DoD DCWF - Exploitation Analyst

MCSI Certification

MEA - Certified Exploitation Analyst

The Exploitation Analyst course is designed for cyber professionals aiming to deepen their expertise in strategic cyber exploitation and intelligence gathering. This course adopts a structured approach to the various phases of the cyber exploitation process, including gathering information, identifying vulnerabilities, planning exploitation strategies, and executing penetration testing activities.

The course is enriched with detailed case studies that cover a range of exploitation missions, from conceptualization to execution and reporting. These case studies include scenarios such as spear-phishing attacks, managing command and control infrastructures, exploiting vulnerabilities in open source software, and targeting industrial control systems.

By the end of this course, participants will have developed the skills necessary to plan and conduct full-scale exploitation missions and thoroughly document their findings. They will be proficient in uncovering and exploiting security vulnerabilities within targeted networks and crafting sophisticated strategies to enhance their exploitation efforts.

Intermediate Level MCSI Certification Advanced
ic-certificate Certification
ic-clock 600+ hours
ic-money $1295
No Expiry, No Renewals

Course Overview

The MEA - Certified Exploitation Analyst course is tailored for cyber professionals seeking advanced expertise in strategic cyber exploitation and intelligence gathering. This structured program covers key phases of cyber exploitation, including information gathering, vulnerability identification, exploitation planning, and penetration testing execution. Participants will learn to use advanced techniques to avoid detection while gathering critical data about their targets, ultimately enhancing their ability to generate actionable intelligence to bolster network defenses.

Throughout the course, participants will engage with a diverse array of tools and techniques vital for modern cyber exploitation, with hands-on practice on Windows and Linux systems. This practical approach ensures learners not only grasp theoretical concepts but also gain proficiency in applying these skills in realistic operating environments.

Moreover, the course emphasizes leveraging exploitation findings to enhance threat intelligence, enabling participants to anticipate and counter potential cyber threats effectively. Enriched with detailed case studies, including spear-phishing attacks and targeting industrial control systems, this course equips participants to plan, execute, and report on cyber operations comprehensively.

By course completion, participants will possess the skills to conduct full-scale exploitation missions, enabling them to:

  • Implement strategies for maintaining undetected access to target networks.
  • Develop proficiency in network analysis and information gathering using a variety of tools and methodologies.
  • Conduct thorough vulnerability scans using both manual and automated tools.
  • Execute advanced exploitation techniques to achieve persistent access and privilege escalation.
  • Customize scripts and modify operating system features to enhance exploit capabilities.
  • Analyze and devise strategies to circumvent modern anti-malware technologies.
  • Utilize sophisticated scanning technologies and develop checklists for continuous system, network, and application security monitoring.

Knowledge, Skills and Abilities You Will Acquire

MCSI is one of the most respected and trusted names in cyber security education and training. Our certifications teach critical skills, knowledge and abilities needed to advance a career in cyber security. Our courses are comprehensive and up-to-date, and our instructors are experienced professionals who are dedicated to helping students learn. MCSI provides the real-world skills and knowledge you need to protect any organization from cyber threats.

  • Lab Setup and Virtualization
  • Initial Access

    Initial access is critical for exploitation analysts as it represents the first stage of a cyberattack, where threat actors gain entry into a target system or network.

    Understanding how attackers establish initial access helps analysts identify entry points, assess vulnerabilities, and implement effective security measures to prevent unauthorized access and potential exploitation. This knowledge is essential for threat detection, incident response, and overall cybersecurity defense strategies.

    Discovering Subdomains

    Discovering subdomains is important for exploitation analysts to identify additional entry points and potential attack surfaces within an organization's domain, enabling comprehensive vulnerability assessments and threat modeling.

    Brute Force Attacking Different Server Protocols (such as SMTP, FTP)

    Conducting brute force attacks on various server protocols helps exploitation analysts assess the strength of authentication mechanisms, identify weak credentials, and exploit potential misconfigurations to gain unauthorized access to target systems or services.

    Utilizing Nmap & Map Scripting Engine to Discover Vulnerabilities

    Leveraging Nmap and its scripting engine allows exploitation analysts to perform comprehensive vulnerability scans, identify exposed services, and assess potential security weaknesses in target systems, enabling proactive mitigation of vulnerabilities and secure configuration management.

    Writing Custom Web Shells

    Developing custom web shells enables exploitation analysts to establish persistent access to compromised web servers, execute arbitrary commands, and manipulate server-side functionalities for remote exploitation and post-exploitation activities.

    Writing Custom Office Macros

    Crafting custom Office macros allows exploitation analysts to create malicious documents embedded with macros that bypass security controls, enabling social engineering attacks and delivering payloads to compromise target systems through user interaction.

