jramos/seclab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d0035721e3ffe60b86f081ad297fcf0b9dd7ae5
seclab/.claude/SYLLABUS_Cybersecurity_Applied_Lab.md
jramos 6d0035721e initial commit
2026-05-28 18:27:41 -06:00

8.1 KiB
Raw Blame History

FILE: SYLLABUS_Cybersecurity_Applied_Lab.md

SYLLABUS: CYBERSECURITY APPLIED LAB

Apophis Networking - Security Operations Center Training Program

Course Overview

This self-study curriculum transitions theoretical cybersecurity concepts into applied, hands-on experience. By building a functional, segmented enterprise-grade network range within a virtualized environment, you will develop the foundational skills necessary to launch a cybersecurity venture, such as Apophis Networking, or operate within a modern Security Operations Center (SOC).

Program Objectives:

  • Master both offensive (Red Team) and defensive (Blue Team) security techniques
  • Build and operate a production-grade SOC infrastructure
  • Develop incident response and digital forensics capabilities
  • Understand real-world attack chains and detection engineering
  • Create professional security documentation and reporting

Target Audience:

  • Self-learners pursuing cybersecurity careers
  • IT professionals transitioning to security roles
  • Students preparing for industry certifications (Security+, CySA+, OSCP)
  • Aspiring penetration testers and SOC analysts

Core Architecture

The laboratory is built entirely within a Proxmox hypervisor. Network segmentation is achieved via 802.1Q VLAN tagging and routed through a virtualized firewall appliance (pfSense/OPNsense) to ensure malicious traffic remains isolated from your physical home network.

Network Segmentation Strategy

  • VLAN 100 (Management): 10.10.1.0/24 - Proxmox Web GUI, Firewall Management.
  • VLAN 200 (Red Network): 10.10.2.0/24 - Attacker subnet (Kali Linux).
  • VLAN 300 (Blue Network): 10.10.3.0/24 - Defenders/SOC (Security Onion).
  • VLAN 400 (Victim Network): 10.10.4.0/24 - Vulnerable targets (Windows/Linux).

Virtual Machine Inventory

  1. pfSense (Firewall/Router)
  2. Kali Linux (Red Team Operations)
  3. Security Onion (Network Security Monitoring)
  4. Metasploitable 2 (Linux Target)
  5. Windows Server 2022 (Domain Controller)
  6. Windows 10 (Domain Endpoint)

Curriculum Structure

Module Title Duration Key Skills
MOD0 Prerequisites & Fundamentals 8-12 hours Linux CLI, Windows PowerShell, Networking, Virtualization
MOD1 Secure Infrastructure Provisioning 4-8 hours VLAN tagging, pfSense, Firewall rules, Network segmentation
MOD2 Reconnaissance & Network Traffic Analysis 8-14 hours Nmap, Wireshark, Service enumeration, PCAP analysis
MOD3 Exploitation & Post-Exploitation 10-17 hours Metasploit, Reverse shells, Privilege escalation, Persistence
MOD4 Defensive Monitoring & the SOC 6-10 hours Security Onion, IDS/IPS, Suricata rules, Alert triage
MOD4.5 SIEM Operations & Log Analysis 6-10 hours KQL queries, Kibana dashboards, Alert tuning, Correlation
MOD5 Active Directory Threat Emulation 8-12 hours AD deployment, Kerberoasting, Pass-the-Hash, Domain attacks
MOD6 Incident Response & Digital Forensics 10-15 hours Disk forensics, Memory analysis, PCAP forensics, IR reporting
MOD7 Web Application Security 8-12 hours OWASP Top 10, SQL injection, XSS, Burp Suite, WAF
MOD8 Threat Intelligence & Hunting 6-10 hours MITRE ATT&CK, IOCs, Sigma rules, Hypothesis-driven hunting
CAPSTONE APT Simulation Project 16-24 hours Integrated Red/Blue exercise, Full IR lifecycle, Reporting

Total Program Duration: 90-144 hours (12-18 weeks at 8 hours/week)

Course Expectations

Self-Directed Learning

This is a self-paced, self-driven laboratory curriculum. You are expected to:

  • Break the environment intentionally (that's how you learn)
  • Troubleshoot routing issues, firewall rules, and VM problems independently
  • Analyze packet captures and log files for clues
  • Rebuild systems from snapshots when something breaks
  • Research error messages using Google, Stack Overflow, Reddit

The documentation serves as a guide, not a step-by-step walkthrough. Successful completion requires independent research, critical thinking, and logical problem-solving.

