All of the skills developed in our Haiku Product suite map to the NIST (National Institute for Standards and Technology) NICE (National Initiative for Cybersecurity Education) framework.
The specific skills which are taught and practiced in the World of Haiku product suite increase with every new content release, but as of March 2023 they are:
World of Haiku Skills
|
K0132: Knowledge of which system files (e.g. log files registry files configuration files) contain relevant information and where to find those system files. |
|
K0132: Knowledge of which system files (e.g. log files registry files configuration files) contain relevant information and where to find those system files. |
|
K0349 Knowledge of website types administration functions and content management system (CMS).,K0398 Knowledge of concepts related to websites (e.g. web servers/pages hosting DNS registration web languages such as HTML). |
|
K0009 Knowledge of application vulnerabilities.,K0398 Knowledge of concepts related to websites (e.g. web servers/pages hosting DNS registration web languages such as HTML). |
|
K0132: Knowledge of which system files (e.g. log files registry files configuration files) contain relevant information and where to find those system files. |
|
K0132: Knowledge of which system files (e.g. log files registry files configuration files) contain relevant information and where to find those system files. |
|
K0362 Knowledge of attack methods and techniques (DDoS brute force spoofing etc.). |
|
A0058 Ability to execute OS command line (e.g. ipconfig netstat dir nbtstat).,K0129 Knowledge of command-line tools (e.g. mkdir mv ls passwd grep).,K0318 Knowledge of operating system command-line tools. |
|
K0049 Knowledge of information technology (IT) security principles and methods (e.g. firewalls demilitarized zones encryption). |
|
K0128 Knowledge of types and collection of persistent data.,T0028 Conduct and/or support authorized penetration testing on enterprise network assets. |
|
K0271 Knowledge of operating system structures and internals (e.g. process management directory structure installed applications).,K0608 Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g. process management directory structure installed applications). |
|
K0129 Knowledge of command-line tools (e.g. mkdir mv ls passwd grep).,K0132: Knowledge of which system files (e.g. log files registry files configuration files) contain relevant information and where to find those system files. |
|
A0058 Ability to execute OS command line (e.g. ipconfig netstat dir nbtstat).,K0033 Knowledge of host/network access control mechanisms (e.g. access control list capabilities lists).,K0060 Knowledge of operating systems.,K0167 Knowledge of system administration network and operating system hardening techniques.,K0205 Knowledge of basic system network and OS hardening techniques. |
|
S0081 Skill in using network analysis tools to identify vulnerabilities. (e.g. fuzzing nmap etc.). |
|
K0111 Knowledge of network tools (e.g. ping traceroute nslookup) |
|
K0271 Knowledge of operating system structures and internals (e.g. process management directory structure installed applications). |
|
K0132: Knowledge of which system files (e.g. log files registry files configuration files) contain relevant information and where to find those system files. |
|
K0069 Knowledge of query languages such as SQL (structured query language). |
|
K0034 Knowledge of network services and protocols interactions that provide network communications.,K0174 Knowledge of networking protocols. |
|
K0132 Knowledge of which system files (e.g. log files registry files configuration files) contain relevant information and where to find those system files. |
|
K0177 Knowledge of cyber attack stages (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining access network exploitation covering tracks). |
Haiku Pro Skills
Fundamental Skills
|
K0060 |
Knowledge of operating systems. |
|
K0302 |
Knowledge of the basic operation of computers. |
|
K0132 |
Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. |
|
K0007 |
Knowledge of authentication, authorization, and access control methods. |
|
K0318 |
Knowledge of operating system command-line tools. |
|
K0129 |
Knowledge of command-line tools (e.g., mkdir, mv, ls, passwd, grep). |
|
K0224 |
Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. |
|
K0537 |
Knowledge of system administration concepts for the Unix/Linux and Windows operating systems (e.g., process management, directory structure, installed applications, Access Controls). |
|
K0224 |
Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. |
|
K0537 |
Knowledge of system administration concepts for the Unix/Linux and Windows operating systems (e.g., process management, directory structure, installed applications, Access Controls). |
|
K0224 |
Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. |
|
K0224 |
Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. |
|
K0116 |
Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip). |
|
K0529 |
Knowledge of scripting |
|
S0130 |
Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc. |
|
K0016 |
Knowledge of computer programming principles |
|
K0068 |
Knowledge of programming language structures and logic. |
|
K0372 |
Knowledge of programming concepts (e.g., levels, structures, compiled vs. interpreted languages). |
|
S0257 |
Skill in reading, interpreting, writing, modifying, and executing simple scripts (e.g., PERL, VBS) on Windows and Unix systems (e.g., those that perform tasks like parsing large data files, automating manual tasks, and fetching/processing remote data). |
|
S0257 |
Skill in reading, interpreting, writing, modifying, and executing simple scripts (e.g., PERL, VBS) on Windows and Unix systems (e.g., those that perform tasks like parsing large data files, automating manual tasks, and fetching/processing remote data). |
|
K0236 |
Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and Pig to explore data. |
|
S0266 |
