Courses By Design

Immediate Immersion

Immediate Immersion 2025 includes the following tasks:

1. Exploit a website and fix its vulnerabilities Students learn to think like attackers. They investigate a defense contractor’s website surreptitiously, fix a vulnerability, and remove malware.

To accomplish this, they must use an LFI exploit uncovered by human intelligence to access the web server themselves and then crack the webmaster’s encrypted password, so they can remove the malware and patch the vulnerability that left the system open to attack.

OBJECTIVE: Think like an attacker
OBJECTIVE: Exploit a website using a local file inclusion vulnerability OBJECTIVE: Crack a password
OBJECTIVE: Determine if a website has embedded malware OBJECTIVE: Conduct online technical research
OBJECTIVE: Patch the code of a website to eliminate a local file inclusion

Vulnerability

2. Investigate suspicious behavior - You receive a report that an employee had unusual text on his screen which didn’t seem to be work-related. The company’s security team captured a recording of that employee’s network traffic from the time of the report. Your task is to use two traffic analysis tools to determine what the employee was doing. Was his activity benign—or was this evidence of an insider attack?

OBJECTIVE: Conduct an investigation of a cybersecurity incident OBJECTIVE: Analyze network traffic using Network Miner OBJECTIVE: Analyze network traffic using Wireshark

3. Analyze malicious network traffic - You will analyze suspicious network traffic moving in and out of a US military aide’s personal laptop. Using packet capture (PCAP) files, you will determine

if it was infected by malware and if so what malware and how did the infection occur.

OBJECTIVE: Analyze suspicious network traffic in a PCAP using Snort and Wireshark.

OBJECTIVE: Recognize a cushion redirect in network traffic. OBJECTIVE: Recognize the identifying features of a specific exploit kit.

OBJECTIVE: Recognize a malware payload being transferred to a targeted host.

Who Should Enroll

Students who wish to explore a career in cybersecurity to determine if it is right for them. The ideal student is intensely curious, unwilling to give up on a problem no matter how difficult it is and predisposed toward self-directed learning.

Learning Outcomes

Students will learn and practice key SOC analyst skills including:

• Conducting online technical and open-source intelligence research
• Analyzing and verifying Snort alerts
• Distinguishing between true and false positive alerts
• Analyzing packet capture (PCAP) files
• Analyzing suspicious user behavior
• Identifying vulnerabilities based on vulnerability scans
• Distinguishing between attacks and vulnerability scans
• Identifying open ports using scanners such as NMAP, Nikto, and WPScan
• Identifying OS/Application fingerprints
• Analyzing attacks that employ exploit kits.

Prerequisites

1. Only basic computer skills are required, but basic knowledge of computer networks, protocols, and the fundamentals of operating systems is strongly recommended.

2. Taking and passing a free pre-assessment is REQUIRED before students are allowed to register for this program. If students have an IT background, they can ask to be exempted from this requirement.

Additional Info

Textbook: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 3rd Edition by Chris Sanders is highly recommended for this course (ISBN-13: 978-1593278021).

It can be ordered from nostarch.com (purchases made from nostarch.com include a full-text searchable e-book version of the text, available for download immediately after purchase) (Links to many additional online learning resources are provided within the course, specific to each task.)

Students must successfully complete Immediate Immersion 2025 to be permitted to enroll in the next course in this program, CSGA Cyber College: Defense. Success will be assessed by a student’s mentors whose decision is final.

BMCC Cybersecurity White Hat Program

The CSGA Cyber Defense "White Hat" Program is designed to help prospective students with no prior experience in cyber defense determine whether the PRIME Cyber Defense Online Program is the right fit for them. This preparatory course serves as a required first step before entering the Cyber Defense White Hat Program.

Eligibility:
To participate, applicants must have successfully completed Grade 12 or an equivalent level of education. If accepted into the White Hat Program, you will first be enrolled in the Immediate Immersion Pre-Qualifier. This allows us to assess your readiness and ensure the program aligns with your goals and capabilities.

Cost:
The Immediate Immersion Program is free for anyone who has registered, paid, or secured approved financing for the Cyber Defense White Hat Program—a savings of $1,500 USD.

Important Note:
All students accepted into the CSGA Cyber Defense White Hat Program will undergo a formal background security screening. This vetting process, conducted with the support of our student community, ensures that each graduate is matched with a suitable and secure work environment upon program completion.

CSGA Cyber Defense
"White Hat" Program

CSGA Cyber Defense "White Hat" Program builds upon the foundational skills students developed in Cyber Attack and Defense: Immediate Immersion 2020. This 13-week course, requiring approximately 25 hours of study per week, is designed to equip students with robust defensive cybersecurity skills. By the end of the program, participants will be well-prepared for entry-level roles such as Security Operations Center (SOC) analysts and digital forensics analysts.

Students engage in six realistic, hands-on tasks delivered through a secure private cloud environment. Each task spans one to two weeks and is supported by expert mentorship, personalized feedback, and a wealth of online learning resources. The course is set within a fictional but highly realistic scenario, placing students in the role of a junior analyst working for a government cyber operations agency. This immersive context helps bridge the gap between theory and practice, ensuring students gain practical, job-ready experience.

Course Outline

CSGA Cyber College: Cyber Defense builds on the defensive skills and experience students gained in Cyber Attack and Defense: Immediate Immersion 2025. The course is designed to impart a strong foundation of defensive information security skills in 13 weeks of study at 25 hours per week, preparing students for entry-level careers as security operations center analysts and digital forensics analysts.

Students work through 6 on-line real-life tasks (spending 1-2 weeks per task) in a private cloud environment with help, advice, and feedback from a knowledgeable mentor and extensive on-line learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a government cyber operations agency.

