Exploitation Analyst Track

The structured path to building Exploitation Analyst skills. This track covers vulnerability research, exploit analysis, reverse engineering, and the specialized training that prepares Navy analysts to understand, assess, and leverage vulnerabilities in support of CNO missions. These skills are essential for H12A (EA) roles and advanced technical analysis positions.

Core Skills For

H12A (EA), H14A (Vuln Research)

Mission

Analyze vulnerabilities and assess exploitation potential for CNO operations.

What Does an Exploitation Analyst Do?

Exploitation Analysts (EAs) bridge the gap between vulnerability discovery and operational capability. They analyze software vulnerabilities, assess their exploitability, and determine their operational value for CNO missions. EAs work with both known and zero-day vulnerabilities to understand attack surfaces and develop exploitation strategies.

EAs collaborate closely with CNO developers, operators, and planners to translate technical vulnerability analysis into actionable intelligence and capabilities. They provide critical assessment of target systems and help prioritize development efforts based on operational requirements.

Core Responsibilities
  • Analyze vulnerabilities for exploitability and operational value
  • Reverse engineer software to identify attack surfaces
  • Assess target systems and prioritize exploitation approaches
  • Develop proof-of-concept exploits and validate vulnerabilities
  • Produce technical reports and briefings for operational teams
  • Maintain vulnerability databases and exploitation frameworks
  • Support CNO planners with technical feasibility assessments

Learning Path

Work through these stages sequentially. Each builds critical skills needed for the next. Strong programming fundamentals are essential before attempting vulnerability research.

0
Prerequisites — Programming & Systems Fundamentals
Essential foundation before vulnerability analysis work
Beginner
What to Know First
  • Solid programming skills in C/C++ and Python
  • Understanding of computer architecture (x86/x64)
  • Operating systems concepts (processes, memory management)
  • Networking protocols and system administration
  • Basic cryptography and security principles
Recommended Starting Resources
1
Reverse Engineering & Binary Analysis
Understanding how software works at the binary level
Beginner → Intermediate
Why Reverse Engineering

Exploitation analysis requires deep understanding of how software works at the assembly level. Reverse engineering skills let you analyze binaries, understand program flow, and identify potential vulnerability patterns that aren't obvious from source code.

Key Tools to Master
Ghidra IDA Pro x64dbg GDB Radare2 Binary Ninja Hex-Rays
Resources
Beginner
NSA Ghidra
Free, government-developed reverse engineering suite. Industry standard.
Beginner
Malware Unicorn RE101
Excellent introduction to reverse engineering fundamentals with hands-on exercises.
Intermediate
OpenSecurityTraining2
Free, deep technical courses on RE and systems security.
Intermediate
Practical Malware Analysis
Classic textbook for malware reverse engineering.
Advanced
SANS FOR610 — Malware Analysis
Comprehensive malware analysis and reverse engineering course.
Intermediate
Crackmes.one
Practice challenges for reverse engineering skills.
2
Vulnerability Research & Discovery
Finding and analyzing software vulnerabilities
Intermediate
Vulnerability Research Fundamentals

This stage teaches systematic approaches to finding vulnerabilities in software. You'll learn fuzzing techniques, static analysis, code review methodologies, and how to assess the security impact of discovered issues.

Topics to Cover
  • Fuzzing and automated testing techniques
  • Static code analysis and SAST tools
  • Dynamic analysis and runtime monitoring
  • Common vulnerability classes (OWASP, CWE)
  • Vulnerability assessment methodologies
  • CVE research and vulnerability databases
Resources
Intermediate
AFL++ Fuzzing
Advanced fuzzing framework for vulnerability discovery.
Intermediate
The Fuzzing Book
Comprehensive guide to software fuzzing techniques.
Beginner
OWASP Testing Guide
Systematic approach to web application security testing.
Beginner
CVE Details
Database of publicly disclosed vulnerabilities with analysis.
Advanced
Awesome Pentest Resources
Curated collection of penetration testing and vulnerability research tools.
Advanced
SANS FOR760 — Advanced Exploit Dev
Advanced vulnerability research and exploitation course.
3
Exploit Development & Proof of Concept
Turning vulnerabilities into working exploits for assessment
Intermediate → Advanced
Exploit Development Skills

EAs need to develop proof-of-concept exploits to validate vulnerabilities and assess their operational value. This includes understanding exploit mitigations, bypass techniques, and reliability engineering for exploitation capabilities.

