.claude/SYLLABUS_Cybersecurity_Applied_Lab.md

# FILE: SYLLABUS_Cybersecurity_Applied_Lab.md
# SYLLABUS: CYBERSECURITY APPLIED LAB
**Apophis Networking - Security Operations Center Training Program**

---

## Course Overview

This self-study curriculum transitions theoretical cybersecurity concepts into applied, hands-on experience. By building a functional, segmented enterprise-grade network range within a virtualized environment, you will develop the foundational skills necessary to launch a cybersecurity venture, such as Apophis Networking, or operate within a modern Security Operations Center (SOC).

**Program Objectives:**
- Master both offensive (Red Team) and defensive (Blue Team) security techniques
- Build and operate a production-grade SOC infrastructure
- Develop incident response and digital forensics capabilities
- Understand real-world attack chains and detection engineering
- Create professional security documentation and reporting

**Target Audience:**
- Self-learners pursuing cybersecurity careers
- IT professionals transitioning to security roles
- Students preparing for industry certifications (Security+, CySA+, OSCP)
- Aspiring penetration testers and SOC analysts

---

## Core Architecture

The laboratory is built entirely within a Proxmox hypervisor. Network segmentation is achieved via 802.1Q VLAN tagging and routed through a virtualized firewall appliance (pfSense/OPNsense) to ensure malicious traffic remains isolated from your physical home network.

### Network Segmentation Strategy
* **VLAN 100 (Management):** 10.10.1.0/24 - Proxmox Web GUI, Firewall Management.
* **VLAN 200 (Red Network):** 10.10.2.0/24 - Attacker subnet (Kali Linux).
* **VLAN 300 (Blue Network):** 10.10.3.0/24 - Defenders/SOC (Security Onion).
* **VLAN 400 (Victim Network):** 10.10.4.0/24 - Vulnerable targets (Windows/Linux).

### Virtual Machine Inventory
1. **pfSense** (Firewall/Router)
2. **Kali Linux** (Red Team Operations)
3. **Security Onion** (Network Security Monitoring)
4. **Metasploitable 2** (Linux Target)
5. **Windows Server 2022** (Domain Controller)
6. **Windows 10** (Domain Endpoint)

---

## Curriculum Structure

| Module | Title | Duration | Key Skills |
|--------|-------|----------|------------|
| **MOD0** | Prerequisites & Fundamentals | 8-12 hours | Linux CLI, Windows PowerShell, Networking, Virtualization |
| **MOD1** | Secure Infrastructure Provisioning | 4-8 hours | VLAN tagging, pfSense, Firewall rules, Network segmentation |
| **MOD2** | Reconnaissance & Network Traffic Analysis | 8-14 hours | Nmap, Wireshark, Service enumeration, PCAP analysis |
| **MOD3** | Exploitation & Post-Exploitation | 10-17 hours | Metasploit, Reverse shells, Privilege escalation, Persistence |
| **MOD4** | Defensive Monitoring & the SOC | 6-10 hours | Security Onion, IDS/IPS, Suricata rules, Alert triage |
| **MOD4.5** | SIEM Operations & Log Analysis | 6-10 hours | KQL queries, Kibana dashboards, Alert tuning, Correlation |
| **MOD5** | Active Directory Threat Emulation | 8-12 hours | AD deployment, Kerberoasting, Pass-the-Hash, Domain attacks |
| **MOD6** | Incident Response & Digital Forensics | 10-15 hours | Disk forensics, Memory analysis, PCAP forensics, IR reporting |
| **MOD7** | Web Application Security | 8-12 hours | OWASP Top 10, SQL injection, XSS, Burp Suite, WAF |
| **MOD8** | Threat Intelligence & Hunting | 6-10 hours | MITRE ATT&CK, IOCs, Sigma rules, Hypothesis-driven hunting |
| **CAPSTONE** | APT Simulation Project | 16-24 hours | Integrated Red/Blue exercise, Full IR lifecycle, Reporting |

