Blue teamer I dio

Law & compliance module will cover UK laws and some laws from US, Australia and Russia including the problematic CLOUD act from US. NIS directive and GDPR will be covered too.

Networking basics module will cover TCP/IP suites of protocols, including the OSI and TCP/IP models, IPv4 and IPv4, and various protocols that exist on the TCP/IP stack, such as ARP, DNS, DHCP, SNMP, SMTP, FTP, TFTP, SSH, VoIP, etc. Participants will learn about the networking types, network topologies and network technologies. Additionally, cabling used to establish the interconnections between the network nodes, such as twisted pair, optical and coaxial, will be covered. This module concludes with networking devices, such as switches, routers, firewalls, IDS/IPS, etc., and software defined networking.

Securing networks module will emphasize the devices used to protect the network traffic and network itself, providing the participants with opportunity to acquire knowledge for configuring some of these components, such as routers and VLANS, Firewalls and Proxy servers, VPNs, IDS/IPS devices. In this module, the Dos/DDoS attacks will be discussed too, and participants will have the opportunity to try some of the DoS attacks against the infrastructure they will create during the lab part of the lectures.

Securing Windows OS and services module will first cover the basics of Windows command prompt, terminal, and PowerShell, and then the Windows powerful security features will be reviewed, such as core strategies for administrative privileges, like PAM/JEA/JIT (Privileged Access Management/Just Enough Administration/Just in Time Administration), Windows Defender credential guard, LAPS, AppLocker, BitLocker, etc. Participants will also learn about password policies, account lockout policies, baselines and OS hardening by using CIS benchmarks, Windows patch management, Windows file permission basics, passwords and password protection and attacks, MFA and SSO, biometrics, AD basics, AD attacks, and Kerberos. OS and application virtualization on Windows will be covered as well, such as Hyper-V and docker/docker for desktop and remote access RDP. This module concludes by focusing on how to secure the boot process with trusted boot, ELAM (Early Launch Anti-Malware), Measured boot and TPM 2.0 which is the prerequisite for the Windows 11. Labs will cover many of the above-mentioned technologies.

Securing Linux OS and services module covers the Bash basics, Linux boot process, Linux troubleshooting tools and Linux file permission basics including Linux ACLs. After this introduction, participants will learn about the Linux passwords, and Linux security features, such as AppArmor, SELinux, seccomp, cgroups and chroot. Next, Linux kernel firewall iptables will be reviewed, with some examples on how to use it during various troubleshooting steps. Participants will also learn about the Linux patching techniques, and how to harden Linux OS. Besides that, Linux OS and application virtualization will be reviewed, such as KVM, XEN, Citrix hypervisor, QEMU, and VMware ESXi (ESXi is NOT a Linux distribution as per VMware, even though it is using some of the same core commands). Within this module, docker will be further discussed. This module concludes by providing the introduction into the auditing and centralized logging like rsyslog, auditd, and 3rd party tools like ELK and Splunk, since these tools will be reviewed in more details during the 2nd week of the training.