Unit 2: Vulnerability Research & Exploitation
|UNIT TITLE||Develop and deliver a vulnerability research and exploit development programme|
This unit develops the skills and knowledge required to find vulnerabilities in systems and write software to exploit identified vulnerabilities. This unit is primarily relevant in the intelligence and defence sectors.
It applies to individuals, employed or contractors who are working in positions of authority and are approved to implement change within a department or across the organisation. They have responsibility for directly supervising others.
No occupational licensing, certification or specific legislative requirements apply to this unit at the time of publication.
|Elements describe the essential outcomes of the unit||Performance criteria describe the performance needed to demonstrate achievement of the element.|
|1. Build a vulnerability research and exploit development unit||
1.1 Consult with senior management or client to define programme goals and targets to exploit
1.2 Conduct an analysis to select and identify software and hardware targets to exploit
1.3 Establish goals and human, technological, equipment and time resource requirements to find and exploit target software
1.4 Identify relevant team members and stakeholders and allocate roles and responsibilities
1.5 Develop policies, procedures, methodologies, report templates and supporting documents
1.6 Obtain required resources to deliver programme outcomes
|2. Discover and exploit vulnerabilities||
2.1 Conduct vulnerabilities research to build offensive capabilities
2.2 Develop tools to automate parts of the vulnerability discovery process
2.3 Triage vulnerabilities and nominate criteria for exploitation
2.4 Write an exploit to take advantage of identified vulnerabilities
2.5 Lead and monitor team to ensure achievement of outcomes within designated timeframes
|3. Document outcomes||
3.1 Maintain accurate and structured records through all stages of the project
3.2 Document selected vulnerabilities, exploitation techniques employed, limitations and risks and store securely for future use
Foundation skills essential to performance are explicit in the performance criteria of this unit of competency
|UNIT MAPPING INFORMATION||No equivalent Unit|
|TITLE||Assessment Requirements for CYBDDE002 Develop and deliver a vulnerability research and exploit development programme|
Evidence of the ability to complete tasks outlined in elements and performance criteria of this unit in the context of the job role, and:
The learner must be able to demonstrate essential knowledge required to effectively do the task outlined in elements and performance criteria of this unit, manage the task and manage contingencies in the context of the work role.
This includes knowledge of:
Assessment may be in the form of:
Both practical skills and knowledge must be assessed.
No specialist vocational competency requirements for Assessors apply to this unit.