On This Page

Open Source Defensive Security Training

Defensive Security | March 20 - 21


This is an extremely deep dive training in Open Source infrastructure security, Linux systems and network services hardening. Our hands on workshop has a unique formula "protection vs attack". This means that most of the attacks techniques and security issues we are talking about will be effectively mitigated and protected by the use of defense in depth approach, sophisticated open source software and dedicated secure configuration.

Open Source Defensive Security Training is an up to date, advanced IT Security laboratory dedicated to professionals who need to close the gaps in their Linux & Open Source Security knowledge. The content is based on real world scenarios and gives you the best opportunity to make stronger defensive layers inside your Open Source network infrastructures or Linux-based products. Delivering real world scenarios in our Open Source Defensive Security hands-on labs provides a very practical knowledge you need for expanding your Linux Security skills. We strongly believe that only a combination of broad, systematic Defensive and Offensive Security knowledge can guarantee secure solutions.

As Sun Tzu said: "Know your enemy and know yourself and you can fight a hundred battles
without disaster."

Part 1:
  • Threats are everywhere - introduction to technical Open Source Defensive Security program
  • OSINT - Open Source Intelligence and passive enumeration techniques
  • Web Application Security → Hardened Reverse Proxy →modsecurity vs HTTP security issues :
    • Analysis of the latest web application exploits, vulns and bug bounty reports
    • SSL/TLS attacks vs TLSA+
    • Web based authorization and authentication methods
    • HTTP Security Headers & Cookies
    • Virtual Patching / Web honeypots
    • WAF rules against OWASP Top 10: server & client side injections, CE, open, redirects, HPP, BF, error handling, bots, forceful browsing, null bytes, leakage, DOS, CSWSH and others
    • Full HTTP auditing
    • Sensor based approach → OWASP Appsensor
    • Secure file upload vs vulns
    • WAF+LUA support
    • LAMP / Tomcat Security vs vulns
    • And a lot more offensive and defensive web security tools in use

Part 2:
  • Hardened Linux vs exploits/rootkits :
    • Analysis of the latest kernel and userspace exploits an attack techniques
    • DAC vs MAC + RBAC
    • Grsecurity / PAX vs exploits
    • SELinux / MCS / sVirt vs exploits
    • Apparmor / Tomoyo / Smack / RSBAC
    • GCC/kernel hardening : SSP / NX / PIE / RELRO / ASLR vs attacks
    • LKM-off / YAMA / enforcing
    • Linux Capabilities
    • Syscall sandbox – seccomp
    • User accounting and system auditing → OSSEC / Samhain / aide
    • Containers hardening : Docker / LXC vs attacks
    • Debuggers and profilers – gdb / *trace / ldd / valgrind / yara / systemtap LTTng / sysdig
    • Chroot/jail/pivot_root hardening vs escaping
    • Memory forensics - Volatility Framework vs Linux rootkits
    • Integrity checking – IMA/EVM
    • *privchecks
Part 3:
  • Network security vs attacks:
    • Vulnerability scanning: Nmap NSE / Seccubus / OpenVAS /Metasploit
    • Linux Domain Controller - IdM/HBAC/SUDO
    • Secure SSH Relay - SFTP/SCP
    • SSH tips and tricks
    • Network Data Exfiltration Techniques - detection and protection
    • DOS / scanning / brute-force protection techniques
    • Advanced network firewall: iptables / nftables / ebtables / synproxy
    • Infrastructure canary tokens & honeypots
    • PCAP analysis → Suricata / Bro IDS / Amsterdam vs malware and network attacks
    • Sandboxing for malware detection and deep analysis (cuckoo, yara)

Who Should Take this Course

  • Linux administrators & System Architects
  • DevOps / SecOps
  • IT Security professionals
  • Penetration testers
  • IT Security consultants and Open Source specialists
  • Purple teams

Student Requirements

Windows or Linux or MacOS X laptop
  • 4+ GB RAM
  • latest Virtualbox installed
  • around 20GB free disk space on the hard drive
  • WLAN card obviously
  • and some Linux skills ;-)

What Students Should Bring

Laptop and open mind for new knowledge.

What Students Will Be Provided With

  • Printed materials
  • Virtual machine images
  • Certificate of attendance


Leszek Miś is the Founder of Defensive Security (www.defensive-security.com) and VP, Head of Cyber Security in Collective Sense (www.collective-sense.com). He has over 12 years of experience in IT security market supporting the world's largest customers in terms of delivering penetration tests, secure infrastructures hints, IT Security consultancy services and advanced technical trainings. Next, to that, he has 9 years of experience in teaching and transferring a technical knowledge and his experience. He has trained more than 500 persons with the average evaluation on a 1-5 scale: 4.9. He is an IT Security Architect with pen tester's love and recognized expert on enterprise Open Source solutions. Leszek provides web application and infrastructure penetration tests and he specializes in Linux/OS hardening and defensive security of web application platforms. He is also known and respected trainer/examiner of Red Hat Solutions and author of many IT Security workshops (ModSecurity, FreeIPA, SELinux, Linux Hardening, Network Data Exfiltration Techniques). As a speaker, trainer or just a participant he attended many conferences like Brucon, OWASP Appsec USA, FloCon, SuriCon, HITBSecConf, AlligatorCon, WarCon, Semafor, Exatel Security Days, Confidence 2016("Honey(pot) flavored hunt for cyber enemy), PLNOG 2016 ("Yoyo! It's us, packets! Catch us if you can"), NGSEC 2016 ("Many security layers for many defensive opportunities"), Open Source Day 2010/2011/2012/2013/2014, SysDay 2008 ("SELinux vs exploits"), Confitura 2014 ("Detection and elimination of threats in real time - OWASP Appsensor in action."), Red Hat Roadshow 2014, OWASP Chapter Poland 2015("Does your WAF can handle it?), ISSA, InfoTrams 2015, BIN Gigacon 2015("Mapping pen testers knowledge for the need to protect a critical IT infrastructure"). Holder of many certificates: OSCP, RHCA, RHCSS, Splunk Architect.