    Creating Custom Phishing Pages

    Developing custom phishing pages mimicking legitimate websites helps exploitation analysts launch targeted social engineering attacks, tricking users into disclosing sensitive information or credentials, facilitating initial access and subsequent exploitation of systems and networks.

  • Execution and Persistence

    Execution and persistence are crucial stages for exploitation analysts as they involve deploying and maintaining malicious code or access within a target environment.

    Understanding execution techniques allows analysts to assess attack vectors, while persistence strategies enable sustained control over compromised systems, facilitating further exploitation and data exfiltration. These stages are fundamental for comprehending threat actor behavior and implementing effective defensive measures against advanced threats.

    Building Advanced Reverse Shells in Languages (such as VBS, Python, etc.)

    Developing advanced reverse shells in various languages allows exploitation analysts to establish persistent remote access to compromised systems, enabling remote command execution and post-exploitation activities for further exploitation and data exfiltration.

    Incorporating DLL Injection

    Implementing DLL injection techniques enables exploitation analysts to inject malicious code into legitimate processes, bypassing security controls and establishing persistent execution within target systems, facilitating privilege escalation and stealthy persistence.

    Writing Ransomware

    Developing ransomware allows exploitation analysts to create malicious software that encrypts files and demands ransom payments, demonstrating advanced techniques for execution and persistence within targeted environments, emphasizing the importance of robust cybersecurity defenses and incident response strategies.

    Writing Custom Malware Droppers

    Designing custom malware droppers enables exploitation analysts to deliver and execute payloads discreetly, evading detection and establishing persistent malware presence on compromised systems, highlighting the significance of proactive threat hunting and defensive security measures to detect and mitigate such threats.

    Persisting on Linux & Windows Machines

    Implementing persistence techniques on Linux and Windows machines allows exploitation analysts to maintain unauthorized access and control over compromised systems, demonstrating the need for continuous monitoring, vulnerability management, and incident response to detect and mitigate advanced threats.

  • Privilege Escalation and Credential Access

    Privilege escalation and credential access are critical for exploitation analysts as they allow threat actors to gain elevated privileges and access sensitive resources within target systems.

    Understanding these techniques is essential for identifying and mitigating security vulnerabilities, preventing unauthorized access, and safeguarding against malicious activities that exploit privileged accounts or credentials. This knowledge enhances overall cybersecurity defenses and strengthens incident response capabilities against advanced threats.

    Exploiting Numerous Privilege Escalation Vulnerabilities on Windows

    Identifying and exploiting privilege escalation vulnerabilities on Windows systems enables exploitation analysts to escalate their privileges to gain unauthorized access to sensitive resources, emphasizing the critical need for patch management and security hardening to mitigate such risks.

    Exploiting Numerous Privilege Escalation Vulnerabilities within Linux

    Leveraging privilege escalation vulnerabilities in Linux environments allows exploitation analysts to escalate their privileges and execute unauthorized commands, underscoring the importance of least privilege principles and access controls to prevent unauthorized actions and maintain system integrity.

    Bypassing Windows UAC

    Bypassing User Account Control (UAC) on Windows systems enables exploitation analysts to execute elevated commands without user consent, highlighting the significance of security configurations and user awareness training to mitigate UAC bypass techniques and defend against privilege escalation attacks.

    Creating Automated Script Escalation Programs

    Developing automated script escalation programs streamlines privilege escalation techniques, enabling exploitation analysts to efficiently exploit vulnerabilities and escalate privileges, emphasizing the importance of proactive security measures and incident response to detect and mitigate such automated attacks.

    Dumping Windows User Passwords

    Extracting and dumping Windows user passwords allows exploitation analysts to obtain plaintext credentials, enabling unauthorized access to systems and networks, highlighting the critical need for secure password management practices and multi-factor authentication to protect against credential theft and misuse.

    Stealing Domain Admin Credentials

    Stealing domain administrator credentials grants exploitation analysts full control over Active Directory environments, emphasizing the importance of privileged access management, security monitoring, and threat detection to prevent unauthorized domain access and mitigate potential impacts of credential theft.

    Cracking Passwords

    Cracking passwords enables exploitation analysts to gain unauthorized access to user accounts and sensitive resources, emphasizing the critical need for strong password policies, password hashing, and encryption to protect against brute force attacks and unauthorized credential access.

  • Evasion Techniques

    Evasion techniques are crucial for exploitation analysts as they enable threat actors to bypass detection mechanisms and evade security controls deployed by defenders.

    Understanding evasion tactics is essential for developing effective detection and mitigation strategies to counter sophisticated attacks and enhance overall cybersecurity posture against advanced threats.

