FedVTE Course Catalog

101 Courses - Basic level courses
NICE Cybersecurity Workforce Framework Category - Analyze
NICE Cybersecurity Workforce Framework Category - Collect and Operate
NICE Cybersecurity Workforce Framework Category - Investigate
NICE Cybersecurity Workforce Framework Category - Operate and Maintain
NICE Cybersecurity Workforce Framework Category - Oversee and Govern
NICE Cybersecurity Workforce Framework Category - Protect and Defend
NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

Limit to NICE Cybersecurity Workforce Framework Category or subject:
101 Courses - Basic level courses Analyze Collect and Operate
Investigate Operate and Maintain Oversee and Govern
Protect and Defend Securely Provision
Show All Courses in All Categories

Expand/Collapse All
Advanced PCAP Analysis and Signature Development (APA) 1 HourSkill Level: Intermediate 
+ Description
 Advanced PCAP Analysis and Signature Development (APA)

The Advanced PCAP Analysis and Signature Development (APA) course takes users through an introduction to rules, goes over example syntax, protocols and expressions. This course contains several supporting video demonstrations as well as lab exercises writing and testing basic rules.

Training Purpose: Analyze, Protect and Defend
Specialty Areas: Cyber Defense Analysis, Cyber Defense Infrastructure Support, All Source Analysis, Cyber Operations
Training Proficiency Area: Level 2 - Intermediate

+ Course Modules/Units
Advanced Pcap Analysis And Signature Development
Packet Protocol Dns
Introduction To Rules
Examples Of Sourcefire Rules
Sourcefire Rule Syntax - Protocols
Sourcefire Rule Syntax - Message And Matching
Lab Exercise Writing And Testing Basic Rules
Lab Exercise Writing And Testing Basic Rules Video
Lab Exercise Writing And Testing Basic Rules Continued
Lab Exercise Continued
Regular Expressions
Editing A Poor Rule
How To Write An Ipv4 Regular Expression
Lab Exercise Writing Regular Expression
Lab Exercise Writing Regular Expression Continued
Malware Analysis Reports (Mar)
Demonstration of Mar 131751 Report
Demonstration Of Mar Report Continued
Lab Exercise Writing Rules From Malware Analysis Reports
Lab Exercise Writing Rules From Malware Analysis Reports Continued
New Course OfferingCertified Ethical Hacker Version 10 (CEHv10) Prep 29 HoursSkill Level: Advanced  
+ Description
 The Certified Ethical Hacker v10 Prep self-study course helps prepare students to sit for the EC-Council Certified Ethical Hacker version 10 certification exam. This course contains materials to aid the student in broadening their knowledge of advanced network assessment techniques including enumeration, scanning and reconnaissance. This course is designed for the skilled professional to use the same knowledge and tools as a malicious hacker but in an ethical and lawful manner to examine an organization's network security posture. This course concludes with a practice exam.

Learning Objectives:

  • Learn how to perform a vulnerability analysis to identify security weakness in an organization's network structure.
  • Perform a security assessment of a cloud environment to understand cloud computing threats and attacks.
  • Understand risks and defensive strategies for IoT Platforms and devices.
NICCS Specialty Areas:
  • Cyber Defense Analysis
  • Systems Analysis
  • Vulnerability Assessment and Management
Training Purpose: Skill Development