Skill in relevant programming languages (e.g., C++, Python, etc.). |
|
K0254 |
Knowledge of binary analysis. |
|
K0139 |
Knowledge of interpreted and compiled computer languages. |
|
S0067 K0395 K0516 K0010 K0417 K0491 |
Skill in identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files). Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. Knowledge of communication methods, principles, and concepts that support the network infrastructure. Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). Knowledge of networking and Internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.). |
|
K0555 |
Knowledge of TCP/IP networking protocols. |
|
K0111 |
Knowledge of network tools (e.g., ping, traceroute, nslookup) |
|
S0241 |
Skill in interpreting traceroute results, as they apply to network analysis and reconstruction. |
|
S0294 |
Skill in using trace route tools and interpreting the results as they apply to network analysis and reconstruction. |
|
K0334 |
Knowledge of network traffic analysis (tools, methodologies, processes). |
|
S0046 |
Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). |
|
S0057 |
Skill in using protocol analyzers. |
|
K0471 |
Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
|
K0489 |
Knowledge of network topology. |
|
K0255 |
Knowledge of network architecture concepts including topology, protocols, and components. |
|
S0162 |
Skill in applying various subnet techniques (e.g., CIDR) |
|
K0326 |
Knowledge of demilitarized zones. |
|
K0001 |
Knowledge of computer networking concepts and protocols, and network security methodologies. |
|
K0061 |
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
|
K0221 |
Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). |
|
K0011 |
Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware. |
|
K0470 K0049 K0058 |
Knowledge of Internet and routing protocols. Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). Knowledge of network traffic analysis methods. |
|
K0062 S0221 |
Knowledge of packet-level analysis. Skill in extracting information from packet captures. |
|
K0332 |
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
|
K0034 |
Knowledge of network services and protocols interactions that provide network communications. |
|
K0192 |
Knowledge of Windows/Unix ports and services. |
|
K0174 |
Knowledge of networking protocols. |
|
K0332 |
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
|
K0565 |
Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Offensive Skills
|
K0206 |
Knowledge of ethical hacking principles and techniques. |
|
K0110 |
Knowledge of adversarial tactics, techniques, and procedures. |
|
K0310 |
Knowledge of hacking methodologies. |
|
K0342 |
Knowledge of penetration testing principles, tools, and techniques. |
|
K0367 |
Knowledge of penetration testing. |
|
K0177 |
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). |
|
K0603 |
Knowledge of the ways in which targets or threats use the Internet. |
|
K0161 |
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). |
|
K0162 K0362 |
Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
|
K0392 K0479 K0480 K0449 K0447 |
Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). Knowledge of malware analysis and characteristics. Knowledge of malware. Knowledge of how to extract, analyze, and use metadata. Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http). |
|
K0111 |
Knowledge of network tools (e.g., ping, traceroute, nslookup) |
|
K0318 |
Knowledge of operating system command-line tools. |
|
K0334 |
Knowledge of network traffic analysis (tools, methodologies, processes). |
|
K0395 |
Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
|
K0529 |
Knowledge of scripting |
|
K0060 |
Knowledge of operating systems. |
|
K0049 |
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
|
K0255 |
Knowledge of network architecture concepts including topology, protocols, and components. |
|
K0300 |
Knowledge of network mapping and recreating network topologies. |
|
K0005 |
Knowledge of cyber threats and vulnerabilities. |
|
K0151 |
Knowledge of current and emerging threats/threat vectors. |
|
K0530 |
Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation. |
|
K0147 |
Knowledge of emerging security issues, risks, and vulnerabilities. |
|
K0339 |
Knowledge of how to use network analysis tools to identify vulnerabilities. |
|
K0373 |
Knowledge of basic software applications (e.g., data storage and backup, database applications) and the types of vulnerabilities that have been found in those applications. |
|
K0531 |
Knowledge of security implications of software configurations. |
|
K0634 |
Knowledge of exploitation techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network). |
|
K0272 K0115 K0309 K0013 K0561 K0001 K0061 |
Knowledge of network analysis tools used to identify software communications vulnerabilities. Knowledge that technology that can be exploited. Knowledge of emerging technologies that have potential for exploitation. Knowledge of cyber defense and vulnerability assessment tools and their capabilities. Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
|
K0174 |
Knowledge of networking protocols. |
|
K0179 |
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
|
K0192 |
Knowledge of Windows/Unix ports and services. |
|
K0221 |
Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). |
|
K0332 |
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
|
K0470 |
Knowledge of Internet and routing protocols. |
|
K0471 |
Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
|
K0555 |
Knowledge of TCP/IP networking protocols. |
|
K0565 |
Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
|
K0034 |
Knowledge of network services and protocols interactions that provide network communications. |
|
K0491 |
Knowledge of networking and Internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.). |
Defensive Skills
|
K0060 |
Knowledge of operating systems. |
|
K0167 |
Knowledge of system administration, network, and operating system hardening techniques. |