    Writing Malware that Prevents Behavioral Analysis

    Developing malware with anti-analysis techniques prevents detection by security tools that rely on behavioral analysis, highlighting the importance of continuous threat intelligence and advanced detection methods to identify and mitigate evasive threats.

    Writing Custom Code Obfuscation

    Implementing custom code obfuscation techniques disguises malicious code to evade detection by antivirus and security solutions, emphasizing the need for robust endpoint protection and threat hunting capabilities to detect and analyze obfuscated threats.

    Obfuscating Malware

    Employing malware obfuscation techniques conceals malicious payloads from security tools and analysts, underscoring the importance of layered defenses and proactive threat detection to identify and mitigate obfuscated threats targeting organizations' digital assets.

    Bypassing Common Antivirus Products (Windows Defender, etc.)

    Developing malware that evades detection by popular antivirus products like Windows Defender highlights the need for continuous security updates, threat intelligence, and behavioral analysis to detect and block emerging threats that bypass traditional security measures.

    Disguising Malware

    Masking malware to appear as legitimate files or software disguises malicious intent and evades detection by security controls, emphasizing the importance of user education, security awareness, and endpoint protection to prevent the inadvertent execution of disguised threats.

  • Movement and Collection

    Movement and collection are critical phases for exploitation analysts as they involve the lateral movement within a compromised network and the gathering of valuable data or assets.

    Understanding these phases is essential for detecting and mitigating threats, preventing data exfiltration, and ensuring the integrity and confidentiality of sensitive information within the targeted environment.

    Writing Custom Host Enumeration Programs (Linux & Windows)

    Developing custom host enumeration programs allows exploitation analysts to identify and catalog network hosts and services, facilitating lateral movement and targeted data collection within compromised environments, highlighting the need for network segmentation and access controls to limit unauthorized host enumeration.

    Creating a Custom Fingerprinting Tool for Browsers

    Developing a custom browser fingerprinting tool enables exploitation analysts to gather unique browser identifiers and user-agent information for targeted reconnaissance and profiling, emphasizing the importance of privacy-enhancing technologies and user awareness to mitigate browser-based tracking and fingerprinting techniques.

    Performing Pass the Hash Attacks

    Executing pass the hash attacks allows exploitation analysts to authenticate to systems using captured hash values, enabling lateral movement and privilege escalation within compromised networks, underscoring the critical need for secure authentication protocols, monitoring, and detection mechanisms to detect and prevent credential-based attacks.

    Accessing Hosts that are Not Directly Connected to the Internet

    Gaining access to hosts not directly connected to the internet demonstrates the importance of network segmentation, secure remote access controls, and threat detection to protect critical assets and prevent unauthorized access from external threats, highlighting the need for robust cybersecurity practices and incident response strategies to defend against advanced threats targeting isolated systems.

    Writing Custom Programs that Record the Screen, Steal Clipboard Data, Steal Credit Cards from Memory, etc.

    Developing custom programs with malicious functionalities enables exploitation analysts to capture sensitive information and perform unauthorized actions on compromised systems, emphasizing the importance of endpoint detection and response, user awareness training, and data loss prevention measures to protect against data exfiltration and unauthorized access to confidential data.

  • Command and Control

    Command and control (C2) is crucial for exploitation analysts as it enables threat actors to remotely manage and control compromised systems, facilitating further exploitation, data exfiltration, and persistence within target environments.

    Understanding C2 techniques is essential for detecting and mitigating malicious activities, strengthening network defenses, and minimizing the impact of cyber incidents by disrupting unauthorized command execution and communication channels.

    Writing Malware that Encrypts Its Own Traffic

    Developing malware that encrypts its own traffic enables threat actors to obfuscate communication channels and evade network detection, underscoring the importance of deep packet inspection, behavioral analysis, and threat intelligence to identify and block malicious C2 activities.

    SSH Tunneling

    Utilizing SSH tunneling allows threat actors to establish secure and encrypted communication channels for C2 operations, highlighting the need for network monitoring, anomaly detection, and secure access controls to detect and mitigate unauthorized tunneling activities.

    Domain Fronting

    Implementing domain fronting techniques disguises malicious C2 traffic as legitimate HTTPS traffic, emphasizing the importance of DNS monitoring, threat intelligence, and security awareness to detect and block domain fronting tactics used by threat actors for covert C2 communications.

    Implementing TripWires

    Deploying tripwires allows defenders to detect unauthorized C2 activity and trigger alerts based on predefined behavioral patterns or indicators of compromise, highlighting the importance of proactive threat hunting, incident response, and real-time monitoring to identify and disrupt malicious command and control operations.

