The Cuckoo’s Egg Decompiled Course

In the 1980’s, Cliff Stoll discovered a $0.75 accounting error on the computer systems he managed at Lawrence Berkeley Laboratory. This small discovery would eventually lead him on the year-long pursuit of a group of five KGB sponsored hackers who managed to access numerous US government and military networks. His story has inspired countless people to pursue the profession of information security.

The Cuckoo’s Egg Decompiled is a free online course designed to provide an introduction to information security, as told through the lens of Cliff Stoll’s “The Cuckoo’s Egg” book.

The course was recorded live online from Nov 2017 through Jan 2018. The course videos, slides, and lecture notes are freely available under the terms of the Creative Commons CC BY-NC 4.0 license. That means you are free to use, share, and adapt this content. However, you must give appropriate credit/citations and you may not use it for commercial purposes. However, if you are a college professor or high school teacher you may adapt it for your classes.

* Your ad blocker may block the link above. You may need to exclude this page or browse in incognito mode to access the download.

Syllabus

This is an entry-level course for those who are newly exploring information security, individuals who want exposure to a wide array of security concepts, or high school and college students. There are no specific pre-requisites.

Week 1 (Chapters 1-3)

Locard’s Exchange Principle and Forensic Analysis

Timestamps and Time Zone Considerations in Forensic Analysis

Network Security Monitoring

Week 2 (Chapters 4-8)

Principle of Least Privilege

Sudo

Attack Surface

Account Separation

Vulnerabilities and Exploits

Process Monitoring

Week 3 (Chapters 9-14)

Password Theft

E-Mail Phishing

Social Engineering Toolkit

Extracting Passwords from PCAPS (MITM)

Mimikatz

Password Hashes

Password Cracking

John the Ripper

Evidence Abstraction

Insider vs. Outsider Threat

Week 4 (Chapters 15-23)

Choice Architecture and Nudges

Defensible Network Architecture

Perimeter-Hardened Networks

Zero Trust Networks / BeyondCorp

Air Gapped Networks

Social Engineering

Week 5 (Chapters 24-30)

Practitioner OPSEC

Browsing Security

Ad Networks / Trackers

Password Managers and Flaws

Link Safety

Attacker Pivoting

SSH Chaining

Netcat

Attribution Fact/Fiction

Week 6 (Chapters 31-37)

Cognitive Bias

Estimative Probability in Reporting

Open Source Intelligence

The Diamond Model

Intelligence Limitations

Incident Response Process (PICERL)

Week 7 (Chapters 38-46)

Industrial Control System Security and Fact/Fiction

Traditional Honeypots

Tactical Honeypots

Cowrie

Honeytokens

Week 8 (Chapters 47-56)

Digital Evidence Handling

Interview with Hans “Pengo” H übner

Course Review

Significance of the Book

FAQ

What is included in the download?

The download includes all of my lecture notes and the PowerPoint slides.

Can I adapt this to my own class?

Yes. However, you can’t commercially sell it for a profit. High school teachers and college professors are free to adapt it to their courses with proper citations.

How can I cite this course properly?

Sanders, Chris (2018). The Cuckoo’s Egg Decompiled: An Introduction to Information Security. Retrieved from http://www.chrissanders.org/cuckoosegg.

Why did you create this course?

The Cuckoo’s Egg is an important book in information security and helped shape both the field itself and the public perception of security and privacy. Several of my colleagues got into this field or chose to pursue specific facets of it based on reading the book. Even though it is over thirty years old, many of the concepts still apply. Taking this old story and using it as a backing and introduction to modern concepts was really fun, and I thought it would be a unique way to introduce a variety of concepts to people who are new to the field. I also wanted to provide resources that high school and college teachers could utilize for their course development.

How many people attended the live recordings?

Over the eight week run of the course, just over a thousand people took part in the course with many more accessing the recorded videos.

How can I contact you with questions or feedback?

I’m reachable at chris@chrissanders.org. If you enjoy the materials or adapt them in some way, I’d love to learn about it!

Do you offer any other courses?

I do occasionally offer free courses from time to time. However, I also run a company called Applied Network Defense where we produce high-quality information security practitioner-focused training. If you like our free stuff like this course, you’ll really love our paid products. You can view the complete course catalog at http://networkdefense.io. You can also stay up to date with new course announcements by subscribing to my mailing list.

Thank You

I’d like to extend a special thanks to: