have a basic understanding of computer security and who wish to learn the fundamentals of digital forensics with practical applications.
Course Outline:
Digital forensics is a branch of forensic science which focuses on the recovery and analysis of information found in digital systems. It has a wide range of applications including intelligence gathering, incident response, private, corporate and criminal investigations. In this course, students will develop a basic understanding of digital forensics theory and techniques and will apply these to investigate incidents involving malicious user activity and malware on common operating systems. Topics of study are image acquisition, volume and partition recovery, file systems structure, recovery of deleted files, operating systems artifacts, e-mail systems, web browser activities, USB drives activities, timeline reconstruction and volatile memory analysis.

Back to Course List