Defensive Go back to all


You need to know more than just a little about Linux #3 - SecOps perspective

- By Leszek Miś

This is the 3rd short post talking about the need for Linux security skills from the SecOps/DevOps perspective in the form of questions. All these 3 posts together represent a full picture of the hands-on skills and experiences you can gain with PurpleLabs.

Every SecOps / SecDevOps / Linux Expert needs to know more than just a little about Linux, so if you always wanted to know, ex:

  • how to tweak your CIS/NIST profiles?
  • how to analyze Linux threats?
  • how to do kernel hardening?
  • how to implement a syscall firewall?
  • how to run docker containers in a hardened way?
  • how to check your Kubernetes clusters for visibility and process accounting/auditing?
  • how to create a restricted sandbox?
  • how to configure SSH Jumpbox logging?
  • how to use eBPF syscall hooking for policy enforcement?
  • how to get proactive probing for threats/emulations and continuous memory forensics at scale?
  • how to turn off LKM?
  • how to detect early symptoms of exploitation or system infection?
  • how to protect web applications with ModSecurity WAF?
  • how to collect logs in a central location?
  • how to get full PCAP/IDS in the Linux cloud?
  • how to run controlled targeted vulnerability exploitation attempts at scale, from low-level syscalls to network packets in pocs?

then it means you've come to the right place. Grow up your skills with PurpleLabs!

Join PurpleLabs Linux Attack and Live Forensic course and get some real purple teaming experience which will greatly expand your general Linux knowledge and cyber security hands-on skills.