**Total Program Duration:** 90-144 hours (12-18 weeks at 8 hours/week)

---

## Course Expectations

### Self-Directed Learning
This is a **self-paced, self-driven** laboratory curriculum. You are expected to:
- Break the environment intentionally (that's how you learn)
- Troubleshoot routing issues, firewall rules, and VM problems independently
- Analyze packet captures and log files for clues
- Rebuild systems from snapshots when something breaks
- Research error messages using Google, Stack Overflow, Reddit

**The documentation serves as a guide, not a step-by-step walkthrough.** Successful completion requires independent research, critical thinking, and logical problem-solving.

### Time Commitment
- **Minimum:** 8-10 hours per week for 12-14 weeks
- **Recommended:** 12-15 hours per week for faster progress
- **Intensive:** 20+ hours per week to complete in 6-8 weeks

### Documentation Requirements
Every module requires:
- **Lab Report:** Following LAB_REPORT_TEMPLATE.md format
- **Screenshots:** Minimum 5 per module (more for complex modules)
- **Command History:** Export of all commands executed
- **PCAP Files:** Network traffic captures of key activities
- **Deliverables:** Specific outputs listed in each module

### Assessment
- **Module Completion:** Each module graded on 100-point rubric (see ASSESSMENT_RUBRICS.md)
- **Capstone Project:** 200 points (comprehensive assessment)
- **Overall Grade:** Total 1200 points across all modules
- **Passing Grade:** 70% (840/1200 points)
- **Excellence:** 90%+ (1080/1200 points) - ready for OSCP-level challenges

---

## Professional Development

### Certification Pathways

**After completing this curriculum, you will be prepared for:**

**Entry-Level Certifications:**
- CompTIA Security+ (if not already obtained)
- CompTIA CySA+ (Cybersecurity Analyst)
- CompTIA PenTest+ (Penetration Testing)

**Advanced Certifications (with additional study):**
- **Offensive Security Certified Professional (OSCP)** ← Highly recommended next step
- GIAC Certified Incident Handler (GCIH)
- Certified Ethical Hacker (CEH)

### Career Roles
1. **SOC Analyst (Tier 1/2)**
2. **Penetration Tester**
3. **Incident Responder**
4. **Detection Engineer**
5. **Threat Hunter**
6. **Security Consultant**

---

## Module Files

All module documentation is located in the `.claude/` directory:

- **MOD0_Prerequisites.md** - Linux, Windows, Networking, Virtualization fundamentals
- **MOD1_Secure_Infrastructure.md** - Proxmox, pfSense, VLAN configuration
- **MOD2_Recon_and_NTA.md** - Nmap, Wireshark, Service enumeration
- **MOD3_Exploitation.md** - Metasploit, Post-exploitation, Persistence
- **MOD4_Defensive_Monitoring.md** - Security Onion, IDS/IPS, Custom rules
- **MOD4.5_SIEM_Operations.md** - KQL, Kibana dashboards, Log correlation
- **MOD5_Active_Directory_Emulation.md** - AD attacks, Kerberoasting, Lateral movement
- **MOD6_Incident_Response.md** - Forensics, Timeline analysis, IR reporting
- **MOD7_Web_Application_Security.md** - OWASP Top 10, Burp Suite, WAF
- **MOD8_Threat_Intelligence.md** - MITRE ATT&CK, IOCs, Threat hunting
- **CAPSTONE_APT_Simulation.md** - Integrated Red/Blue team exercise

### Supporting Documentation
- **LAB_REPORT_TEMPLATE.md** - Standard format for all lab reports
- **ASSESSMENT_RUBRICS.md** - Grading criteria for all modules
- **SYLLABUS_Cybersecurity_Applied_Lab.md** - This file

