Week 10 · Part 1 of 2: Bash Scripting for Security & GPG Automation

Goal Learn bash scripting fundamentals tailored for security workflows and master automating GPG encryption operations in scripts. Prerequisites: Weeks 1-9 (encryption, GPG, system administration) This is Part 1 of 2 - Covers scripting fundamentals and GPG automation. 1. Why Automate Security Workflows? The Problem: Manual Tasks Get Skipped Security fatigue is real: Manual backups → forgotten until disaster strikes Key rotation → procrastinated indefinitely Log reviews → “I’ll do it tomorrow” (never happens) Security updates → Delayed due to inconvenience Result: Security degrades over time ...

Week 10 · Part 2 of 2: Cron Scheduling & Security Maintenance Automation

Goal Master cron scheduling for security automation, build security maintenance scripts, and create a complete automated security workflow suite. Prerequisites: Week 10a (Bash Scripting & GPG Automation) This is Part 2 of 2 - Covers scheduling and complete automation workflows. 1. Cron Jobs for Automation Understanding Cron Syntax # ┌───────────── minute (0-59) # │ ┌─────────── hour (0-23) # │ │ ┌───────── day of month (1-31) # │ │ │ ┌─────── month (1-12) # │ │ │ │ ┌───── day of week (0-7, Sunday = 0 or 7) # │ │ │ │ │ # * * * * * command to execute Examples: ...

Week 11 · Part 1 of 4: Why System Hardening Matters

Goal Understand why system hardening matters and master the foundational principles of defense-in-depth security. Learn how attackers exploit unhardened systems and how layered defenses contain breaches. Prerequisites: Weeks 1-10 (especially Week 5 SSH hardening, Week 9 physical security) This is Part 1 of 4 - Subsequent parts cover MAC systems, kernel hardening, and sandboxing. 1. Why System Hardening Matters The Attacker’s Advantage Without hardening: Single vulnerability → Full system compromise Example attack chain: ...

Week 11 · Part 2 of 4: MAC Systems & Security Auditing

Goal Understand the difference between traditional Linux permissions (DAC) and Mandatory Access Control systems (AppArmor/SELinux). Learn to audit your system’s security posture using Lynis and systematically fix vulnerabilities. Prerequisites: Week 11a (Hardening Foundations) This is Part 2 of 4 - Covers MAC concepts and security auditing. 1. Understanding Mandatory Access Control (MAC) What is MAC vs DAC? DAC (Discretionary Access Control) - Traditional Linux: Owner decides who can access their files Example: You create secret.txt, you decide who can read it Problem: Malware running as your user inherits ALL your permissions Weakness: If Firefox is exploited, attacker gets access to everything you own MAC (Mandatory Access Control) - AppArmor/SELinux: ...

Week 11 · Part 3 of 4: Kernel Hardening & AppArmor Profiles

Goal Learn to harden the Linux kernel using sysctl parameters and implement AppArmor profiles to confine applications. These are the core technical controls that limit what attackers can do even after gaining code execution. Prerequisites: Week 11b (MAC Systems & Security Auditing) This is Part 3 of 4 - Covers kernel hardening and AppArmor implementation. 1. Kernel Hardening with sysctl What is Kernel Hardening? The Linux kernel has hundreds of tuneable parameters that affect security. Kernel hardening means configuring these parameters to: ...

Week 11 · Part 4 of 4: Firejail Sandboxing & Defense Framework

Goal Master Firejail for application sandboxing and understand when to use each hardening tool. Complete hands-on labs and establish a continuous hardening practice. Prerequisites: Week 11c (Kernel Hardening & AppArmor) This is Part 4 of 4 - Covers Firejail sandboxing and the decision framework. 1. Firejail for Application Sandboxing What is Firejail? Firejail creates isolated sandboxes for applications using Linux namespaces: Filesystem isolation - Restrict access to specific directories Network isolation - Block or restrict network access Process isolation - Limit system calls (seccomp) Resource limits - Restrict CPU, memory usage Why use Firejail: ...

Week 12 · Part 1 of 3: Capstone Project — Choose Your Path

Goal Integrate everything you’ve learned into a complete, working secure environment. This isn’t a new lesson with new tools—it’s where you apply Weeks 1-11 to build something real. Choose a project path aligned with your goals. Prerequisites: Completion of Weeks 1-11 This is Part 1 of 3 - Covers project purpose and path selection. 1. Why a Capstone Project? The Gap Between Learning and Doing Learning tools ≠ Building systems ...

Week 12 · Part 2 of 3: Project Planning & Integration

Goal Create a concrete project plan, understand how to integrate tools from different weeks, and test your system against realistic threat scenarios. Prerequisites: Week 12a (Choose Your Path) This is Part 2 of 3 - Covers planning, integration, and testing. 1. Project Planning Template Phase 1: Threat Modeling (Week 1 skills) Define your scenario: What are you protecting? (assets) Who are you protecting against? (adversaries) What attacks are realistic? (threats) What’s your risk tolerance? (trade-offs) Example (Journalist path): ...

Week 12 · Part 3 of 3: Example Capstone & Final Checklist

Goal Understand what a complete capstone looks like through a detailed example, review the required deliverables, and complete your cypherpunk journey. Prerequisites: Week 12b (Planning & Integration) This is Part 3 of 3 - Covers example, deliverables, and course completion. 1. Deliverables and Evaluation Required Deliverables 1. System Documentation (Markdown format) Must include: Architecture diagram Threat model (assets, adversaries, threats) Tool choices and justifications Setup procedures (reproducible) Recovery procedures (tested) Maintenance schedule 2. Working Implementation ...