    Writing a Custom HTTP Redirectory

    Developing a custom HTTP redirector enables threat actors to manipulate and redirect web traffic for C2 purposes, emphasizing the need for secure web gateway solutions, traffic analysis, and threat detection mechanisms to identify and block unauthorized HTTP redirections used in malicious C2 activities.

  • Documentation and Analysis

    Documentation and analysis are essential for exploitation analysts as they enable the comprehensive documentation of attack techniques, findings, and remediation strategies, facilitating knowledge sharing, incident response, and continuous improvement of defensive measures.

    Proper documentation and analysis also support forensic investigations, threat intelligence gathering, and the development of effective mitigation strategies to enhance overall cybersecurity posture and resilience against evolving threats.

    Writing a Network Penetration Testing Checklist

    Developing a network penetration testing checklist facilitates organized and systematic assessments of network security, enabling exploitation analysts to identify vulnerabilities, prioritize remediation efforts, and enhance overall network defense strategies.

    Writing a Privilege Escalation Checklist (Windows & Linux)

    Creating privilege escalation checklists for Windows and Linux systems aids exploitation analysts in identifying and exploiting security weaknesses to elevate privileges, enabling effective defense-in-depth strategies and proactive mitigation of privilege escalation risks.

    Developing Industry Footprints

    Building industry footprints allows exploitation analysts to understand sector-specific vulnerabilities, threat landscapes, and compliance requirements, supporting targeted cybersecurity strategies and proactive defense measures tailored to specific industry sectors.

    Mapping Breaches

    Mapping breaches involves documenting and analyzing past cybersecurity incidents, enabling exploitation analysts to identify patterns, assess impact, and implement effective incident response strategies and security controls to prevent future breaches and mitigate risks.

    Leveraging Threat Intelligence

    Utilizing threat intelligence enhances the analysis and documentation process by providing actionable insights into emerging threats, attacker techniques, and indicators of compromise (IOCs), empowering exploitation analysts to proactively defend against evolving cyber threats and strengthen organizational security posture.

DoD Cyber Workforce Framework KSATs

This course teaches the specific Knowledge, Skills, Abilities, and Tasks (KSATs) aligned with the DoD Cyber Workforce Framework (DCWF) as outlined in DoD 8140. By focusing on these critical competencies, the course ensures that you develop the essential capabilities required for various cybersecurity roles within the Department of Defense. This alignment not only guarantees that the training is relevant and comprehensive but also that it prepares you to meet the specific operational needs and standards of the DoD cyber workforce.