---

## Resources & Support

### Required Software (All Free/Open Source)
- Proxmox VE (hypervisor)
- pfSense (firewall)
- Kali Linux (penetration testing)
- Security Onion (SIEM/IDS)
- Metasploitable 2 (vulnerable target)
- Windows Server 2022 (evaluation license)
- Windows 10 (evaluation license)

### Recommended Study Materials
- **Books:**
  - "The Linux Command Line" by William Shotts (FREE PDF)
  - "The Web Application Hacker's Handbook" by Stuttard & Pinto
  - "Practical Malware Analysis" by Sikorski & Honig

- **Videos:**
  - Professor Messer (Network+, Security+)
  - IppSec (HackTheBox walkthroughs)
  - HackerSploit (YouTube channel)

- **Practice Platforms:**
  - TryHackMe (guided learning paths)
  - HackTheBox (realistic VMs)
  - PentesterLab (web app security)

---

## Academic Integrity

### Authorized Use Policy
All tools and techniques taught in this curriculum are for **AUTHORIZED USE ONLY**:
- ✅ **Allowed:** Using these techniques on VMs in YOUR lab that YOU own
- ✅ **Allowed:** Authorized penetration tests with written permission
- ✅ **Allowed:** CTF competitions and training platforms
- ❌ **ILLEGAL:** Using these techniques on unauthorized systems (18 U.S.C. § 1030)

---

**GOOD LUCK, AND WELCOME TO APOPHIS NETWORKING!**

*"Order from Chaos" - Building security professionals one lab at a time.*

---

**END OF SYLLABUS**
initial commit 2026-05-28 18:27:41 -06:00			`# FILE: SYLLABUS_Cybersecurity_Applied_Lab.md`
			`# SYLLABUS: CYBERSECURITY APPLIED LAB`
			`Apophis Networking - Security Operations Center Training Program`

			`---`

			`## Course Overview`

			`This self-study curriculum transitions theoretical cybersecurity concepts into applied, hands-on experience. By building a functional, segmented enterprise-grade network range within a virtualized environment, you will develop the foundational skills necessary to launch a cybersecurity venture, such as Apophis Networking, or operate within a modern Security Operations Center (SOC).`

			`Program Objectives:`
			`- Master both offensive (Red Team) and defensive (Blue Team) security techniques`
			`- Build and operate a production-grade SOC infrastructure`
			`- Develop incident response and digital forensics capabilities`
			`- Understand real-world attack chains and detection engineering`
			`- Create professional security documentation and reporting`

			`Target Audience:`
			`- Self-learners pursuing cybersecurity careers`
			`- IT professionals transitioning to security roles`
			`- Students preparing for industry certifications (Security+, CySA+, OSCP)`
			`- Aspiring penetration testers and SOC analysts`

			`---`

			`## Core Architecture`

			`The laboratory is built entirely within a Proxmox hypervisor. Network segmentation is achieved via 802.1Q VLAN tagging and routed through a virtualized firewall appliance (pfSense/OPNsense) to ensure malicious traffic remains isolated from your physical home network.`

			`### Network Segmentation Strategy`
			`* VLAN 100 (Management): 10.10.1.0/24 - Proxmox Web GUI, Firewall Management.`
			`* VLAN 200 (Red Network): 10.10.2.0/24 - Attacker subnet (Kali Linux).`
			`* VLAN 300 (Blue Network): 10.10.3.0/24 - Defenders/SOC (Security Onion).`
			`* VLAN 400 (Victim Network): 10.10.4.0/24 - Vulnerable targets (Windows/Linux).`

			`### Virtual Machine Inventory`
			`1. pfSense (Firewall/Router)`
			`2. Kali Linux (Red Team Operations)`
			`3. Security Onion (Network Security Monitoring)`
			`4. Metasploitable 2 (Linux Target)`
			`5. Windows Server 2022 (Domain Controller)`
			`6. Windows 10 (Domain Endpoint)`

