Advanced

Goal Understand why system hardening matters and master the foundational principles of defense-in-depth security. Learn how attackers exploit unhardened systems and how layered defenses contain breaches. Prerequisites: Weeks 1-10 (especially Week 5 SSH hardening, Week 9 physical security) This is Part 1 of 4 - Subsequent parts cover MAC systems, kernel hardening, and sandboxing. 1. Why System Hardening Matters The Attacker’s Advantage Without hardening: Single vulnerability → Full system compromise Example attack chain: ...

Goal Understand the difference between traditional Linux permissions (DAC) and Mandatory Access Control systems (AppArmor/SELinux). Learn to audit your system’s security posture using Lynis and systematically fix vulnerabilities. Prerequisites: Week 11a (Hardening Foundations) This is Part 2 of 4 - Covers MAC concepts and security auditing. 1. Understanding Mandatory Access Control (MAC) What is MAC vs DAC? DAC (Discretionary Access Control) - Traditional Linux: Owner decides who can access their files Example: You create secret.txt, you decide who can read it Problem: Malware running as your user inherits ALL your permissions Weakness: If Firefox is exploited, attacker gets access to everything you own MAC (Mandatory Access Control) - AppArmor/SELinux: ...

Goal Learn to harden the Linux kernel using sysctl parameters and implement AppArmor profiles to confine applications. These are the core technical controls that limit what attackers can do even after gaining code execution. Prerequisites: Week 11b (MAC Systems & Security Auditing) This is Part 3 of 4 - Covers kernel hardening and AppArmor implementation. 1. Kernel Hardening with sysctl What is Kernel Hardening? The Linux kernel has hundreds of tuneable parameters that affect security. Kernel hardening means configuring these parameters to: ...

Goal Master Firejail for application sandboxing and understand when to use each hardening tool. Complete hands-on labs and establish a continuous hardening practice. Prerequisites: Week 11c (Kernel Hardening & AppArmor) This is Part 4 of 4 - Covers Firejail sandboxing and the decision framework. 1. Firejail for Application Sandboxing What is Firejail? Firejail creates isolated sandboxes for applications using Linux namespaces: Filesystem isolation - Restrict access to specific directories Network isolation - Block or restrict network access Process isolation - Limit system calls (seccomp) Resource limits - Restrict CPU, memory usage Why use Firejail: ...

Goal Integrate everything you’ve learned into a complete, working secure environment. This isn’t a new lesson with new tools—it’s where you apply Weeks 1-11 to build something real. Choose a project path aligned with your goals. Prerequisites: Completion of Weeks 1-11 This is Part 1 of 3 - Covers project purpose and path selection. 1. Why a Capstone Project? The Gap Between Learning and Doing Learning tools ≠ Building systems ...

Goal Create a concrete project plan, understand how to integrate tools from different weeks, and test your system against realistic threat scenarios. Prerequisites: Week 12a (Choose Your Path) This is Part 2 of 3 - Covers planning, integration, and testing. 1. Project Planning Template Phase 1: Threat Modeling (Week 1 skills) Define your scenario: What are you protecting? (assets) Who are you protecting against? (adversaries) What attacks are realistic? (threats) What’s your risk tolerance? (trade-offs) Example (Journalist path): ...

Goal Understand what a complete capstone looks like through a detailed example, review the required deliverables, and complete your cypherpunk journey. Prerequisites: Week 12b (Planning & Integration) This is Part 3 of 3 - Covers example, deliverables, and course completion. 1. Deliverables and Evaluation Required Deliverables 1. System Documentation (Markdown format) Must include: Architecture diagram Threat model (assets, adversaries, threats) Tool choices and justifications Setup procedures (reproducible) Recovery procedures (tested) Maintenance schedule 2. Working Implementation ...