Time Commitment

  • Minimum: 8-10 hours per week for 12-14 weeks
  • Recommended: 12-15 hours per week for faster progress
  • Intensive: 20+ hours per week to complete in 6-8 weeks

Documentation Requirements

Every module requires:

  • Lab Report: Following LAB_REPORT_TEMPLATE.md format
  • Screenshots: Minimum 5 per module (more for complex modules)
  • Command History: Export of all commands executed
  • PCAP Files: Network traffic captures of key activities
  • Deliverables: Specific outputs listed in each module

Assessment

  • Module Completion: Each module graded on 100-point rubric (see ASSESSMENT_RUBRICS.md)
  • Capstone Project: 200 points (comprehensive assessment)
  • Overall Grade: Total 1200 points across all modules
  • Passing Grade: 70% (840/1200 points)
  • Excellence: 90%+ (1080/1200 points) - ready for OSCP-level challenges

Professional Development

Certification Pathways

After completing this curriculum, you will be prepared for:

Entry-Level Certifications:

  • CompTIA Security+ (if not already obtained)
  • CompTIA CySA+ (Cybersecurity Analyst)
  • CompTIA PenTest+ (Penetration Testing)

Advanced Certifications (with additional study):

  • Offensive Security Certified Professional (OSCP) ← Highly recommended next step
  • GIAC Certified Incident Handler (GCIH)
  • Certified Ethical Hacker (CEH)

Career Roles

  1. SOC Analyst (Tier 1/2)
  2. Penetration Tester
  3. Incident Responder
  4. Detection Engineer
  5. Threat Hunter
  6. Security Consultant

Module Files

All module documentation is located in the .claude/ directory:

  • MOD0_Prerequisites.md - Linux, Windows, Networking, Virtualization fundamentals
  • MOD1_Secure_Infrastructure.md - Proxmox, pfSense, VLAN configuration
  • MOD2_Recon_and_NTA.md - Nmap, Wireshark, Service enumeration
  • MOD3_Exploitation.md - Metasploit, Post-exploitation, Persistence
  • MOD4_Defensive_Monitoring.md - Security Onion, IDS/IPS, Custom rules
  • MOD4.5_SIEM_Operations.md - KQL, Kibana dashboards, Log correlation
  • MOD5_Active_Directory_Emulation.md - AD attacks, Kerberoasting, Lateral movement
  • MOD6_Incident_Response.md - Forensics, Timeline analysis, IR reporting
  • MOD7_Web_Application_Security.md - OWASP Top 10, Burp Suite, WAF
  • MOD8_Threat_Intelligence.md - MITRE ATT&CK, IOCs, Threat hunting
  • CAPSTONE_APT_Simulation.md - Integrated Red/Blue team exercise

Supporting Documentation

  • LAB_REPORT_TEMPLATE.md - Standard format for all lab reports
  • ASSESSMENT_RUBRICS.md - Grading criteria for all modules
  • SYLLABUS_Cybersecurity_Applied_Lab.md - This file

Resources & Support

Required Software (All Free/Open Source)

  • Proxmox VE (hypervisor)
  • pfSense (firewall)
  • Kali Linux (penetration testing)
  • Security Onion (SIEM/IDS)
  • Metasploitable 2 (vulnerable target)
  • Windows Server 2022 (evaluation license)
  • Windows 10 (evaluation license)

Recommended Study Materials

  • Books:

    • "The Linux Command Line" by William Shotts (FREE PDF)
    • "The Web Application Hacker's Handbook" by Stuttard & Pinto
    • "Practical Malware Analysis" by Sikorski & Honig

  • Videos:

    • Professor Messer (Network+, Security+)
    • IppSec (HackTheBox walkthroughs)
    • HackerSploit (YouTube channel)

  • Practice Platforms:

    • TryHackMe (guided learning paths)
    • HackTheBox (realistic VMs)
    • PentesterLab (web app security)

Academic Integrity

Authorized Use Policy

All tools and techniques taught in this curriculum are for AUTHORIZED USE ONLY:

  • Allowed: Using these techniques on VMs in YOUR lab that YOU own
  • Allowed: Authorized penetration tests with written permission
  • Allowed: CTF competitions and training platforms
  • ILLEGAL: Using these techniques on unauthorized systems (18 U.S.C. § 1030)

GOOD LUCK, AND WELCOME TO APOPHIS NETWORKING!

"Order from Chaos" - Building security professionals one lab at a time.

END OF SYLLABUS

Reference in New Issue View Git Blame Copy Permalink