# FILE: SYLLABUS_Cybersecurity_Applied_Lab.md
# SYLLABUS: CYBERSECURITY APPLIED LAB
**Apophis Networking - Security Operations Center Training Program**

---

## Course Overview

This self-study curriculum transitions theoretical cybersecurity concepts into applied, hands-on experience. By building a functional, segmented enterprise-grade network range within a virtualized environment, you will develop the foundational skills necessary to launch a cybersecurity venture, such as Apophis Networking, or operate within a modern Security Operations Center (SOC).

**Program Objectives:**
- Master both offensive (Red Team) and defensive (Blue Team) security techniques
- Build and operate a production-grade SOC infrastructure
- Develop incident response and digital forensics capabilities
- Understand real-world attack chains and detection engineering
- Create professional security documentation and reporting

**Target Audience:**
- Self-learners pursuing cybersecurity careers
- IT professionals transitioning to security roles
- Students preparing for industry certifications (Security+, CySA+, OSCP)
- Aspiring penetration testers and SOC analysts

---

## Core Architecture

The laboratory is built entirely within a Proxmox hypervisor. Network segmentation is achieved via 802.1Q VLAN tagging and routed through a virtualized firewall appliance (pfSense/OPNsense) to ensure malicious traffic remains isolated from your physical home network.

### Network Segmentation Strategy
* **VLAN 100 (Management):** 10.10.1.0/24 - Proxmox Web GUI, Firewall Management.
* **VLAN 200 (Red Network):** 10.10.2.0/24 - Attacker subnet (Kali Linux).
* **VLAN 300 (Blue Network):** 10.10.3.0/24 - Defenders/SOC (Security Onion).
* **VLAN 400 (Victim Network):** 10.10.4.0/24 - Vulnerable targets (Windows/Linux).

### Virtual Machine Inventory
1. **pfSense** (Firewall/Router)
2. **Kali Linux** (Red Team Operations)
3. **Security Onion** (Network Security Monitoring)
4. **Metasploitable 2** (Linux Target)
5. **Windows Server 2022** (Domain Controller)
6. **Windows 10** (Domain Endpoint)

---

## Curriculum Structure

| Module | Title | Duration | Key Skills |
|--------|-------|----------|------------|
| **MOD0** | Prerequisites & Fundamentals | 8-12 hours | Linux CLI, Windows PowerShell, Networking, Virtualization |
| **MOD1** | Secure Infrastructure Provisioning | 4-8 hours | VLAN tagging, pfSense, Firewall rules, Network segmentation |
| **MOD2** | Reconnaissance & Network Traffic Analysis | 8-14 hours | Nmap, Wireshark, Service enumeration, PCAP analysis |
| **MOD3** | Exploitation & Post-Exploitation | 10-17 hours | Metasploit, Reverse shells, Privilege escalation, Persistence |
| **MOD4** | Defensive Monitoring & the SOC | 6-10 hours | Security Onion, IDS/IPS, Suricata rules, Alert triage |
| **MOD4.5** | SIEM Operations & Log Analysis | 6-10 hours | KQL queries, Kibana dashboards, Alert tuning, Correlation |
| **MOD5** | Active Directory Threat Emulation | 8-12 hours | AD deployment, Kerberoasting, Pass-the-Hash, Domain attacks |
| **MOD6** | Incident Response & Digital Forensics | 10-15 hours | Disk forensics, Memory analysis, PCAP forensics, IR reporting |
| **MOD7** | Web Application Security | 8-12 hours | OWASP Top 10, SQL injection, XSS, Burp Suite, WAF |
| **MOD8** | Threat Intelligence & Hunting | 6-10 hours | MITRE ATT&CK, IOCs, Sigma rules, Hypothesis-driven hunting |
| **CAPSTONE** | APT Simulation Project | 16-24 hours | Integrated Red/Blue exercise, Full IR lifecycle, Reporting |

**Total Program Duration:** 90-144 hours (12-18 weeks at 8 hours/week)

---

## Course Expectations

### Self-Directed Learning
This is a **self-paced, self-driven** laboratory curriculum. You are expected to:
- Break the environment intentionally (that's how you learn)
- Troubleshoot routing issues, firewall rules, and VM problems independently
- Analyze packet captures and log files for clues
- Rebuild systems from snapshots when something breaks
- Research error messages using Google, Stack Overflow, Reddit

**The documentation serves as a guide, not a step-by-step walkthrough.** Successful completion requires independent research, critical thinking, and logical problem-solving.

