CourseExample
Back to All Courses

Linux CNO Programmer

An intensive, 10-week hands-on course focused on providing the skills and knowledge needed to become an advanced CNO programmer in the Linux environment.

10 Weeks
Hands-On Labs
CACP Certification
Kernel-Level Development
Course Overview
Modules

Course Description

The Linux Computer Network Operations Programmer course is an intensive, hands-on course focused on providing students with the skills and knowledge needed to become an advanced CNO programmer, with emphasis in the Linux environment. The class format combines lecture and demonstrations with practical lab assignments, including two labs that function as culminating exercises.

After the completion of the three modules, the student will be capable of assisting in the CNO tool development lifecycle. The student will understand the tool objectives, environments, obstacles, and pitfalls associated with development, as well as strategies to meet objectives effectively and efficiently.

Prerequisites

  • A Bachelor's degree in Computer Science or Computer Engineering, or equivalent experience.
  • Programming experience in C.
  • Experience in Linux Programming and x86_64 assembly.
  • High academic achievement or operational/technical experience and an intense desire to learn.

Program Highlights

Tool Development Lifecycle

Graduate with the ability to assist in the complete CNO tool development lifecycle, from objectives to execution.

Certification Opportunity

Students who complete all 10 graded classes with an 80% average or better are recognized as ManTech Certified Advanced Cyber Programmers.

Module Crucibles & CTFs

Apply concepts learned by accomplishing a series of tasks in a Capture the Flag (CTF) format, including analyzing and exploiting a botnet.

What You Will Learn

  • Perform reverse engineering to support CNO tool development using Ghidra for static analysis and GDB for dynamic analysis.
  • Manipulate ELF files and understand their structure, including how to perform hooking using relocation table modification and ELF poisoning.
  • Exploit vulnerable services by crafting exploits for buffer overflows and using techniques like return-oriented programming (ROP).
  • Design and deploy CNO tools within the Linux kernel itself, including developing loadable kernel modules and implementing custom system calls.

Course Modules

  • Module 1: Core Module 17 Days

    Python

    3 Days

    Become familiar with Python 3 syntax and commands to create basic programs, use modules and classes, and develop custom exceptions.

    Networks

    5 Days

    Build a foundation in network protocols, deep packet analysis, and programmatic protocol construction to develop basic network-related tools.

    Assembly

    3 Days

    Use x86/x86_64 assembly language to support CNO development, including memory access, call stack functionality, and procedure calls.

    Software Reverse Engineering

    5 Days

    Perform reverse engineering for CNO tool development, including static analysis with Ghidra and dynamic analysis with GDB.

    Core Crucible

    1 Day

    Apply concepts from the Core module in a team-based CTF challenge to analyze and exploit a botnet by reversing its protocol and developing communication tools.

  • Module 2: User Mode Development Module 20 Days

    Linux Systems Programming

    4 Days

    Understand the principles of Linux programming, including using the Linux build environment, POSIX and GNU APIs, creating processes, and using pthreads for multithreaded programs.

    Linux Internals

    4 Days

    Gain an intermediate understanding of Linux's structure, including the boot process, filesystems, ELF structure, the proc file system, and virtual memory.

    CNO User Mode Development

    5 Days

    Learn the fundamentals of CNO tool development, including code injection via ptrace, library redirection with LD_PRELOAD, ELF hooking, and creating self-deleting executables.

    Vulnerability Research and Exploitation

    5 Days

    Become familiar with multiple vulnerability classes, exploitation constructs, and modern security protections, and craft exploits for buffer overflows.

    Linux User Mode Crucible

    2 Days

    Apply concepts from the User Mode module to discover and exploit vulnerabilities in remote servers, hide modified code, and hijack control of a botnet.

  • Module 3: Kernel Mode Development Module 8 Days

    Linux Kernel Internals

    5 Days

    Become familiar with the fundamentals of the Linux kernel, including compiling from source, dynamically debugging with GDB, developing loadable kernel modules, and implementing custom system calls.

    CNO Kernel Mode Development

    3 Days

    Actively assist in developing CNO kernel mode tools, including creating character devices for covert communication and hooking the VFS and networking subsystems.

Linux-CNO-Programmer.pdf
PDF Syllabus Preview
Download Syllabus