Exploitation Analyst

Work Role ID: 121  |  Workforce Element: Cyberspace Effects

What does this role do? Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.

CORE KSATs
KSAT ID Description KSAT
22 * Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge
108 * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge
264 Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). Knowledge
1157 * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge
1158 * Knowledge of cybersecurity principles. Knowledge
1159 * Knowledge of cyber threats and vulnerabilities. Knowledge
2194 Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities. Task
2400 Examine intercept-related metadata and content with an understanding of targeting significance. Task
2718 Profile network or system administrators and their activities. Task
3021 Ability to collaborate effectively with others. Ability
3022 Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. Ability
3095 Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). Knowledge
3103A Ability to identify/describe target vulnerability. Ability
3103 Ability to identify/describe techniques/methods for conducting technical exploitation of the target. Ability
3106 Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). Knowledge
3107 Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.). Knowledge
3129 Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). Knowledge
3137 Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration). Knowledge
3179 Knowledge of common networking devices and their configurations. Knowledge
3191 Knowledge of concepts for operating systems (e.g., Linux, Unix). Knowledge
3225 Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). Knowledge
3289 Knowledge of how hubs, switches, routers work together in the design of a network. Knowledge
3291 Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). Knowledge
3346 Knowledge of Internet and routing protocols. Knowledge
3407 Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Knowledge
3410 Knowledge of network topology. Knowledge
3513 Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems. Knowledge
3543 Knowledge of the basic structure, architecture, and design of modern communication networks. Knowledge
3801 Skill in identifying the devices that work at each level of protocol models. Skill
3867 Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information). Skill
6900 * Knowledge of specific operational impacts of cybersecurity lapses. Knowledge
ADDITIONAL KSATs
KSAT ID Description KSAT
345 Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies. Knowledge
363 Skill in identifying gaps in technical capabilities. Skill
912 Knowledge of collection management processes, capabilities, and limitations. Knowledge
915 Knowledge of front-end collection systems, including traffic collection, filtering, and selection. Knowledge
2029A Apply and utilize authorized cyber capabilities to enable access to targeted networks. Task
2033 Apply cyber collection, environment preparation and engagement expertise to enable new exploitation and/or continued collection operations, or in support of customer requirements. Task
2040 Apply and obey applicable statutes, laws, regulations and policies. Task
2072 Perform analysis for target infrastructure exploitation activities. Task
2090 Collaborate with other internal and external partner organizations on target access and operational issues. Task
2095 Communicate new developments, breakthroughs, challenges and lessons learned to leadership, and internal and external customers. Task
2102 Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access. Task
2114 Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access. Task
2419 Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development. Task
2461 Identify gaps in our understanding of target technology and developing innovative collection approaches. Task
2490 Identify, locate, and track targets via geospatial analysis techniques. Task
2534 Lead or enable exploitation operations in support of organization objectives and target requirements. Task
2542 Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications. Task
2608 Monitor target networks to provide indications and warning of target communications changes or processing failures. Task
2714 Produce network reconstructions. Task
3001 Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. Ability
3039 Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. Ability
3043 Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products. Ability
3055B Knowledge of basic implants. Knowledge
3055A Ability to select the appropriate implant to achieve operational goals. Ability
3101 Ability to expand network access by conducting target analysis and collection in order to identify targets of interest. Ability
3113 Knowledge of target intelligence gathering and operational preparation techniques and life cycles. Knowledge
3139 Knowledge of basic principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis). Knowledge
3146 Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc. Knowledge
3155 Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. Knowledge
3166 Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies. Knowledge
3181 Knowledge of common reporting databases and tools. Knowledge
3201 Knowledge of all relevant reporting and dissemination procedures. Knowledge
3226 Knowledge of data flow process for terminal or environment collection. Knowledge
3256 Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.). Knowledge
3261 Knowledge of evasion strategies and techniques. Knowledge
3296 Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http). Knowledge
3349 Knowledge of intrusion sets. Knowledge
3367 Knowledge of all applicable statutes, laws, regulations and policies governing cyber targeting and exploitation. Knowledge
3386 Knowledge of midpoint collection (process, objectives, organization, targets, etc.). Knowledge
3432 Knowledge of identification and reporting processes. Knowledge
3454 Knowledge of products and nomenclature of major vendors (e.g., security suites – Trend Micro, Symantec, McAfee, Outpost, Panda, Kaspersky) and how differences affect exploitation/vulnerabilities. Knowledge
3474 Knowledge of scripting Knowledge
3505 Knowledge of strategies and tools for target research. Knowledge
3525 Knowledge of organizational and partner policies, tools, capabilities, and procedures. Knowledge
3542 Knowledge of the basic structure, architecture, and design of converged applications. Knowledge
3622 Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives. Knowledge
3637 Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications). Knowledge
3678 Skill in analyzing traffic to identify network devices. Skill
3715 Skill in creating and extracting important information from packet captures. Skill
3718A Skill in creating collection requirements in support of data acquisition activities. Skill
3718 Skill in creating plans in support of remote operations. Skill
3726 Skill in depicting source or collateral data on a network map. Skill
3741 Skill in determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments. Skill
3774 Skill in evaluating accesses for intelligence value. Skill
3803 Skill in identifying, locating, and tracking targets via geospatial analysis techniques Skill
3810 Skill in interpreting compiled and interpretive programming languages. Skill
3812 Skill in interpreting metadata and content as applied by collection systems. Skill
3814 Skill in using trace route tools and interpreting the results as they apply to network analysis and reconstruction. Skill
3818 Skill in generating operation plans in support of mission and target requirements. Skill
3828 Skill in navigating network visualization software. Skill
3837 Skill in performing data fusion from existing intelligence for enabling new and continued collection. Skill
3860 Skill in recognizing and interpreting malicious network activity in traffic. Skill
3863 Skill in recognizing midpoint opportunities and essential information. Skill
3874 Skill in researching vulnerabilities and exploits utilized in traffic. Skill
3894 Skill in target development in direct support of collection operations. Skill
3913 Skill in using databases to identify target-relevant information. Skill
3923 Skill in using non-attributable networks. Skill
3950 Skill in writing (and submitting) requirements to meet gaps in technical capabilities. Skill