  • knowledge
    ID Description
    22 Knowledge of computer networking concepts and protocols, and network security methodologies.
    108 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
    264 Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
    1158 Knowledge of cybersecurity principles.
    1159 Knowledge of cyber threats and vulnerabilities.
    3095 Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
    3106 Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).
    3107 Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).
    3129 Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
    3137 Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).
    3179 Knowledge of common networking devices and their configurations.
    3191 Knowledge of concepts for operating systems (e.g., Linux, Unix).
    3225 Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
    3289 Knowledge of how hubs, switches, routers work together in the design of a network.
    3291 Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).
    3346 Knowledge of Internet and routing protocols.
    3407 Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
    3410 Knowledge of network topology.
    3513 Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.
    3543 Knowledge of the basic structure, architecture, and design of modern communication networks.
    6900 Knowledge of specific operational impacts of cybersecurity lapses.
    345 Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies.
    912 Knowledge of collection management processes, capabilities, and limitations.
    915 Knowledge of front-end collection systems, including traffic collection, filtering, and selection.
    3055B Knowledge of basic implants.
    3113 Knowledge of target intelligence gathering and operational preparation techniques and life cycles.
    3139 Knowledge of basic principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis).
    3146 Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.
    3155 Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.
    3166 Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies.
    3181 Knowledge of common reporting databases and tools.
    3201 Knowledge of all relevant reporting and dissemination procedures.
    3226 Knowledge of data flow process for terminal or environment collection.
    3256 Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.).
    3261 Knowledge of evasion strategies and techniques.
    3296 Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).
    3349 Knowledge of intrusion sets.
    3386 Knowledge of midpoint collection (process, objectives, organization, targets, etc.).
    3432 Knowledge of identification and reporting processes.
    3454 Knowledge of products and nomenclature of major vendors (e.g., security suites – Trend Micro, Symantec, McAfee, Outpost, Panda, Kaspersky) and how differences affect exploitation/vulnerabilities.
    3474 Knowledge of scripting
    3505 Knowledge of strategies and tools for target research.
    3525 Knowledge of organizational and partner policies, tools, capabilities, and procedures.
    3542 Knowledge of the basic structure, architecture, and design of converged applications.
    3622 Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives.
    3637 Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).
  • skills
    ID Description
    3801 Skill in identifying the devices that work at each level of protocol models.
    3867 Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).
    363 Skill in identifying gaps in technical capabilities.
    3678 Skill in analyzing traffic to identify network devices.
    3715 Skill in creating and extracting important information from packet captures.
    3718A Skill in creating collection requirements in support of data acquisition activities.
    3718 Skill in creating plans in support of remote operations.
    3726 Skill in depicting source or collateral data on a network map.
    3741 Skill in determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments.
    3774 Skill in evaluating accesses for intelligence value.
    3803 Skill in identifying, locating, and tracking targets via geospatial analysis techniques
    3810 Skill in interpreting compiled and interpretive programming languages.
    3812 Skill in interpreting metadata and content as applied by collection systems.
    3814 Skill in using trace route tools and interpreting the results as they apply to network analysis and reconstruction.
    3818 Skill in generating operation plans in support of mission and target requirements.
    3828 Skill in navigating network visualization software.
    3837 Skill in performing data fusion from existing intelligence for enabling new and continued collection.
    3860 Skill in recognizing and interpreting malicious network activity in traffic.
    3863 Skill in recognizing midpoint opportunities and essential information.
    3874 Skill in researching vulnerabilities and exploits utilized in traffic.
    3894 Skill in target development in direct support of collection operations.
    3913 Skill in using databases to identify target-relevant information.
    3923 Skill in using non-attributable networks.
    3950 Skill in writing (and submitting) requirements to meet gaps in technical capabilities.
  • abilities
    ID Description
    3021 Ability to collaborate effectively with others.
    3022 Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
    3103A Ability to identify/describe target vulnerability.
    3103 Ability to identify/describe techniques/methods for conducting technical exploitation of the target.
    3001 Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
    3039 Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
    3043 Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
    3055A Ability to select the appropriate implant to achieve operational goals.
    3101 Ability to expand network access by conducting target analysis and collection in order to identify targets of interest.
  • tasks
    ID Description
    2194 Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.
    2400 Examine intercept-related metadata and content with an understanding of targeting significance.
    2718 Profile network or system administrators and their activities.
    2029A Apply and utilize authorized cyber capabilities to enable access to targeted networks.
    2033 Apply cyber collection, environment preparation and engagement expertise to enable new exploitation and/or continued collection operations, or in support of customer requirements.
    2040 Apply and obey applicable statutes, laws, regulations and policies.
    2072 Perform analysis for target infrastructure exploitation activities.
    2090 Collaborate with other internal and external partner organizations on target access and operational issues.
    2095 Communicate new developments, breakthroughs, challenges and lessons learned to leadership, and internal and external customers.
    2102 Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access.
    2114 Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access.
    2419 Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development.
    2461 Identify gaps in our understanding of target technology and developing innovative collection approaches.
    2490 Identify, locate, and track targets via geospatial analysis techniques.
    2534 Lead or enable exploitation operations in support of organization objectives and target requirements.
    2542 Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.
    2608 Monitor target networks to provide indications and warning of target communications changes or processing failures.
    2714 Produce network reconstructions.

Career Outcomes

Our Exploitation Analyst course prepares you to identify and exploit vulnerabilities in targeted networks. Through practical training, you will learn to conduct detailed technical analyses, collaborate with development teams, and apply innovative collection techniques. Gain expertise in monitoring target networks, performing geospatial analysis, and producing actionable intelligence. By the end of the course, you will be equipped with the skills needed to support cyber operations and ensure the security of DoD missions.

Certification Detail

MCSI certifications are highly respected and sought-after credentials in the industry. Earning an MCSI certification is a testament to your knowledge and skillset, and demonstrates your commitment to excellence. The content is cutting-edge, uniquely-designed, and hands-on. Our exercises teach in-demand skills that are immediately applicable in the field.

The certifications are valid indefinitely and do not require any renewal fees. The training is accessible without any time limits.


Training Modules

This course provides you with multiple training modules, each of which is designed to teach you practical skills that can help you solve important cyber problems. Each module offers exercises that will help you build your skills and capabilities.

