Open Source

Defensive Security

The Trinity of Tactics for Defenders.

Learn more


Advanced IT Security workshop dedicated to IT professionals in mind who need to close the gaps within Web, Linux & Network Security knowledge (A Trinity of Tactics). Very extensive and up to date training content with a focus especially on blue vs red team actions & tactics gives you the best opportunity to make stronger defensive layers inside your network infrastructures and Linux / Web application instances.

Delivering real-world scenarios in our hands-on labs provide you with the very practical knowledge that is needed for expanding your Open Source Security skills: the defensive and offensive as well.


  • Web application security → hardened Reverse Proxy → modsecurity WAF vs HTTP security issues & attacks:
    • OSINT your org!
    • Analysis and practical use of exploits for popular web applications and bug
      bounty reports
    • HTTP Authorization and authentication
    • HTTPS – how to achieve a verify an A+ status?
    • Security headers and cookies
    • HTTP header anomalies
    • Full HTTP auditing
    • LUA/OpenResty support
    • Sensor approach - OWASP Appsensor
    • Web application security using ModSecurity - creating dedicated WAF rules
      against misconfigurations, vulnerabilities and attacks based on OWASP Top
      10 and much more
    • Virtual Patching
    • Web honeypots
    • Commercial & cloud WAF
  • Hardened Linux vs attacks, exploits and rootkits:
    • DAC vs MAC
    • Grsecurity / PAX vs kernel exploits
    • SELinux / Multi Category Security / sVirt
    • AppArmor, Tomoyo, Smack, RSBAC
    • SSP, NX, PIE, RELRO, ASLR vs attacks
    • Linux Containers - Docker security vs escaping
    • LKM-off / YAMA / enforcing
    • Linux capabilities vs SUID
    • System call restriction - seccomp
    • Integrity checking - IMA/EVM
    • Package security and CVE tracking
    • Debuggers and profilers - gdb / strace / ldd / Valgrind / yara
    • Chroot/jail/pivot_root vs escaping
    • Behavioral analysis - systemtap / LTTng / sysdig
    • Memory forensics - Volatility Framework vs Linux rootkits
    • PAM / 2FA / sudo_pair
    • System update vs reboot
    • Local and external enumeration + *priv checks + security auditing
    • System Auditing, integrating & accounting
  • Network Security vs attacker:
    • Vulnerability management & vulnerability scanning - understand the
      attacker’s mind
    • Basics of Metasploit / Meterpreter / Veil
    • Basics of Linux Domain Controller - IdM / HBAC / SUDO / PKI
    • SFTP/SCP - Secure SSH Relay + SSH tips and tricks
    • Restricted shells/commands vs escaping
    • NFS (In)Security
    • Postgres / MySQL Database Hardening
    • DNS & Email Security
    • DOS / scanning / brute-force / port-knocking protection techniques
    • Advanced network firewall: iptables/nftables/ebtables
    • Network honeypots
    • Network traffic analysis - wireshark, scapy / tcpdump / tcpreplay
    • Suricata / Bro IDS vs known malware, exfiltration techniques and network
    • Attack, detection and protection - Vulnhub VM challenge.

Time Duration

3 days (9:00am - 5:00pm)

Who should attend

  • Linux Administrators / System Engineers & Architects
  • DevOps / DevSecOps Engineers
  • Penetration testers / Security Engineers
  • IT Security Professionals / Experts / Consultants
  • Network / Web Application Firewall Administrators
  • Blue Team members

TRAINER: Leszek Miś

Leszek Miś is the Founder of Defensive Security, Principal Trainer and Security Researcher with over 15 years of experience in Cyber Security and Open Source Security Solutions market. He went through the full path of the infosec carrier positions: from OSS researcher, Linux administrator and system developer, Solution Engineer, DevOps and CI, through penetration tester and security consultant delivering hardening services and training for the biggest players in the European market, to become finally an IT Security Architect / SOC Security Analyst with deep non-vendor focus on Network Security attack and detection. He’s got deep knowledge about finding blind spots and security gaps in corporate environments. Perfectly understands technology and business values from delivering structured, automated adversary simulation platform.

Recognized speaker and trainer: BruCON, Black Hat US, OWASP Appsec US, FloCon US, Hack In The Box DBX/AMS, Infosec in the City SG, Nanosec Asia, Confidence PL, PLNOG, Open Source Day PL, Red Hat Roadshow. Member of OWASP Poland Chapter.

Holds many certifications: OSCP, RHCA, RHCSS, Splunk Certified Architect.

His areas of interest include network “features” extraction, OS internals and forensics. Constantly tries to figure out what the AI/ML Network Security vendors try to sell. In free time he likes to break into “IoT world” just for fun.

Still learning hard every single day.


If interested in dedicated, closed training for your DevSecOps / Linux Security team let us know. We love delivering on-site training sessions!