Linux + Windows + cloud hardening, network defence, memory corruption, kernel sandboxing, K8s security, SIEM + detection engineering. From host config to SOC ops.
This is the course for builders who want to defend the systems their applications run on. Every layer of the stack gets its own module — OS hardening (Linux + Windows + AD), networking (firewalls, IDS/IPS, Zero Trust), cryptography in the system layer (mTLS, SSH, PKI, HSM), memory corruption + mitigations, kernel sandboxing (seccomp, namespaces, eBPF-LSM), container + Kubernetes security, cloud security (IAM, KMS, audit, CSPM), and finally SIEM + detection engineering for tying it all together. Anchored in CIS Benchmarks, MITRE ATT&CK, NIST 800-53, and real-world incident patterns. Five capstones (you pick one): ship a hardened Linux baseline, map and remediate AD attack paths, stand up Zero Trust access, harden a K8s cluster to CIS Level 1, or stand up a working SIEM + detection pipeline.
Built by Lakshya Kumar
Paste this into any AI chat. Fill in the bracketed parts with your context — you'll get back a straight answer on whether this belongs on your plate.
We grant free access case-by-case — students, career-switchers, builders on a tight budget. Sign in to send us a note.
Sign in to applyComplete all modules, then submit the required number of capstone projects. Each must earn a passing rating from an admin reviewer.
Build a Packer (or Ansible) artefact for your distro that produces a Linux baseline image compliant with CIS Level 1. Include SSH key-only + modern KEX/ciphers, SELinux or AppArmor enforcing, auditd rules for credential and sudo events, AIDE file-integrity baseline, fail2ban, automatic security updates, NTP. Run OpenSCAP against the result; capture the report.
I am learning system security — Linux hardening (DAC, capabilities, SELinux / AppArmor, auditd), Windows + Active Directory (Kerberos, GPO, BloodHound), network security (firewalls, IDS, Zero Trust), system cryptography (mTLS, SSH, PKI, HSM, KMS), memory corruption (overflows, ROP, mitigations), kernel sandboxing (seccomp, namespaces, eBPF-LSM, Falco), container + Kubernetes security (RBAC, NetworkPolicy, admission control, image signing), cloud security (IAM, KMS, CSPM), and SIEM + detection engineering. Help me work through the actual mechanics with reference to CIS Benchmarks, MITRE ATT&CK, NIST 800-53, and real-world incident patterns.
Run SharpHound + BloodHound against a lab (or real, with permission) AD environment. Identify the top five shortest paths to Domain Admin. For each, design and implement a remediation (remove unneeded delegation, rotate weak service-account passwords, separate tiers). Re-run BloodHound; verify the paths are eliminated.
Pick an internal service currently reachable via VPN. Stand up Cloudflare Access (or Tailscale, or self-hosted Pomerium) in front of it. Configure SSO + device cert + per-request authorisation. Decommission VPN access. Document the rollout and the user-experience comparison.
Take a real or lab K8s cluster. Apply restrictive RBAC (default-deny + explicit), NetworkPolicies (default-deny + explicit allows), Kyverno or Gatekeeper policies (no privileged, no `:latest`, signed images required, drop ALL capabilities, no hostNetwork), Pod Security Standards (restricted in prod namespaces), and a Falco DaemonSet. Run a CIS K8s benchmark scan; document compliance and accepted deviations.
Build a working SIEM stack (Wazuh / Elastic / Splunk free tier) ingesting from at least 3 log sources (host audit, container runtime, cloud audit log). Deploy 5+ Sigma-based detection rules covering different ATT&CK tactics. Wire alerts to a chat or incident channel. Run for one week; capture MTTD, false-positive rate, and time-to-triage; iterate.
Post-initial-access taxonomy; detection-coverage scoring.