The "Blue Team" is responsible for maintaining the security posture of an organization. In this path, you will learn how to harden systems against attack and detect intruders when prevention fails.
Syllabus
Week 1-2: System Hardening
Reducing the attack surface of servers and workstations.
- Topics: Patch Management, disabling unused services, configuring Firewalls (iptables/Windows Firewall), Group Policy Objects (GPO).
- Lab: Secure a vulnerable Linux server (CIS Benchmark).
Week 3: Logs & Monitoring
If you can't see it, you can't stop it.
- Topics: Syslog, Windows Event Logs, SIEM concepts, Introduction to Splunk/ELK Stack.
- Lab: Ingest and query logs to find failed login attempts.
Week 4: Introduction to Cryptography
Protecting data at rest and in transit.
- Topics: Symmetric vs. Asymmetric encryption, Hashing, PKI & Certificates, TLS/SSL.
- Lab: Encrypt/Decrypt files using GPG.
Week 5: Incident Response Lifecycle
What to do when the alarms go off.
- Topics: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned (PICERL).
- Lab: Tabletop exercise: Ransomware attack.
Week 6: Capstone Investigation
Putting it all together.
- Scenario: You are provided with a disk image of a compromised server. Find the malware, determine the entry point, and write a report.