  • MEA-001: Lab Setup - 5 exercises
  • MEA-100: Information Gathering - 20 exercises
  • MEA-101: Network Analysis - 5 exercises
  • MEA-102: Initial Access - 8 exercises
  • MEA-103: Execution - 13 exercises
  • MEA-104: Persistence - 10 exercises
  • MEA-201: Privilege Escalation - 16 exercises
  • MEA-202: Anti Behavioral Analysis - 3 exercises
  • MEA-203: Anti Static Analysis - 4 exercises
  • MEA-301: defense Evasion - 13 exercises
  • MEA-302: Credential Access - 8 exercises
  • MEA-303: Discovery - 7 exercises
  • MEA-304: Lateral Movement - 4 exercises
  • MEA-305: Collection - 5 exercises
  • MEA-401: Command and Control - 8 exercises
  • MEA-501: Documentation / Process - 3 exercises
  • MEA-502: Geo-Location - 5 exercises
  • MEA-503: Intelligence and Counterintelligence - 6 exercises


Cyber professionals must be ready for everything. The typical security training strategy, which focuses on individual skills and tools, is insufficient. You must be able to operate as part of a team, see the big picture, and respond swiftly and effectively to unforeseen circumstances. That's why, as part of our training, we use replays of whole cyber missions. Our scenarios help you prepare for the demands of the job and give you confidence in your ability to work professionally.

  • MEA-SC-01: Operation Arctic Winter - 6 exercises
  • MEA-SC-02: Operation Desert Sandworm - 10 exercises
  • MEA-SC-03: Penetration Testing Challenges - 4 exercises
  • MEA-SC-04: Operation Industrial Delta - 10 exercises
  • MEA-SC-05: Operation Black Panther - 8 exercises

Enroll now with lifetime access for $1295


MCSI Industry Certifications are important for you to earn because they signify that you have the skills required to work in a cybersecurity. Certificates of Completion are also important to earn because they signify that you have completed an exercise. Earning Certificates of Completion and Industry Certifications demonstrates that you are willing to put in the extra work to be successful.




Obtain CPE points by solving exercises


Achieve multiple certifications


Receive help from instructors online

This certification is aligned with the DoD Cyber Workforce Framework (DoD 8140), ensuring you receive training that meets the standards and competencies required for cybersecurity roles within the Department of Defense. This alignment guarantees that you gain relevant, up-to-date skills and knowledge tailored to the specific needs of the DoD cyber workforce, effectively preparing you to support and secure defense operations.

Certificate Level Curriculum Completion Requirement Scenarios Completion Requirement
MCSI Exploitation Analyst (Basic) Level 1 50% 0%
MCSI Exploitation Analyst (Intermediate) Level 2 75% 50%
MCSI Exploitation Analyst (Advanced) Level 3 95% 100%

Sample Exercises

Below are three (3) exercises from the 100+ exercises available in MCDFA - Certified Cyber Defence Forensics Analyst:

Write A PS Script That Installs An Insecure Windows Service


Exclude A Folder From Anti-Virus Scanning And Run Mimikatz From There


Use Meterpreter To Dump Password Hashes Stored In The SAM Database And LSASS


Our Instructors

Student exercises are reviewed and graded by multiple instructors. This one-of-a-kind approach allows you to get highly personalized input from a number of successful professionals.

MCSI's teachers bring real-world experience and knowledge to the classroom, ensuring that students have the skills they need to excel in the field of information security. Due to their extensive experience in penetration testing, vulnerability assessment, reverse engineering, incident response, digital forensics, and exploit development, students will understand the most up-to-date defensive and offensive cybersecurity strategies and procedures.

Our instructors are passionate about information security and are always looking to further their own knowledge. Students who attend an MCSI course can be confident that they are learning from some of the best in the business. They can adapt their teaching approaches to match the demands of any student, regardless of their degree of expertise.

The MCSI team strives to provide the most comprehensive and up-to-date cybersecurity training available. Whether you are a seasoned security professional or new to the field, MCSI has a course that will meet your needs.

Receive personalized feedback from cybersecurity experts:

  • Overcome challenges and hurdles preventing you from advancing your skills
  • Receive guidance on how to focus your training efforts and avoid wasting time
  • Learn how to meet the industry's quality standards and produce high-quality work
  • When you're stuck, go to a support forum or ask inquiries to the instructors right on the platform

Help and Support

24/7 Discord Community

If you're looking for additional support during your studies, consider joining our Discord server. Our community of fellow students and instructors is always available to provide help and answer any questions you may have.

Personalized Support

Your submissions will be reviewed by MCSI instructors, who will provide you with personalized feedback. This input is critical since it can assist you in identifying the areas where you need to enhance your skills. The instructor's feedback will also tell you how well you did an exercise and what you can do to improve your performance even further.

Click here to see an example of personalized feedback.

Our personalized support will take your skills to the next level. Read what a student says about it:

Quick Questions

If you have any questions or need clarification on any of the exercises, MCSI offers a Quick Questions section on each exercise where you can ask for help. This is a great resource to use if you need assistance. This feature is only available for paid courses.

Actively Maintained Course

This course is actively maintained to ensure that it is current and error-free. We want to ensure that you have the best possible experience while taking this course, which includes having access to accurate and current information. This course is also tested for flaws on a regular basis, so you can be sure you're getting a high-quality product.

