The Cuckoo’s Egg Decompiled Course

In the 1980’s, Cliff Stoll discovered a $0.75 accounting error on the computer systems he managed at Lawrence Berkeley Laboratory. This small discovery would eventually lead him on the year-long pursuit of a group of five KGB sponsored hackers who managed to access numerous US government and military networks. His story has inspired countless people to pursue the profession of information security.

The Cuckoo’s Egg Decompiled is a free online course designed to provide an introduction to information security, as told through the lens of Cliff Stoll’s “The Cuckoo’s Egg” book.

The course was recorded live online from Nov 2017 through Jan 2018. The course videos, slides, and lecture notes are freely available under the terms of the Creative Commons CC BY-NC 4.0 license. That means you are free to use, share, and adapt this content. However, you must give appropriate credit/citations and you may not use it for commercial purposes. However, if you are a college professor or high school teacher you may adapt it for your classes.

*** You can access and download the course recordings from Vimeo here. ***

***You can download the course slides/notes here (e-mail address required).***

* Your ad blocker may block the link above. You may need to exclude this page or browse in incognito mode to access the download. You’ll receive an email about subscribing to my newsletter (less than 1 email/month). 


This is an entry-level course for those who are newly exploring information security, individuals who want exposure to a wide array of security concepts, or high school and college students. There are no specific pre-requisites.

Week 1 (Chapters 1-3)

  • Locard’s Exchange Principle and Forensic Analysis
  • Timestamps and Time Zone Considerations in Forensic Analysis
  • Network Security Monitoring

Week 2 (Chapters 4-8)

  • Principle of Least Privilege
  • Sudo
  • Attack Surface
  • Account Separation
  • Vulnerabilities and Exploits
  • Process Monitoring

Week 3 (Chapters 9-14)

  • Password Theft
  • E-Mail Phishing
  • Social Engineering Toolkit
  • Extracting Passwords from PCAPS (MITM)
  • Mimikatz
  • Password Hashes
  • Password Cracking
  • John the Ripper
  • Evidence Abstraction
  • Insider vs. Outsider Threat

Week 4 (Chapters 15-23)

  • Choice Architecture and Nudges
  • Defensible Network Architecture
  • Perimeter-Hardened Networks
  • Zero Trust Networks / BeyondCorp
  • Air Gapped Networks
  • Social Engineering

Week 5 (Chapters 24-30)

  • Practitioner OPSEC
  • Browsing Security
  • Ad Networks / Trackers
  • Password Managers and Flaws
  • Link Safety
  • Attacker Pivoting
  • SSH Chaining
  • Netcat
  • Attribution Fact/Fiction

Week 6 (Chapters 31-37)

  • Cognitive Bias
  • Estimative Probability in Reporting
  • Open Source Intelligence
  • The Diamond Model
  • Intelligence Limitations
  • Incident Response Process (PICERL)

Week 7 (Chapters 38-46)

  • Industrial Control System Security and Fact/Fiction
  • Traditional Honeypots
  • Tactical Honeypots
  • Cowrie
  • Honeytokens

Week 8 (Chapters 47-56)

  • Digital Evidence Handling
  • Interview with Hans “Pengo” Hübner
  • Course Review
  • Significance of the Book


What is included in the download?

The download includes all of my lecture notes and the PowerPoint slides.

Can I adapt this to my own class?

Yes. However, you can’t commercially sell it for a profit. High school teachers and college professors are free to adapt it to their courses with proper citations.

How can I cite this course properly?

Sanders, Chris (2018). The Cuckoo’s Egg Decompiled: An Introduction to Information Security. Retrieved from

Why did you create this course?

The Cuckoo’s Egg is an important book in information security and helped shape both the field itself and the public perception of security and privacy. Several of my colleagues got into this field or chose to pursue specific facets of it based on reading the book. Even though it is over thirty years old, many of the concepts still apply. Taking this old story and using it as a backing and introduction to modern concepts was really fun, and I thought it would be a unique way to introduce a variety of concepts to people who are new to the field. I also wanted to provide resources that high school and college teachers could utilize for their course development.

How many people attended the live recordings?

Over the eight week run of the course, just over a thousand people took part in the course with many more accessing the recorded videos.

How can I contact you with questions or feedback?

I’m reachable at If you enjoy the materials or adapt them in some way, I’d love to learn about it!

Do you offer any other courses?

I do occasionally offer free courses from time to time. However, I also run a company called Applied Network Defense where we produce high-quality information security practitioner-focused training. If you like our free stuff like this course, you’ll really love our paid products. You can view the complete course catalog at You can also stay up to date with new course announcements by subscribing to my mailing list.

Thank You

I’d like to extend a special thanks to:

  • Cliff Stoll for writing the book.
  • Hans “Pengo” Hübner for allowing me to interview him for the final installment of the course
  • Everyone who attended the live sessions, especially those of you who were there every week
  • All the people who served as a sounding board and provided feedback for the course while I developed it