Training Proficiency Area Level 3 - Advanced

+ Course Modules/Units
CEHv10 Course Introduction
Information Security Reports
Ethical Hacking Defined
Ethical Hacking Terminology
Hacking Phases and Vul Research
Types of Attacks and Attack Vectors
Threat Modeling
Introduction to Physical Security
Incident Management Process
Incident Response Overview
Security Testing and Assessments
Pen Testing Phases and Methodology
Information Security Laws and Standards
Footprinting Methodologies - Passive
Footprinting Methodologies - Active
Advanced Google Hacking Techniques
Network Mapping
DEMO: WHOIS with BackTrack
DEMO: Active Footprinting with Traceroute
DEMO: Maltego for Information Gathering Part 1
DEMO: Maltego for Information Gathering Part 2
Footprinting Countermeasures
DEMO: Windows CMD Information Gathering
Scanning Essentials
DEMO: Colasoft Packet Builder
Port Scanning
DEMO: Banner Grabbing with Telnet
Covert Scanning
Covert Scanning with Proxies
DEMO: Scanning with Nmap
Common Enumeration Techniques
Enumeration Tools
Protocol Enumeration
DEMO: Scanning and Enumeration with Nmap
Understanding System Vulnerabilities
Passive and Active Vul Scanning
Vulnerability Assessment Lifecycle and CVSS
Common Vulnerabilities and Exposures (CVE)
Vulnerability Scanning
DEMO: Vulnerability Scanning with Nessus
Authentication Techniques
Microsoft Authentication
Password Cracking
Privilege Escalation
DEMO: Rainbow Table Lookup Sites
Spyware and Activity Monitoring
Packet Sniffing Attacks
Covert Hacking
Hiding Files - Rootkits
DEMO: Kernel-Level Rootkits
Covering Tracks
Malware Awareness
Trojan Terminology and Techniques
Trojans and Backdoors
Virus Examples and Symptoms
Virus Classifications and Characteristics
Virus Making Tools
Other Malicious Code Types
Malware Countermeasures and Tools
DEMO: Bind and Reverse Shell
DEMO: Strings Analysis
Sniffers Terminology and Overview
Network Overview for Sniffer Placement
Basic Packet Analysis
Address Resolution Protocol (ARP)
DEMO: Viewing ARP Packets with Packet Builder
Spoofing and Flooding Sniffing Attacks
MITM Attacks Ports Vul to Sniffing
Wireshark Overview and Examples
Evasion in Network Sniffing
Sniffing Countermeasures and Tools
DEMO: Hping3
DEMO: Wireshark
Social Engineering Background and Examples
Human-Based Social Engineering
Computer-Based Social Engineering
Computer Based SE - Social Networking
Social Engineering with Mobile Applications
SE and Identity Theft Countermeasures
DEMO: Social Engineering Toolkit
DEMO: Leveraging Armitage in Phishing Attack
DoS Impacts and Classifications
Categories of Denial of Service
Botnets and Disruption Attacks
DoS Symptoms and Tools
Buffer Overflow Terminology and Background
Session Hijacking Overview and Examples
Compromising Session Attacks
Session Hijacking Techniques
Session Hijacking Tools
IPSec and Session Hijacking
Firewalls and Honeypots
Firewall Configurations
IDS Overview and Detection Methods
IDS, Firewall, and Honeypot Evasion
Evasion Techniques
Evasion Testing Techniques
DEMO: Intrusion Signs
Common Web Server Attack
Webserver Architecture
OWASP Top 10 and Beyond
Webserver Hacking Countermeasures
SQL and Command Injection Web App Hacking
Non SQL Injection Errors
Parameter and Form Tampering Web App Hacking
Cross-site Scripting and Obfuscation Web App Hacks
Cross-site Request Forgery and Cookies
Web Application Pen Test Methodology
Web App Tools and Countermeasures
Buffer Overflow Tools and Countermeasures
DEMO: BurpSuite
SQL Terminology and Example Statements
SQL Enumeration
SQL Injection Attacks
SQL Injection Tools and Countermeasures
DEMO: SQL Inject Attacks
Wireless Terminology and Standards
Wireless Terminology and Antennas
Wireless Authentication
Wireless-Based Attacks
Wireless Attack Methodology Part 1 of 2
Wireless Attack Methodology Part 2 of 2
WEP, WPA and Other Wireless Attacks
Bluetooth Communication Basics
Wireless Protocols and Signal Modulation
DEMO: SSID and Channels
DEMO: Wireless Hacking
Wireless Hacking Tools
Wireless Hacking Countermeasures
Mobile Platform Overview
OWASP IoT Vuls and Countermeasures
Mobile Device Operating Systems
Hacking Mobile Platforms
Mobile Device Management and Risks
Mobile Device Security
Internet of Things (IoT) Concepts
Internet of Things (IoT) Attacks and Mitigation
Introduction to Cloud Computing
Cloud Architectures and Deployment Models
Cloud Threats and Attacks
Cloud Security
Cloud Testing Tools
Cryptography Background and Terminology
Crypto Keys and Algorithms
SHA and TLS Algorithms
DEMO: Hashing with MD5 Sum
Cryptography Implementations
Public Key Infrastructure (PKI)
Cryptanalysis Techniques
Crypto Attacks
DEMO: Encryption with TrueCrypt
Digital Signatures
Certified Ethical Hacker Practice Exam
LAB: Using a Simulated Botnet to Conduct a Distributed Denial of Service
New Course OfferingCyber Dark Arts 3 HoursSkill Level: Intermediate  
+ Description

Cyber Dark Arts highlights ‘dark’ or deceptive activities that are employed by malicious users via the Internet. Several legitimate purpose technologies and techniques and how they are leveraged, or manipulated for fraudulent purposes, is discussed. Threats from topics such as zero-day attacks, dark web, alternate OSs, VPN/TOR, weaponized psychology, and anonymous services will be detailed, as well as methods for concealing one’s identity. These methods are taught in order for cybersecurity experts to defend against such attacks. The course includes reinforcing video demonstrations.