CSGA – Cyber Defense includes the following tasks:

1. Analyze a remote intrusion attempt

A security operations center analyst has seen evidence of a password cracking attempt within a key network. Students analyze a packet capture file (PCAP) and event logs within a security information and event management system (the Splunk SIEM) to determine if any passwords were compromised and if the network was breached as a result. The student must also identify which tools were used by the attacker and which steps should be taken to safeguard specific hosts in the network from similar cracking attempts in the future.

OBJECTIVE: Analyze suspicious network traffic in a PCAP using Wireshark. OBJECTIVE: Analyze network and system logs using Splunk

OBJECTIVE: Cross-correlate events seen in a PCAP with events seen in logs OBJECTIVE: Recognize a Hydra brute-forcing attack

OBJECTIVE: Determine if a brute-forcing attack has been successful Tasks 2 through 6 are set in the context of a single complex cyber-attack.

2. Investigate an incident using a SIEM

Students analyze a possible “watering hole” attack in which clicking on a malicious link embedded in an otherwise legitimate website launches an exploit kit that infects a user’s machine with a “banking trojan.” To accomplish this, they must analyze multiple logs within the Splunk SIEM.

OBJECTIVE: Analyze network and system logs using Splunk
OBJECTIVE: Pivot among multiple logs using Splunk’s search facilities
OBJECTIVE: Identify possible indicators of compromise
OBJECTIVE: Determine if devices are likely to have been infected using indicators of compromise
OBJECTIVE: Tentatively identify the malware used and the intent of the attack

3. Begin to understand malware:

Students use a “hash” of a possible malware-containing file to conduct research using VirusTotal, online sandboxes, and open-source intelligence sources to determine specific indicators of compromise to guide forensic analysis of memory and file system images of infected devices.

OBJECTIVE: Use Virus Total to identify a malware sample
OBJECTIVE: Use advanced features of Virus Total to learn detailed information about a malware sample
OBJECTIVE: Use the Hybrid Analysis sandbox to perform static and dynamic analysis of a malware sample
OBJECTIVE: Use open-source threat intelligence to learn more about specific malware

4. Examine a compromised host’s memory

Students perform a forensic examination of a memory image taken from a computer to identify sophisticated malware that infected the system.

OBJECTIVE: Acquire a working knowledge of process structures in memory using Volatility

OBJECTIVE: “Know normal to find evil”
OBJECTIVE: Formulate a plan for a memory forensics investigation
OBJECTIVE: Recognize malware “footprints” in a forensic memory image
OBJECTIVE: Locate a malicious binary in a forensic memory image
OBJECTIVE: Corroborate findings with other sources such as [Splunk] SIEM logs
OBJECTIVE: Identify malware actions such as privilege escalation and browser hooking

5. Conduct a forensic disk examination

Students perform disk forensics on an infected system. By analyzing an image of the computer’s file system, the students are able to identify malware infections and to create a timeline for the attack.

OBJECTIVE: Analyze a forensic disk image and identify indicators of compromise using Autopsy.

OBJECTIVE: Generate a timeline of suspicious events in a forensic disk image.
OBJECTIVE: Determine how a device was infected and what malware variant was used.

6. Close your investigation

Students are asked to conclude their investigation by compiling a timeline for the attack and writing a comprehensive report for technical and non-technical Stakeholders.

OBJECTIVE: Cross-correlate information from a range of sources
OBJECTIVE: Combine information from a range of sources into a comprehensive report
OBJECTIVE: Communicate a complex story effectively to technical and non-technical audiences.

Who Should Enroll

Students who have successfully completed cyber academy: Immediate Immersion and who aspire to professional careers in defensive cyber security.

Learning Outcomes Students will learn to:

• Analyze network traffic
• Analyze network and system logs using security information and event monitoring system
• Cross-correlate log information and network packet traffic
• Use online sandboxes for static and dynamic analysis of malicious executable files to identify indicators of compromise
• Use threat intelligence
• Identify malware
• Perform memory forensics
• Perform disk forensics
• Compile a comprehensive timeline of a cyber attack
• Report appropriately to technical and non-technical stakeholders

In addition to the task-based curriculum, an implicit curriculum runs throughout the course via which students will learn and practice the cognitive skills essential for success in all areas of information security.

These include:

• Understanding complex, novel problems
• Effectively researching solutions
• Designing and testing solutions
• Self-directed learning

Prerequisites

Successful completion of The Cyber Academy: Immediate Immersion. Only basic computer skills are required, but basic knowledge of computer networks and protocols and the fundamentals of operating systems is strongly recommended.

BMCC: Halt-A-Hack Program

The Halt-A-Hack is designed to help prospective students with no prior experience in cyber defense determine whether the PRIME Cyber Defense Online Program is the right fit for them. This preparatory course serves as a required first step before entering the Cyber Defense White Hat Program.

Cost:
The Immediate Immersion Program is free for anyone who has registered, paid, or secured approved financing for the Cyber Defense White Hat Program—a savings of $1,500 USD.

Important Note:

Halt-A-Hack is a stand-a-lone program that is provided to all our paid students FREE of charge. This is a 4-hour certificate program for our graduates and in mandatory to complete your training.

BMCC: Lunch and Learn Program

The Lunch and Learn is designed to help prospective students with no prior experience in cyber defense determine whether the PRIME Cyber Defense Online Program is the right fit for them. This preparatory course serves as a required first step before entering the Cyber Defense White Hat Program.

Courses By Design

Immediate Immersion

BMCC Cybersecurity White Hat Program

BMCC: Halt-A-Hack Program

BMCC: Lunch and Learn Program

Challenge Yourself!