Exploitation Analyst Job Profile

What is an Exploitation Analyst?

The Exploitation Analyst collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.

Professional Certification

Exploitation Analyst must know:

  • computer networking concepts and protocols, and network security methodologies.
  • risk management processes (e.g., methods for assessing and mitigating risk).
  • laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • cybersecurity and privacy principles.
  • cyber threats and vulnerabilities.
  • specific operational impacts of cybersecurity lapses.
  • concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless).
  • physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
  • web mail collection, searching/analyzing techniques, tools, and cookies.
  • collection management processes, capabilities, and limitations.
  • front-end collection systems, including traffic collection, filtering, and selection.
  • cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • system administration concepts for operating systems such as but not limited to
  • Unix/Linux, IOS, Android, and Windows operating systems.
  • website types, administration, functions, and content management system (CMS).
  • applicable statutes, laws, regulations and policies governing cyber targeting and exploitation.
  • relevant reporting and dissemination procedures.
  • attack methods and techniques (DDoS, brute force, spoofing, etc.).
  • implants that enable cyber collection and/or preparation activities.
  • principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis).
  • internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.
  • client organizations, including information needs, objectives, structure, capabilities, etc.
  • collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies.
  • common networking devices and their configurations.
  • common reporting databases and tools.
  • security concepts in operating systems (e.g., Linux, Unix.)
  • data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
  • data flow process for terminal or environment collection.
  • evasion strategies and techniques.
  • how hubs, switches, routers work together in the design of a network. (See Network Management)
  • how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
  • how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).
  • identification and reporting processes.
  • Internet and routing protocols.
  • Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
  • intrusion sets.
  • midpoint collection (process, objectives, organization, targets, etc.).
  • network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
  • network topology.
  • organizational and partner authorities, responsibilities, and contributions to achieving objectives.
  • organizational and partner policies, tools, capabilities, and procedures.
  • products and nomenclature of major vendors (e.g., security suites – Trend Micro, Symantec, McAfee, Outpost, and Panda) and how those products affect exploitation and reduce vulnerabilities.
  • scripting
  • strategies and tools for target research.
  • target intelligence gathering and operational preparation techniques and life cycles.
  • terminal or environmental collection (process, objectives, organization, targets, etc.).
  • the basic structure, architecture, and design of converged applications.
  • the basic structure, architecture, and design of modern communication networks.
  • Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).

Key skills of the Exploitation Analyst include:

  • identifying gaps in technical capabilities.
  • analyzing traffic to identify network devices.
  • creating and extracting important information from packet captures.
  • creating collection requirements in support of data acquisition activities.
  • creating plans in support of remote operations. (i.e., hot/warm/cold/alternative sites, disaster recovery).
  • depicting source or collateral data on a network map.
  • determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments.
  • evaluating accesses for intelligence value.
  • generating operation plans in support of mission and target requirements.
  • identifying the devices that work at each level of protocol models.
  • identifying, locating, and tracking targets via geospatial analysis techniques
  • interpreting compiled and interpretive programming languages.
  • interpreting metadata and content as applied by collection systems.
  • navigating network visualization software.
  • performing data fusion from existing intelligence for enabling new and continued collection.
  • recognizing and interpreting malicious network activity in traffic.
  • recognizing midpoint opportunities and essential information.
  • recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).
  • researching vulnerabilities and exploits utilized in traffic.
  • target development in direct support of collection operations.
  • using databases to identify target-relevant information.
  • using non-attributable networks.
  • using trace route tools and interpreting the results as they apply to network analysis and reconstruction.
  • writing (and submitting) requirements to meet gaps in technical capabilities.

Exploitation Analyst must be able to:

  • communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • accurately and completely source all data used in intelligence, assessment and/or planning products.
  • develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
  • evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
  • collaborate effectively with others.
  • expand network access by conducting target analysis and collection to identify targets of interest.
  • identify/describe target vulnerability.
  • identify/describe techniques/methods for conducting technical exploitation of the target.
  • select the appropriate implant to achieve operational goals.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?