The best way to defend is to think like an attacker

At Raytheon we recognize that cyber defenders need to know the techniques, tactics, and tools that hackers — be they state actors, ransomware criminals, or lone-wolfs — use, so that they’ll be able to defend against them. To train cyber defenders to meet these challenges, Raytheon has developed the Offensive Labs training program.

There is a worldwide shortage of cybersecurity experts. Currently, there are about 436,000 vacant cyber jobs in the U.S. and 3.4 million globally, according to a report from (ISC)2, a non-profit organization specializing in cyber training and certification programs that issues an annual study on cybersecurity workforce trends. Offensive Labs aims to help close this gap by upskilling current cybersecurity professionals as well as training professionals in related fields to have the cybersecurity skills to think like an attacker.

Offensive Labs offers students offensive cyber training with extensive experiential learning through hands-on instruction and labs from industry experts in offensive cybersecurity – all tailored to meet the learning needs of the individual. The course is done through both instructor-based training (virtual and on-site) and on-demand course work through an eLearning platform.


The Offensive Labs training curriculum begins with an evaluation of the student’s strengths and weaknesses, and then offers a tailored training plan to fit the needs of each student. 

While specific details will be customized for each student, curriculum is provided from these core components:

  • Foundational training to establish a baseline skillset during the first week.
  • Specialized learning in a particular tradecraft.
  • Specialized learning in one of five specific target platforms.
  • A capstone project to stretch the abilities of the engineer and provide valuable hands-on experience.

The specialized needs of cybersecurity professionals require deep knowledge and specialized abilities not commonly found in defensive cyber workforces. Offensive Labs enables customers to onboard technical engineers through intensive training specially tailored to meet their needs. Training disciplines currently include Vulnerability Research (VR), Computer Network Operations (CNO) Development, and Reverse Engineering (RE).

Foundational: General Knowledge and Tools

Introductory sessions cover basic topics such as assembly language, architectures, stack frames, program control flow, reverse engineering, development tools, debugging, and basic exploitation. Tools will be introduced, and students will work through a series of exercises that gradually increase in difficulty, allowing them to become more familiar with tools they will use in subsequent training and on future programs.

Tradecrafts: VR, CNO, and RE Tracks

Students will be placed in one track – VR, CNO, or RE – and learn the relevant tradecraft at the level of a true practitioner:

  • In the VR Tradecraft track, students progress from a basic stack-based buffer overflow to using return-oriented programming to land an exploit. Topics include fuzzing and source analysis, crash analysis, landing EIP, code execution, OS protections (and defeating them), shellcode, payloads, non-attribution, continuation of execution, exploit development, and documentation.
  • The CNO Tradecraft track covers advanced aspects of developing deployable CNO tools. Topics include covert communications, system surveys, abusing system APIs, process hiding, persistence on a target, detection avoidance, and cleanup.
  • The RE Tradecraft track builds on the foundational course, using various disassemblers and debuggers to solve challenges on Windows and Linux platforms. Advanced topics include software protection techniques, packers, data structures, hooking, reverse engineering malicious software, and attribution.

Extended Assignments and Advanced Topics

Extended assignments such as WarGames and C Programming for CNO Developers provide valuable hands-on experience within the advanced topics. Learners deep-dive into one of the relevant program technology platforms, such as Android (mobile), iOS (mobile), Windows Internals, Linux Internals, or Embedded Systems. Topics include memory management, process management, thread scheduling, I/O systems, networking, APIs, security features, and other key system components.

Upon completion of these training components, students will have deep knowledge and experience in the architecture and system internals of their chosen platform.

Capstone Project

Training culminates with a capstone project designed to strengthen the knowledge and skills gained throughout their training. For example, a student who completed the VR track and the iOS specialization would receive a different capstone assignment than a CNO student who completed the Windows Internals specialization track.

To learn more, contact us via the link below