Topics
  • Buffer overflow exploitation (stack and heap)
  • Return-oriented programming (ROP/JOP)
  • Modern exploit mitigations and bypasses
  • Shellcode development and encoding
  • Web application exploitation techniques
  • Kernel and privilege escalation exploits
Resources
Intermediate
pwn.college — Binary Exploitation
Structured university-level course on binary exploitation.
Intermediate
ROP Emporium
Focused challenges for learning return-oriented programming.
Intermediate
exploit.education
Hands-on exploitation challenges with downloadable VMs.
Intermediate
LiveOverflow Binary Exploitation
Excellent video series on binary exploitation fundamentals.
Advanced
The Shellcoder's Handbook
Classic reference for exploit development techniques.
Advanced
Modern Binary Exploitation - RPI
Graduate-level course materials on modern exploitation techniques.
4
Operational Assessment & Intelligence
Translating technical analysis into operational intelligence
Advanced
Intelligence Analysis

The final stage focuses on operational intelligence skills: assessing target environments, prioritizing vulnerabilities based on mission requirements, and communicating technical findings to operational teams and decision makers.

Topics
  • Target system analysis and profiling
  • Operational risk assessment methodologies
  • Technical intelligence reporting and briefing
  • Vulnerability prioritization frameworks
  • Threat modeling for operational planning
  • Coordination with development and operational teams
Resources
Intermediate
NIST SP 800-30 Risk Assessment
Framework for conducting information security risk assessments.
Beginner
CVSS Calculator
Standard method for rating vulnerability severity and impact.
Intermediate
MITRE ATT&CK Navigator
Interactive tool for mapping vulnerabilities to adversary tactics.
Advanced
Psychology of Intelligence Analysis
CIA guide to structured analytic techniques and intelligence analysis methodologies.
Advanced
Intelligence Analysis Course
SANS course on threat intelligence and analysis techniques.
Intermediate
Technical Writing for InfoSec
NIST CSRC publication library — authoritative security documentation, standards, and technical writing references.

Formal DoD Training Programs

NSA/CSS
NCS
National Cryptologic School
Premier DoD vulnerability research and analysis training

The NSA's National Cryptologic School offers the most advanced DoD courses in vulnerability research and exploitation analysis. These courses are specifically designed for government analysts working in the CNO domain and cover both technical and operational aspects of vulnerability analysis.

What NCS EA Courses Cover
Vulnerability Research
Systematic approaches to finding software flaws
Binary Analysis
Advanced reverse engineering and static analysis
Exploit Development
Proof-of-concept development and validation
Operational Assessment
Intelligence analysis and mission planning
Mitigation Analysis
Understanding defensive measures and bypasses
Team Integration
Working with operators, developers, and planners
Access: NCS courses require command sponsorship, appropriate clearance, and H12A NEC assignment. Coordinate through your TYCOM training office.
NCS Course Catalog
SANS FOR760 — Advanced Exploit Dev
SANS

Advanced kernel and software exploitation course. Covers modern exploit development techniques and mitigation bypasses. Navy COOL fundable.

Learn More
SANS FOR610 — Malware Analysis
SANS

Comprehensive malware reverse engineering and analysis course. Essential skills for understanding threat actor capabilities.

Learn More
OffSec EXP-301 (OSED)
Offensive Security

Windows exploit development course. Practical, hands-on approach to modern exploitation techniques. Industry-recognized credential.

Learn More
SANS FOR578 — Cyber Threat Intelligence
SANS

Intelligence analysis and threat assessment course. Essential for translating technical findings into operational intelligence.

Learn More

Target Certifications for This Track

GREM — GIAC Reverse Engineering Malware
Advanced

Premier reverse engineering and malware analysis certification. Validates deep technical analysis skills essential for EA work.

GIAC/SANS Details
GXPN — GIAC Exploit Researcher & Advanced Penetration Tester
Advanced

Advanced exploitation and vulnerability research certification. Demonstrates capability in custom exploit development.

GIAC/SANS Details
OSED — Offensive Security Exploit Developer
Advanced

Practical exploit development certification. Validates hands-on exploitation skills through 48-hour practical exam.

Offensive Security Details
GCTI — GIAC Cyber Threat Intelligence
Intermediate

Threat intelligence analysis certification. Essential for translating technical findings into operational intelligence.

GIAC/SANS Details
OSCP — Offensive Security Certified Professional
Intermediate

Foundational penetration testing certification. Excellent preparation for vulnerability assessment skills.

Offensive Security Details
CEH — Certified Ethical Hacker
Intermediate

DoD 8570 approved certification. Good foundation for vulnerability assessment and penetration testing.

EC-Council Details
Assess Your Skills

Rate your current proficiency across EA skill domains.

Take Assessment
Certification Funding

GREM, GXPN, OSED, and OSCP are all Navy COOL fundable.

Navy COOL
NEC Paths

Understand how EA skills relate to H12A and H14A NECs.

View NEC Paths