This course is constantly updated with the support of trustworthy industry peers to ensure that students are acquiring the most up-to-date information and skills. This dedication to staying ahead of the curve is what distinguishes this course as one of the greatest in the market.


Training Laptop Requirement

This course can be completed on a standard training laptop. To ensure you have the necessary hardware to complete the course, your machine should meet the following specifications:

  • 64-bit Intel i5/i7 2.0+ GHz processor or equivalent
  • 8GB of RAM
  • Ability to run at least (1) virtual machine using Virtual Box, or an equivalent virtualization software
  • Windows 10 or later, macOS 10 or later, or Linux
  • Local administrator privileges
Do you support older operating systems?

Yes. Many of the exercises can be completed on older OS versions. A few of our students are successfully using older equipment to learn cyber security.

Proficiency in the English language

You must have the ability to comfortably read and understand IT documentation written in English. Ideally, they have an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for this course without having undertaken an English test.

Lab Environment

This course teaches you how to setup and configure your own cybersecurity lab.

There are numerous advantages to creating your own cybersecurity lab rather than paying for one. The cost savings are perhaps the most evident benefit. When compared to the expense of licensing a pre-built lab, creating your own lab can save you thousands of dollars. You also have the option of customizing the lab environment to meet your specific requirements. You can, for example, select the hardware and software that will be used in your lab.

Another advantage of setting up your own cybersecurity lab is that it allows you to learn new skills. Building a lab from the ground up necessitates knowledge of networking, system administration, and other technical subjects. This experience is invaluable in your career as a cybersecurity professional.

We frequently see students who can complete a task in a pre-built lab but cannot complete the same task at work. This is because these labs are meant to lessen work complexity, thereby creating an illusion of personal capabilities. It's also worth noting that you'll be expected to set up your own lab to test tools and techniques in the workplace. Employers may give you the resources to set up virtual computers and networks, but it will be up to you to manage the lab environment and maintain your tools.

Finally, you should know that pre-built labs are not commonly licensed by top cybersecurity professionals. They've realized that setting up a lab is simple, efficient, adaptable, cost-effective, and that it sparks creativity. It also nullifies risk of performing unauthorized actions against systems provisioned by a third-party.

Aptitude Test (Optional)

This is an advanced course. It includes exercises for novices but assumes that they have competent IT skills and a strong understanding of cybersecurity concepts.

Aptitude Test:

If you're not sure if you'll be able to fully enjoy this course, then contact us via email to organize a free aptitude test. This test will determine whether you meet the course's basic baseline criteria. If you've never studied with us before, it will also introduce you to the MCSI Method™.

Why MCSI's Vulnerability Assessment Analyst Certification is World Class

why MCSI

Comprehensive Vulnerability Assessment Training

The MVAA certification equips participants with rigorous training in vulnerability identification, assessment methodologies, and mitigation strategies, preparing them for real-world cybersecurity challenges.

why MCSI

Specialized Focus on Security Assessments

MVAA-certified analysts gain in-depth knowledge of penetration testing, compliance auditing, and security assessments across web applications, software, hosts, and networks, enabling them to conduct thorough evaluations and vulnerability assessments.

why MCSI

Proficiency in Report Drafting and Communication

The MVAA certification emphasizes the development of industry-standard reports that effectively communicate findings, recommendations, and remediation strategies to stakeholders, ensuring clarity and actionable insights from vulnerability assessments.

Enrollment and Fees


Terms and Conditions

  • No discounts
  • No refunds
  • No transfers
  • No renewal fees
  • No hidden fees
  • No time limits
  • Exercises must be completed on MCSI's Online Learning Platform
  • You'll also be charged GST if you live in Australia

Cooling-Off Policy

Received a full refund if you changed your mind about a purchase within 24 hours. No questions asked. Read the full details here.

Don't Buy This Course

Don't buy this course if you think learning cyber security is simple, that it will only take a few hours, that remembering a few concepts from videos and books would be enough, or, that you should be provided with walkthroughs and solutions to practical problems instead of thinking critically for yourself.

Our competitors are misleading you by claiming that their video courses and open-book theoretical certificates will teach you everything you need to know about cyber security. We recommend that you stay away from our courses until you've realized that cybersecurity requires hundreds of hours of training against difficult challenges under the watchful eye of experts encouraging you to improve your weaknesses. Only then will you understand the value of this course and the benefits that the MCSI Method™ can bring to your career. We only want satisfied customers.

When purchasing a course, you acknowledge that you understand and agree with our 100% practical MCSI Method™: no solutions, no walkthroughs, and you're expected to use critical thinking and research to solve the exercises. If you're not sure how this work, try our free version before buying.