### Time Commitment
- **Minimum:** 8-10 hours per week for 12-14 weeks
- **Recommended:** 12-15 hours per week for faster progress
- **Intensive:** 20+ hours per week to complete in 6-8 weeks

### Documentation Requirements
Every module requires:
- **Lab Report:** Following LAB_REPORT_TEMPLATE.md format
- **Screenshots:** Minimum 5 per module (more for complex modules)
- **Command History:** Export of all commands executed
- **PCAP Files:** Network traffic captures of key activities
- **Deliverables:** Specific outputs listed in each module

### Assessment
- **Module Completion:** Each module graded on 100-point rubric (see ASSESSMENT_RUBRICS.md)
- **Capstone Project:** 200 points (comprehensive assessment)
- **Overall Grade:** Total 1200 points across all modules
- **Passing Grade:** 70% (840/1200 points)
- **Excellence:** 90%+ (1080/1200 points) - ready for OSCP-level challenges

---

## Professional Development

### Certification Pathways

**After completing this curriculum, you will be prepared for:**

**Entry-Level Certifications:**
- CompTIA Security+ (if not already obtained)
- CompTIA CySA+ (Cybersecurity Analyst)
- CompTIA PenTest+ (Penetration Testing)

**Advanced Certifications (with additional study):**
- **Offensive Security Certified Professional (OSCP)** ← Highly recommended next step
- GIAC Certified Incident Handler (GCIH)
- Certified Ethical Hacker (CEH)

### Career Roles
1. **SOC Analyst (Tier 1/2)**
2. **Penetration Tester**
3. **Incident Responder**
4. **Detection Engineer**
5. **Threat Hunter**
6. **Security Consultant**

---

## Module Files

All module documentation is located in the `.claude/` directory:

- **MOD0_Prerequisites.md** - Linux, Windows, Networking, Virtualization fundamentals
- **MOD1_Secure_Infrastructure.md** - Proxmox, pfSense, VLAN configuration
- **MOD2_Recon_and_NTA.md** - Nmap, Wireshark, Service enumeration
- **MOD3_Exploitation.md** - Metasploit, Post-exploitation, Persistence
- **MOD4_Defensive_Monitoring.md** - Security Onion, IDS/IPS, Custom rules
- **MOD4.5_SIEM_Operations.md** - KQL, Kibana dashboards, Log correlation
- **MOD5_Active_Directory_Emulation.md** - AD attacks, Kerberoasting, Lateral movement
- **MOD6_Incident_Response.md** - Forensics, Timeline analysis, IR reporting
- **MOD7_Web_Application_Security.md** - OWASP Top 10, Burp Suite, WAF
- **MOD8_Threat_Intelligence.md** - MITRE ATT&CK, IOCs, Threat hunting
- **CAPSTONE_APT_Simulation.md** - Integrated Red/Blue team exercise

### Supporting Documentation
- **LAB_REPORT_TEMPLATE.md** - Standard format for all lab reports
- **ASSESSMENT_RUBRICS.md** - Grading criteria for all modules
- **SYLLABUS_Cybersecurity_Applied_Lab.md** - This file

---

## Resources & Support

### Required Software (All Free/Open Source)
- Proxmox VE (hypervisor)
- pfSense (firewall)
- Kali Linux (penetration testing)
- Security Onion (SIEM/IDS)
- Metasploitable 2 (vulnerable target)
- Windows Server 2022 (evaluation license)
- Windows 10 (evaluation license)

### Recommended Study Materials
- **Books:**
  - "The Linux Command Line" by William Shotts (FREE PDF)
  - "The Web Application Hacker's Handbook" by Stuttard & Pinto
  - "Practical Malware Analysis" by Sikorski & Honig

- **Videos:**
  - Professor Messer (Network+, Security+)
  - IppSec (HackTheBox walkthroughs)
  - HackerSploit (YouTube channel)

- **Practice Platforms:**
  - TryHackMe (guided learning paths)
  - HackTheBox (realistic VMs)
  - PentesterLab (web app security)

---

## Academic Integrity

### Authorized Use Policy
All tools and techniques taught in this curriculum are for **AUTHORIZED USE ONLY**:
- ✅ **Allowed:** Using these techniques on VMs in YOUR lab that YOU own
- ✅ **Allowed:** Authorized penetration tests with written permission
- ✅ **Allowed:** CTF competitions and training platforms
- ❌ **ILLEGAL:** Using these techniques on unauthorized systems (18 U.S.C. § 1030)

---

**GOOD LUCK, AND WELCOME TO APOPHIS NETWORKING!**

*"Order from Chaos" - Building security professionals one lab at a time.*

---

**END OF SYLLABUS**