			`---`

			`## Curriculum Structure`

			`\| Module \| Title \| Duration \| Key Skills \|`
			`\|--------\|-------\|----------\|------------\|`
			`\| MOD0 \| Prerequisites & Fundamentals \| 8-12 hours \| Linux CLI, Windows PowerShell, Networking, Virtualization \|`
			`\| MOD1 \| Secure Infrastructure Provisioning \| 4-8 hours \| VLAN tagging, pfSense, Firewall rules, Network segmentation \|`
			`\| MOD2 \| Reconnaissance & Network Traffic Analysis \| 8-14 hours \| Nmap, Wireshark, Service enumeration, PCAP analysis \|`
			`\| MOD3 \| Exploitation & Post-Exploitation \| 10-17 hours \| Metasploit, Reverse shells, Privilege escalation, Persistence \|`
			`\| MOD4 \| Defensive Monitoring & the SOC \| 6-10 hours \| Security Onion, IDS/IPS, Suricata rules, Alert triage \|`
			`\| MOD4.5 \| SIEM Operations & Log Analysis \| 6-10 hours \| KQL queries, Kibana dashboards, Alert tuning, Correlation \|`
			`\| MOD5 \| Active Directory Threat Emulation \| 8-12 hours \| AD deployment, Kerberoasting, Pass-the-Hash, Domain attacks \|`
			`\| MOD6 \| Incident Response & Digital Forensics \| 10-15 hours \| Disk forensics, Memory analysis, PCAP forensics, IR reporting \|`
			`\| MOD7 \| Web Application Security \| 8-12 hours \| OWASP Top 10, SQL injection, XSS, Burp Suite, WAF \|`
			`\| MOD8 \| Threat Intelligence & Hunting \| 6-10 hours \| MITRE ATT&CK, IOCs, Sigma rules, Hypothesis-driven hunting \|`
			`\| CAPSTONE \| APT Simulation Project \| 16-24 hours \| Integrated Red/Blue exercise, Full IR lifecycle, Reporting \|`

			`Total Program Duration: 90-144 hours (12-18 weeks at 8 hours/week)`

			`---`

			`## Course Expectations`

			`### Self-Directed Learning`
			`This is a self-paced, self-driven laboratory curriculum. You are expected to:`
			`- Break the environment intentionally (that's how you learn)`
			`- Troubleshoot routing issues, firewall rules, and VM problems independently`
			`- Analyze packet captures and log files for clues`
			`- Rebuild systems from snapshots when something breaks`
			`- Research error messages using Google, Stack Overflow, Reddit`

			`The documentation serves as a guide, not a step-by-step walkthrough. Successful completion requires independent research, critical thinking, and logical problem-solving.`

			`### Time Commitment`
			`- Minimum: 8-10 hours per week for 12-14 weeks`
			`- Recommended: 12-15 hours per week for faster progress`
			`- Intensive: 20+ hours per week to complete in 6-8 weeks`

			`### Documentation Requirements`
			`Every module requires:`
			`- Lab Report: Following LAB_REPORT_TEMPLATE.md format`
			`- Screenshots: Minimum 5 per module (more for complex modules)`
			`- Command History: Export of all commands executed`
			`- PCAP Files: Network traffic captures of key activities`
			`- Deliverables: Specific outputs listed in each module`

			`### Assessment`
			`- Module Completion: Each module graded on 100-point rubric (see ASSESSMENT_RUBRICS.md)`
			`- Capstone Project: 200 points (comprehensive assessment)`
			`- Overall Grade: Total 1200 points across all modules`
			`- Passing Grade: 70% (840/1200 points)`
			`- Excellence: 90%+ (1080/1200 points) - ready for OSCP-level challenges`

			`---`

			`## Professional Development`

			`### Certification Pathways`

			`After completing this curriculum, you will be prepared for:`

			`Entry-Level Certifications:`
			`- CompTIA Security+ (if not already obtained)`
			`- CompTIA CySA+ (Cybersecurity Analyst)`
			`- CompTIA PenTest+ (Penetration Testing)`