How does MCSI Compare?

If you are looking for a certification that will give you an edge in the job market, look no further than MCSI certifications. Thanks to our innovative approach, cybersecurity training is more affordable and effective than traditional methods.

Our pricing is more affordable than our competitors because we have reinvented how cyber training is done online. Our innovative Online Learning Platform is highly effective at teaching cyber security. The platform provides a more engaging and interactive learning experience than traditional methods, which helps students learn and retain skills better. Try the free version and see for yourself.

Enroll now with lifetime access for $1295

Bloom's Taxonomy

Bloom's Taxonomy is a system for categorizing distinct stages of intellectual growth. It is used in education to assist students comprehend and learn material more effectively. MCSI teaches students how to apply, analyze, evaluate, and create at the highest levels of the taxonomy. The majority of our competitors are simply concerned with getting you to remember concepts.

The intellectual developments outlined in Bloom's Taxonomy are directly tied to your capacity to advance in your cyber security career. Employers look for people who can solve challenges that are worth paying for. With us, you'll learn practical skills that are in demand and applicable to a wide range of cyber occupations.

Industry Recognized Skills

MCSI credentials are well-respected around the world, and organisations searching for people with real cyber security abilities seek them out. Obtaining an MCSI certification verifies your understanding of critical cyber security topics as well as your ability to provide real-world results.

The ability of MCSI's training programme to give students with real-world, hands-on experience is unrivalled. Students must conduct their own research and develop their own answers in order to complete our practical exercises, which are meant to give them the skills they need to be successful in the field.

With MCSI, you will build a comprehensive cybersecurity portfolio of your skills as you complete exercises. This portfolio is a powerful tool for displaying your cybersecurity knowledge and abilities. A portfolio, as opposed to typical resumes and paper-based credentials, presents a more thorough summary of your skills and accomplishments.

Students Feedback

Here's what students say about the MCSI Method™ and our Online Learning Platform:

Student Testimonials

Frequently Asked Questions

What is the MCSI Method™?

Common Questions

  • Are solutions included in certifications and bundles?
    • No. Our method of teaching cyber security consists of challenging you with real-world problem statements that you're expected to research and solve by doing your own research. This is how you'll be expected to work in the field. When you fail an exercise, we provide you with constructive feedback to improve and try again.
  • Do bundles, training content, or certificates ever expire? Am I expected to buy again in the future?
    • Upon purchase, bundles and certificates are permanently unlocked with no recurring or ongoing fees.
  • Do I need to buy the training and the certification separately?
    • No. The price provided covers both. You only pay once.
  • Do you offer any special offers and discounts?
    • We understand that many of our customers may be looking for discounts, and we would love to be able to offer them. However, we do not provide discounts because we believe that our prices are fair and reasonable. We work hard to keep our prices low, and we feel that discounts would be unfair to our other customers. We hope you understand.
  • If I can't solve the exercise where do I go for help?
  • Who reviews and marks exercises?
    • Trained cyber security instructors that work for Mossé Cyber Security Institute.
    • MCSI instructors are highly qualified and experienced professionals who are able to teach a variety of topics related to information security. They have the ability to tailor their teaching methods to meet the needs of each student, regardless of their experience level. In addition, they are always up-to-date on the latest trends and developments in information security, which enables them to provide students with the most relevant and current information.
  • We can't pay via credit card. Can you raise an invoice for wire payment instead?
    • Yes. Send us the list of bundles and certifications you want to purchase at [email protected]
  • Can I access a trial/demo the certification programmes prior to enrolling?
    • We provide a free curriculum with 100+ hours practical exercises you can try.
    • The Free Curriculum teaches Security Tools, Penetration Testing, Red Teaming, Threat Hunting, Cyber Defence, GRC and Windows Internals.
    • Try the Free Curriculum
  • Do you provide Continuing Professional Education (CPE) credits?
    • Yes. Every single exercise offers CPE credits. The number of credits earned depends on the difficulty of the exercise completed. Below are the CPE Credits achieve for an exercise in each difficulty:
    • Novice exercises = 1 CPE credits
    • Advanced Beginner exercises = 2 CPE credits
    • Competent exercises = 5 CPE credits
  • Do I need to complete an exam to receive MCSI Certification?
    • No. MCSI Certifications are completed by solving practical cybersecurity exercises.
  • Do I need to purchase cybersecurity tools or subscriptions?
    • No. Only free or trial versions are used in our exercises. You do not require making any purchases.

More Kind Words from Students

Enroll now with lifetime access for $1295


We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to learn hands-on cyber security skills online?

Try 100 hours for free