Knowledge Domains
Audit and Compliance
In almost every work area one or more compliance standards may apply to your company. Examples include PCI-DSS for accepting credit card payments, HIPAA for healthcare institutions and service providers, or GDPR when storing information about citizens of the European Union.
Within this knowledge, we learn about the various compliance standards and how to interpret them. It will boost your professional value if you understand how to apply the most important measures, and what to look for.
Cryptography
Confidentiality and integrity are just two characteristics that rely on the art of cryptography. In this domain, we will learn about the used techniques that allow us to encrypt and decrypt data.
Data and Storage
One of the most precious assets to an organization is data. Data should be properly stored, accessed, and transferred, to guarantee its availability, integrity, and confidentiality.
DevOps Security
When development and operations are mixed correctly, the DevOps way of thinking can change how companies evolve. In this combination of skill sets, the importance of security becomes an important piece of the puzzle.
Digital Forensics
Digital forensics and incident response form together what we call DFIR. This area of expertise deals with handling and investigating system intrusions and data breaches.
File and Printer Sharing
This knowledge domain includes the services needed to share resources like files and printers. Most businesses heavily depend on sharing data. For that reason, it is important to know about the related protocols and measures that can be taken.
Identity and Access Management
Linux systems typically need a combination of functional users (system accounts) and normal users to provide useful services. Within this knowledge domain, we look how this information is stored, used, and can be secured.
Incident Response
Dealing with incidents and intrusions by following modules from this Linux security expert domain.
Linux and System Security
The Linux kernel has a big impact on the security assurances of the system. Within this domain, we cover the measures that were taken on kernel level. This includes the steps during the build process of the kernel and the ones that can be taken during runtime.
Mail and Messaging
The technical implementation of communication methods is covered in this domain. From plaintext protocols for email, up to encrypted channels.
Malware
Malicious software or malware is a threat to most operating systems. While many think Linux is safe from this harm, this is not the case. In this knowledge domain, the basics are covered of malware on Linux. We learn the history and common types that are a threat to Linux.
Memory Management
Within this domain area, the memory management capabilities of Linux are explained. We dive into how executable binaries and libraries are created. By looking at actual memory locations, we learn how things are organized.
Networking
This knowledge domain covers the wide range of networking modules. From securing network protocols up to filtering traffic with tools like iptables.
Physical Security
This knowledge domain includes the security measures specifically for physical defenses, like direct access to the system.
Reverse Engineering
Within the domain of reverse engineering, we will learn why and how to use this technique. From basic understanding on how binaries work on Linux, up to dissecting malware samples.
Security Automation
Increase quality of your security efforts by using automation. This domain covers how to save time by using scripts and tools available on Linux systems.
Security concepts
This is the first knowledge domain to start the training. It provides the foundation for many security concepts that can be applied to different operating systems.
Software Development
From design to deployment, this domain will cover the life-cycle of software. It is useful to both developers and users of said components. Although many Free and Open Source Software components will be covered during the training, these principles will apply also to commercial software.
Software Exploitation
Learn how to break software and find common flaws.
System Management
System management is the generic term for supporting systems during their lifecycle. It typically starts with installation, followed by supporting the system and finally decommissioning of the system.
This knowledge domain will provide you the insights that are needed to install Linux systems, do deployment, and keep systems running.
Vulnerability Discovery
This knowledge domain helps with learning the steps that are part of pentesting and vulnerability management. We learn how to discover vulnerabilities and validate them.
Vulnerability Management
Most software is susceptible to errors, with some leading to serious security weaknesses. This domain deals with vulnerabilities, from detection up to management.
Web applications
Most software nowadays is in the form of a web-based application. It truly leverages the web browser to its fullest. To manage websites, you will find yourself using Content Management System (CMS) via the web browser. Or what if you need to maintain your customer contacts. The Rolodex became standalone software, which in its turn was replaced by online services.
Due to the importance of web applications, we can achieve a lot of our security defenses also in this area. This knowledge domain covers the materials to protect software by using the right standards, protocols, and apply security measures.
Web server security
Popular web server software like Apache and nginx are used to share web applications with the rest of the world. While web applications themselves are typically a target for attackers, it is also the web server itself that needs to be secured. In this knowledge domain, we learn how to set up a web server and restrict its access depending on the type of usage.
Topics: HTTP, HTTP headers, HTTPS