Learning Objectives:

  • Explain several techniques for obfuscating online activities
  • List examples of technologies leveraged for deceptive purposes
  • Detail best practices for prevention and protection from malicious cyber activities

NICCS Specialty Areas:
  • Collect and Operate: Cyber Operations
  • Operate and Maintain: Systems Analysis
  • Protect and Defend: Cyber Defense Analysis

Training Purpose: Skill Development

Training Proficiency Area Level 2 - Intermediate

+ Course Modules/Units
Cyber Dark Arts
Weaponized Psychology
DEMO: Password Cracking Using Hydra
Scanning for Vulnerable Devices and Networks
Anonymous Web Hosting, Searching, and Browsing
Alternative Operating Systems
Tails, Whonix, and Qubes
Secure Messaging Services
Blockchain and Cryptocurrency
DEMO: Blockchain and Cryptocurrency
DEMO: Iodine IP over DNS
DEMO: TOR versus Traditional Tunneling
Advanced Persistent Threats
Cyber Dark Arts Exam
New Course OfferingCyber Fundamentals for Law Enforcement Investigations 8 HoursSkill Level: Intermediate 
+ Description

This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.

Learning objectives:

  • Describe essential computing communication concepts
  • Identify digital evidence sources and handling
  • Apply techniques to examine applications for target information

Training Purpose: Skill Development

Specialty Areas: Threat Analysis, Digital Forensics, Investigation

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2017

+ Course Modules/Units
Cyber Investigation Course Intro
Cyber Crimes versus Traditional Crimes
Cyber Laws Overview
Logical and Physical Addresses
Dissecting a Data Packet
How Computers Connect
IP Addresses and Domain Names
IP Addresses
Domain Naming
NSlookup Dig Google Toolbox
Digital Artifacts Basics
Site Survey and Collection
Determining Sophistication
Time Standardization
Requesting Digital Forensic Artifacts
Handling Untrusted or Unknown Files
Setting Up an Analysis Environment
Examining Images
Intro to Encryption
Detecting Encryption
Malware Awareness
Malware Propagation
Malware History
Remote Access
Understanding Insider Threat
Introduction to Peer-to-Peer
Advanced IP Tunneling Overview
TOR versus Traditional Tunneling
Iodine IP over DNS
Email Analysis
Phishing Message Analysis
Online Auctions
Open Source Searches Using Facebook
Open Source Searches Using Twitter
Google FU
Cyber Investigations Exam
Domain Information Lookup
Examining EXIF Data and Images
Computing and Comparing Hash Values
File Search Techniques
Open Source Twitter Searches
New Course OfferingCyber Supply Chain Risk Management 2 HoursSkill Level: Basic   
+ Description
 The purpose of this course is to educate the learner about cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will teach learners how to securely provision, analyze, oversee and govern, protect and defend a supply chain.


  • Describe product supply chains and life cycles
  • Identify the role of adversaries in supply chain risk management
  • Define the risks associated with supply chains
  • State the principles of supply chain management
  • Identify security measures taken to protect a supply chain
  • Apply suggested tools to address supply chain vulnerabilities
  • Explain how knowledge of the "internet of things" (IOT) is used to evaluate products as IOT devices
  • Recognize potential dangers posed by various devices brought to work
  • Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR)
  • Define how to personally safeguard your organization’s cybersecurity

Training Purpose: Securely Provision, Analyze, Oversee and Govern, Protect and Defend

Specialty Areas Risk Management, Software Development, Systems Development, Systems Requirements Planning, All-Source Analysis, Exploitation Analysis, Targets, Threat Analysis, Cybersecurity Management, Program/Project Management and Acquisition, Strategic Planning and Policy, Cyber Defense Analysis, Cyber Defense Infrastructure Support

Training Area: Level 1 - Basic

Capture Date: 2019
+ Course Modules/Units
Supply Chain Risk Management
Introduction to Threat Hunting Teams 1.5 hoursSkill Level: Basic  
+ Description
 This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.

Training Purpose: Skill development

Specialty Areas: Computer Network Defense Analysis, Threat Analysis, Vulnerability Assessment and Management

Training Proficiency Area: Level 1 - Basic

Capture Date: 2016

+ Course Modules/Units
Defining Threat Hunting
Examples and Goals of Threat Hunting
Differences Between Hunt Teams and Other Cyber Teams
Threat Landscape
Types of Threat Modeling
Hunting Methods on Networks
Teaming and Automation Example
Threat Hunting Teams Course Exam
Root Cause Analysis 1 hourSkill Level: Intermediate  
+ Description
 This course provides an explanation of root cause analysis for cyber security incidents and an overview of two different root cause analysis models (and approaches used in these models). The course also describes how root cause analysis can benefit other incident management processes (response, prevention, and detection), and details general root cause analysis techniques that can be adopted as methods for analysis of cyber incidents.

Training Purpose: Skill Development

Specialty Areas: Threat Analysis, Computer Network Defense Analysis, Incident Response

Training Proficiency Area: Level 1 - Basic

Capture Date: 2016

+ Course Modules/Units
Root Cause Analysis Fundamentals
Root Cause Analysis Methods
Cyber Kill Chain Model for Root Cause Analysis
Sample Incident Cause Analysis Workflow
Root Cause Analysis Course Exam