Defensive Linux Security & Hardening.

Learn more


Advanced RHEL/CentOS Defensive Security & Hardening is a dedicated training about how we can protect and attack a Linux OS. Mandatory access control, sandboxing, root user limitation and low-level accountability, ACL, service isolation on different layers: seccomp, capabilities or SELinux are just the beginning of the fun.

During dedicated labs, you will find out how to use different offensive and defensive tools, scripts, services and techniques to better understand how an attacker thinks and what are the most important actions of this modern adversary. Additionally, you will explore how to design secure, hardened systems and applications network services. Training content in formula “protection vs attack” will help you understand risks, identify network security blind spots and unexpected, uncovered spaces inside an OS.

This training is intended to increase skills needed to ensure data integrity on a critical system for organizations with the highest security standards. The discussed methods of automation will support the process of achieving compliance.


  • Introduction:
    • Defense in depth.
    • DevSecOps methodology.
    • Threat hunting.
  • Discretionary Access Control (DAC) vs Mandatory Access Control (MAC) → typical
    attack vectors against Linux OS, application and network services.
  • Secure file system design, attributes, flags, ACL and encryption.
  • Package management security and CVE tracking.
  • SSP, NX, PIE, RELRO, ASLR, LD_PRELOAD vs attacks.
  • The importance of SELinux:
    • Targeted policy vs exploits
    • Multi Category Security (MCS)
    • Rule Based Access Control
    • sVirt
  • Linux capabilities vs SUID attacks.
  • System call restriction - seccomp-BPF vs exploits.
  • Linux Containers - Docker security vs escaping.
  • Chroot / jail / nsjail vs escaping.
  • LKM-off / ptrace-yama / and other sysctl enforcing options.
  • Debuggers and profilers - gdb / strace / ltrace / ldd / yara.
  • Behavioral analysis and hacker’s fishing - systemtap / eBPF / sysdig.
  • Integrity checking - IMA/EVM.
  • Grub and secure boot configuration.
  • System update vs reboot.
  • Linux Domain Controller: HBAC / SUDO / RBAC.
  • PAM configuration: 2FA / sudo_pair / time-based access.
  • Secure SSH / SCP / SFTP + tips and tricks.
  • Advanced network firewall: iptables / nftables / ebtables.
  • Local and external security enumeration and reconnaissance tactics.
  • Linux visibility, auditing & accounting:
    • auditd
    • syslog
    • OSSEC
    • osquery
  • Linux Memory forensics - Volatility Framework vs malware.
  • Automation of STIG Hardening standard for RHEL/CentOS by using:
    • Ansible roles
    • Puppet manifests
    • Chef cookbooks
  • Summary and final lab.

Time Duration

2 days (9:00am - 5:00pm)

Who should attend

  • Linux Administrators & Engineers from banks and financial organizations
  • DevOps / Sysops team members
  • System Architects
  • IT Security Experts and Consultants

TRAINER: Leszek Miś

Leszek Miś is the Founder of Defensive Security, Principal Trainer and Security Researcher with over 15 years of experience in Cyber Security and Open Source Security Solutions market. He went through the full path of the infosec carrier positions: from OSS researcher, Linux administrator and system developer, Solution Engineer, DevOps and CI, through penetration tester and security consultant delivering hardening services and training for the biggest players in the European market, to become finally an IT Security Architect / SOC Security Analyst with deep non-vendor focus on Network Security attack and detection. He’s got deep knowledge about finding blind spots and security gaps in corporate environments. Perfectly understands technology and business values from delivering structured, automated adversary simulation platform.

Recognized speaker and trainer: BruCON, Black Hat US, OWASP Appsec US, FloCon US, Hack In The Box DBX/AMS, Infosec in the City SG, Nanosec Asia, Confidence PL, PLNOG, Open Source Day PL, Red Hat Roadshow. Member of OWASP Poland Chapter.

Holds many certifications: OSCP, RHCA, RHCSS, Splunk Certified Architect.

His areas of interest include network “features” extraction, OS internals and forensics. Constantly tries to figure out “what da **ck” the AI/ML Network Security vendors try to sell. In free time he likes to break into “IoT world” just for fun.

Still learning hard every single day.


If interested in dedicated, closed training for your Linux Security team let us know. We love delivering on-site training sessions!