Defend, attack, and harden systems.
2 topics
OSI model, TCP/IP, packet flow through routers/switches/firewalls. Protocols: TCP, UDP, HTTP/HTTPS, DNS, SSH, SMTP. Tools: Wireshark (packet analysis), Nmap (scanning), tcpdump. Firewalls (iptables), VLANs, VPNs (WireGuard), proxies. Understand ARP poisoning, DNS spoofing, MITM attacks.
2 resources
Linux: file permissions, user management, SELinux/AppArmor, iptables, SSH hardening, fail2ban, log analysis. Windows: Active Directory, Group Policy, Kerberos, Windows Defender, AMSI, PowerShell security, Event Viewer, BitLocker. Understand privilege escalation vectors on both platforms.
Methodology: recon (OSINT), scanning (Nmap, Nessus), exploitation (Metasploit), post-exploitation (lateral movement, privilege escalation), reporting. Web pentesting with Burp Suite. Practice: HackTheBox, TryHackMe, OWASP WebGoat. OSCP certification validates practical skills.
OWASP Top 10 exploitation: SQL injection, XSS, CSRF, SSRF, IDOR, auth bypasses, session hijacking. Tools: Burp Suite, SQLMap, OWASP ZAP. Understand both exploitation and remediation. PortSwigger Web Security Academy for hands-on practice.
SIEM tools (Splunk, Elastic Security) correlate logs for threat detection. IR lifecycle (NIST): Preparation, Detection/Analysis, Containment/Eradication/Recovery, Post-Incident. Common attacks: phishing, ransomware, lateral movement. Digital forensics: disk imaging, memory analysis (Volatility), timeline reconstruction.
Shared responsibility model. AWS: IAM (least privilege, MFA), VPCs, KMS, CloudTrail, GuardDuty. Container security: image scanning, non-root, network policies, Falco runtime. IaC scanning (Checkov, tfsec). Zero Trust: verify every access regardless of network location.