Open Source

Defensive Security

The Trinity of Tactics for Defenders.

Learn more

About

Advanced IT Security workshop dedicated to IT professionals in mind who need to close the gaps within Web, Linux & Network Security knowledge (A Trinity of Tactics). Very extensive and up to date training content with a focus especially on blue vs red team actions & tactics gives you the best opportunity to make stronger defensive layers inside your network infrastructures and Linux / Web application instances.

Delivering real-world scenarios in our hands-on labs provide you with the very practical knowledge that is needed for expanding your Open Source Security skills: the defensive and offensive as well.

Agenda

  • Web application security → hardened Reverse Proxy → modsecurity WAF vs HTTP security issues & attacks:
    • OSINT your org!
    • Analysis and practical use of exploits for popular web applications and bug
      bounty reports
    • HTTP Authorization and authentication
    • HTTPS – how to achieve a verify an A+ status?
    • Security headers and cookies
    • HTTP header anomalies
    • Full HTTP auditing
    • LUA/OpenResty support
    • Sensor approach - OWASP Appsensor
    • Web application security using ModSecurity - creating dedicated WAF rules
      against misconfigurations, vulnerabilities and attacks based on OWASP Top
      10 and much more
    • Virtual Patching
    • Web honeypots
    • Commercial & cloud WAF
  • Hardened Linux vs attacks, exploits and rootkits:
    • DAC vs MAC
    • Grsecurity / PAX vs kernel exploits
    • SELinux / Multi Category Security / sVirt
    • AppArmor, Tomoyo, Smack, RSBAC
    • SSP, NX, PIE, RELRO, ASLR vs attacks
    • Linux Containers - Docker security vs escaping
    • LKM-off / YAMA / enforcing
    • Linux capabilities vs SUID
    • System call restriction - seccomp
    • Integrity checking - IMA/EVM
    • Package security and CVE tracking
    • Debuggers and profilers - gdb / strace / ldd / Valgrind / yara
    • Chroot/jail/pivot_root vs escaping
    • Behavioral analysis - systemtap / LTTng / sysdig
    • Memory forensics - Volatility Framework vs Linux rootkits
    • PAM / 2FA / sudo_pair
    • System update vs reboot
    • Local and external enumeration + *priv checks + security auditing
    • System Auditing, integrating & accounting
  • Network Security vs attacker:
    • Vulnerability management & vulnerability scanning - understand the
      attacker’s mind
    • Basics of Metasploit / Meterpreter / Veil
    • Basics of Linux Domain Controller - IdM / HBAC / SUDO / PKI
    • SFTP/SCP - Secure SSH Relay + SSH tips and tricks
    • Restricted shells/commands vs escaping
    • NFS (In)Security
    • Postgres / MySQL Database Hardening
    • DNS & Email Security
    • DOS / scanning / brute-force / port-knocking protection techniques
    • Advanced network firewall: iptables/nftables/ebtables
    • Network honeypots
    • Network traffic analysis - wireshark, scapy / tcpdump / tcpreplay
    • Suricata / Bro IDS vs known malware, exfiltration techniques and network
      attacks
    • Attack, detection and protection - Vulnhub VM challenge.

Time Duration

3 days (9:00am - 5:00pm)

Who should attend

  • Linux Administrators / System Engineers & Architects
  • DevOps / DevSecOps Engineers
  • Penetration testers / Security Engineers
  • IT Security Professionals / Experts / Consultants
  • Network / Web Application Firewall Administrators
  • Blue Team members

TRAINER: Leszek Miś

Leszek Miś is the Founder of Defensive Security, Principal Trainer & IT Security Architect. Recently he was a VP, Head of Cyber Security in Collective Sense - a Machine Learning Network Security Startup from the U.S. where he was responsible for product security research, strategy, business analysis & technical feature implementation and recommendation. He has over 13 years of experience in the IT security market supporting the world’s largest customers in terms of exfiltration simulations and penetration tests, infrastructure hardening and general Open Source and IT Security consultancy services. In addition, he has 11 years of experience in teaching and transferring a deep technical knowledge and his own experience. He has trained 600+ students with the highest rank. He is an IT Security Architect with offensive love and a recognized expert in the enterprise OSS market.

Interested?

If interested in dedicated, closed training for your DevSecOps / Linux Security team let us know. We love delivering on-site training sessions!

Customers