CAE-CO MKU M3

CO-M3 Operating Systems

Malware subverts operating systems to undermine system security and evade detection. As the software foundation of computer systems, it is vital that cyber operators understand operating systems.

Learning outcomes

What a student must demonstrate to claim coverage of this unit. Each outcome links to the skill drills that assess it.

CO-M3-O1 Describe operating system components including kernel, shell, file system, process table, and virtual memory.
CO-M3-O2 Interact with an operating system via command line to create, read, modify, and delete files and directories with appropriate permissions.
CO-M3-O3 Monitor and control processes on a Unix-like operating system.
CO-M3-O4 Analyze operating system artifacts for evidence of adversary activity.

EWU courses that cover this unit

CSCD437 primary

CSCD 437 — Systems and Software Reverse Engineering

Software Reverse Engineering (CAE-CO Mandatory).

Exam questions that cite this unit

CSCD240-E1-A-Q01 navigation pwd is /home/ssteiner/labs/lab1; home is /home/ssteiner. For each cd, show pwd after. Assume return to starting pwd.
CSCD240-E1-A-Q02 io Give a single command that does a long listing of the current directory and scrolls the output one page at a time.
CSCD240-E1-A-Q17 process-listing Display PID and full process info for all processes containing "python".
CSCD240-E1-A-Q18 process-definition Define what a process is.
CSCD240-E1-A-Q19 job-vs-process Define what a job is and explain how jobs differ from processes.
CSCD240-E1-A-Q33 sys-id SSH-in; confirm machine name, kernel version, and architecture in one command.
CSCD240-E1-B-Q01 navigation pwd=/home/operator/target/foothold, home=/home/operator. For each cd: cd, cd ../pivot, cd ~/intel, cd ../../.., cd /tmp
CSCD240-E1-B-Q02 recon Landing on a target; identify host kernel + architecture in one command.
CSCD240-E1-B-Q03 recon Print your current username.
CSCD240-E1-B-Q05 permissions First symbol - on /usr/bin/passwd means what?
CSCD240-E1-B-Q24 process-def Define process including PID and memory.
CSCD240-E1-B-Q25 job-vs-process Define job and distinguish from process.
CSCD240-E1-B-Q26 ps List every process system-wide with PID, PPID, user, and command line.
CSCD240-E1-B-Q27 process-filter Show every process whose command line contains "cron".
CSCD240-E1-B-Q28 proc-forensics Suspect PID 31337 is a reverse shell. Print its full command line and working directory.
CSCD240-E1-B-Q31 signals Process 31337 refuses SIGTERM. Terminate unconditionally.
CSCD240-E1-C-Q03 ps Which command lists every process system-wide in BSD-style output with full command line?
CSCD240-E1-C-Q08 signals Which signal cannot be caught, blocked, or ignored?
CSCD240-E1-C-Q28 proc Show full command line of PID 4523 by reading from /proc.
CSCD240-E1-C-Q37 ps Show all processes owned by user apache, system-wide.
CSCD240-E1-C-Q43 incident-response PID 2211 spawns thousands of sh processes/min. Steps to stop without killing vital processes.

Other units at this tier in CAE-CO

CO-M1 Cyber Policy, Law, and Ethics CO-M10 Offensive Cyber Operations CO-M2 Computer Science Foundations CO-M4 Computer Networks CO-M5 Systems Programming CO-M6 Cybersecurity Foundations CO-M7 Applied Cryptography CO-M8 Software Reverse Engineering CO-M9 Defensive Cyber Operations