			`Advanced Certifications (with additional study):`
			`- Offensive Security Certified Professional (OSCP) ← Highly recommended next step`
			`- GIAC Certified Incident Handler (GCIH)`
			`- Certified Ethical Hacker (CEH)`

			`### Career Roles`
			`1. SOC Analyst (Tier 1/2)`
			`2. Penetration Tester`
			`3. Incident Responder`
			`4. Detection Engineer`
			`5. Threat Hunter`
			`6. Security Consultant`

			`---`

			`## Module Files`

			All module documentation is located in the `.claude/` directory:

			`- MOD0_Prerequisites.md - Linux, Windows, Networking, Virtualization fundamentals`
			`- MOD1_Secure_Infrastructure.md - Proxmox, pfSense, VLAN configuration`
			`- MOD2_Recon_and_NTA.md - Nmap, Wireshark, Service enumeration`
			`- MOD3_Exploitation.md - Metasploit, Post-exploitation, Persistence`
			`- MOD4_Defensive_Monitoring.md - Security Onion, IDS/IPS, Custom rules`
			`- MOD4.5_SIEM_Operations.md - KQL, Kibana dashboards, Log correlation`
			`- MOD5_Active_Directory_Emulation.md - AD attacks, Kerberoasting, Lateral movement`
			`- MOD6_Incident_Response.md - Forensics, Timeline analysis, IR reporting`
			`- MOD7_Web_Application_Security.md - OWASP Top 10, Burp Suite, WAF`
			`- MOD8_Threat_Intelligence.md - MITRE ATT&CK, IOCs, Threat hunting`
			`- CAPSTONE_APT_Simulation.md - Integrated Red/Blue team exercise`

			`### Supporting Documentation`
			`- LAB_REPORT_TEMPLATE.md - Standard format for all lab reports`
			`- ASSESSMENT_RUBRICS.md - Grading criteria for all modules`
			`- SYLLABUS_Cybersecurity_Applied_Lab.md - This file`

			`---`

			`## Resources & Support`

			`### Required Software (All Free/Open Source)`
			`- Proxmox VE (hypervisor)`
			`- pfSense (firewall)`
			`- Kali Linux (penetration testing)`
			`- Security Onion (SIEM/IDS)`
			`- Metasploitable 2 (vulnerable target)`
			`- Windows Server 2022 (evaluation license)`
			`- Windows 10 (evaluation license)`

			`### Recommended Study Materials`
			`- Books:`
			`- "The Linux Command Line" by William Shotts (FREE PDF)`
			`- "The Web Application Hacker's Handbook" by Stuttard & Pinto`
			`- "Practical Malware Analysis" by Sikorski & Honig`

			`- Videos:`
			`- Professor Messer (Network+, Security+)`
			`- IppSec (HackTheBox walkthroughs)`
			`- HackerSploit (YouTube channel)`

			`- Practice Platforms:`
			`- TryHackMe (guided learning paths)`
			`- HackTheBox (realistic VMs)`
			`- PentesterLab (web app security)`

			`---`

			`## Academic Integrity`

			`### Authorized Use Policy`
			`All tools and techniques taught in this curriculum are for AUTHORIZED USE ONLY:`
			`- ✅ Allowed: Using these techniques on VMs in YOUR lab that YOU own`
			`- ✅ Allowed: Authorized penetration tests with written permission`
			`- ✅ Allowed: CTF competitions and training platforms`
			`- ❌ ILLEGAL: Using these techniques on unauthorized systems (18 U.S.C. § 1030)`

			`---`

			`GOOD LUCK, AND WELCOME TO APOPHIS NETWORKING!`

			`"Order from Chaos" - Building security professionals one lab at a time.`

			`---`

			`END OF SYLLABUS`