|
K0205 |
Knowledge of basic system, network, and OS hardening techniques. |
|
K0397 |
Knowledge of security concepts in operating systems (e.g., Linux, Unix.) |
|
S0121 |
Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.). |
|
K0112 |
Knowledge of defense-in-depth principles and network security architecture. |
|
K0179 K0255 K0298 |
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Knowledge of network architecture concepts including topology, protocols, and components. Knowledge of countermeasures for identified security risks. |
|
S0084 |
Skill in configuring and utilizing network protection components (e.g., Firewalls, VPNs, network intrusion detection systems). |
|
S0170 |
Skill in configuring and utilizing computer protection components (e.g., hardware firewalls, servers, routers, as appropriate). |
|
K0034 |
Knowledge of network services and protocols interactions that provide network communications. |
|
K0565 |
Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
|
K0174 |
Knowledge of networking protocols. |
|
K0192 |
Knowledge of Windows/Unix ports and services. |
|
K0444 |
Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP). |
|
K0332 K0001 K0104 K0488 |
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of Virtual Private Network (VPN) security. Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network. |
|
K0530 S0040 |
Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation. Skill in implementing, maintaining, and improving established network security practices. |
|
K0049 |
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
|
K0487 |
Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
|
K0561 |
Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
|
K0105 |
Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language). |
|
K0398 |
Knowledge of concepts related to websites (e.g., web servers/pages, hosting, DNS, registration, web languages such as HTML). |
|
K0135 |
Knowledge of web filtering technologies. |
|
K0202 |
Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). |
|
K0140 |
Knowledge of secure coding techniques. |
|
K0178 |
Knowledge of secure software deployment methodologies, tools, and practices. |
|
K0074 |
Knowledge of key concepts in security management (e.g., Release Management, Patch Management). |
|
K0177 |
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). |
|
S0195 S0295 |
Skill in conducting research using all available sources. Skill in using various open source data collection tools (online trade, DNS, mail, etc.). |
|
S0197 S0295 S0054 |
Skill in conducting social network analysis, buddy list analysis, and/or cookie analysis. Skill in using various open source data collection tools (online trade, DNS, mail, etc.). Skill in using incident handling methodologies. |
|
K0041 K0042 |
Knowledge of incident categories, incident responses, and timelines for responses. Knowledge of incident response and handling methodologies. |
|
K0150 |
Knowledge of enterprise incident response program, roles, and responsibilities. |
|
K0363 |
Knowledge of auditing and logging procedures (including server-based logging). |
|
S0120 |
Skill in reviewing logs to identify evidence of past intrusions. |
|
K0481 |
Knowledge of methods and techniques used to detect various exploitation activities. |
|
K0058 |
Knowledge of network traffic analysis methods. |
|
K0062 |
Knowledge of packet-level analysis. |
|
K0301 |
Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). |
|
K0334 |
Knowledge of network traffic analysis (tools, methodologies, processes). |
|
K0132 |
Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. |
|
K0145 |
Knowledge of security event correlation tools. |
|
K0440 |
Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability. |
|
S0079 |
Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). |
|
K0046 |
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. |
|
K0324 |
Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. |
|
K0472 |
Knowledge of intrusion detection systems and signature development. |
|
K0473 |
Knowledge of intrusion sets. |
|
S0020 S0025 K0624 K0362 K0005 S0078 S0137 S0242 K0070 |
Skill in developing and deploying signatures. Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort). Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). Knowledge of cyber threats and vulnerabilities. Skill in recognizing and categorizing types of vulnerabilities and associated attacks. Skill in conducting application vulnerability assessments. Skill in interpreting vulnerability scanner results to identify vulnerabilities. Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
|
K0110 |
Knowledge of adversarial tactics, techniques, and procedures. |
|
K0106 |
Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities. |
|
K0612 |
Knowledge of what constitutes a “threat” to a network. |
|
K0160 |
Knowledge of the common attack vectors on the network layer. |
|
K0040 |
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). |
|
K0272 |
Knowledge of network analysis tools used to identify software communications vulnerabilities. |
|
S0001 |
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. |
|
S0081 |
Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.). |
|
S0167 |
Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning). |
|
K0271 |
Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications). |
|
K0608 |
Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications). |
|
K0070 |
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
|
K0259 |
Knowledge of malware analysis concepts and methodologies. |
|
K0480 |
Knowledge of malware. |
|
S0003 |
Skill of identifying, capturing, containing, and reporting malware. |
|
K0392 |
Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). |
|
K0191 K0188 |
Knowledge of signature implementation impact for viruses, malware, and attacks. Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro). |
|
K0479 S0131 |
Knowledge of malware analysis and characteristics. Skill in analyzing malware. |