- Course Level: Ops 401
- Ops 101
- Ops 102
- Ops 201
- Ops 301
Students with previous relevant or equivalent experience can test out of this requirement in their application.
Ready to kickstart your exciting career in cyber security operations (SecOps)? In this intensive course, delve into critical topics like cyber frameworks, data encryption, cloud security, network security, threat modeling, shell scripting, vulnerability scanning, and incident response. Gain valuable ethical hacker skills in penetration testing, and show off your awesome new abilities in two resume-enhancing projects!
Designed to prepare you for today’s most in-demand security skills, this hands-on course emphasizes practical SecOps. Students will gain cutting-edge skills by analyzing systems vulnerabilities, implementing defenses against common threats, and using industry-relevant tooling.
This course will substantially prepare you for achieving the learning objectives of CompTIA Security+ certification. This course covers significant aspects of all six domains required for Security+.
- 1.0 Threats, Attacks, and Vulnerabilities
- 2.0 Technologies and Tools
- 3.0 Architecture and Design
- 4.0 Identity and Access Management
- 5.0 Risk management
- 6.0 Cryptography and PKI
Students register for the CompTIA Security+ SY0-601 during course prework, and take the exam during the final module. The student’s resulting score from taking CompTIA Security+ SY0-601 is then factored into the final grade for this course. Passing this course is largely contingent upon passing CompTIA Security+ SY0-601.
Sybex CompTIA Security+ Study Guide (includes access to online practice exams)
By the start of the first class, you will need a working computer, meeting the school-specified requirements.
The Ops course Lab Kit will include a second computer and additional tools for lab.
Each student is responsible for their access to the internet for purposes of this course and for research. Internet access is a required component of this course and will not be accepted as an excuse for missed work. If you know that you will be traveling, then make sure you plan accordingly.
- Zoom Video Conferencing Software
- The latest version of Google Chrome
- Visual Studio Code
At the end of this course, you will be prepared for a career in Cyber Security
Upon satisfactory completion of this course, a student should be able to:
- Cybersecurity frameworks (e.g. SOC2)
- CIA triad
- Systems hardening
- Risk analysis, assessment, and reporting
- Security compliance and auditing
- Data classification
- Data loss prevention (DLP)
- Data privacy concepts and regulation (GDPR, CCPA)
- Encryption standards
- Password security
- Protecting data at rest and in transit
- Public Key Infrastructure (PKI)
- SSL/TLS
- Threat detection with IDS, SIEM
- Incident response lifecycle
- Indicators of compromise (IOC)
- SIEM deployment and operation
- SIEM log and event analysis
- SIEM troubleshooting, data ingestion, query writing
- Threat hunting techniques
- Cloud identity and access management
- Cloud security in AWS
- Data loss prevention (DLP)
- Intrusion detection & prevention systems (IDS/IPS, Snort)
- Network traffic analysis
- Virtual private cloud (VPC)
- AWS native tooling (e.g. AWS CloudTrail)
- Tactics, techniques, and procedures (TTPs)
- Cyber Kill-Chain
- MITRE ATT&CK
- OWASP
- STRIDE
- Threat Modeling
- Data flow diagrams
- Malware detection with YARA rules, VirusTotal API
- Malware traffic analysis
- Forensic investigation
- Threat hunting with Zeek, RITA
- Web app scanning and exploitation with Burp Suite, w3af, OWASP ZAP
- CVE, CVSS
- Vulnerability scanning tools, e.g. Nessus
- Network and application vulnerability scans and assessments
- Scanner output handling, false positives, prioritization
- Vulnerability risk rating
- Vulnerability types and concepts
- Enumeration
- Exploitation
- Impact analysis
- Investigation and intelligence collection
- Legal considerations in pentest scoping
- Nmap, metasploit, datasploit
- OSINT
- Penetration test lifecycle
- Planning
- Scoping
- Target profiling and evaluation
- Assess risk using quantitative or qualitative methods
- Document risk mitigations and perform security compliance audits
- Take a security project all the way from conceptual requirements to technical implementation
- Apply modern cryptographic principles to protect data at rest and in transit
- Use data loss prevention (DLP) tools
- Perform threat analysis and threat modeling using various tools such as STRIDE, cyber kill-chain, and MITRE ATT&CK
- Explore web application security
- Administer anti-malware systems and various security tools
- Analyze IT systems security with vulnerability scanning
- Perform penetration testing
- Configure an intrusion detection/prevention system (IDS/IPS)
- Performing incident response operations and SIEM event monitoring
- Deploy configure, and query a SIEM
- Oversee cloud security efforts using AWS native tooling
All required downloads of large files will be listed within the class schedule (below) to help you prepare for each class lab activity. It is your responsibility to:
- Maintain a reliable high speed internet connection.
- Maintain adequate hard drive space on your lab kit PC.
- Download the required files in a timely fashion, preferably well in advance of the class you'll be using it.
If you encounter issues downloading the required files for a class, troubleshoot the issue with your instructor outside of lecture. Your instructor will be responsible for maintaining working download links.
To avoid lengthy software installation and setup times, many of the required virtual machines used in this course have been prepared for you in advance. Unlike Ops 301, required infrastructure will commonly be provided to you by way of OVA files, unless the installation and setup of the infrastructure is a part of the learning objectives for the day.
It is generally a good idea to maintain a "core lab" in VirtualBox representing the key elements of a cyber range throughout the course and even past graduation:
- PfSense Router/Firewall
- Windows Server 2019 Domain Controller
- Windows 10 Endpoint (Domained)
- Ubuntu Server 20.10 Web Server
- Ubuntu Server 20.10 GitHub Repository Development Box
- Ubuntu Desktop 20.10 Threat Hunter/IDS Machine
- Kali Linux Attacker Box
Several labs and projects in Ops 401 require an AWS account and free tier hours to avoid incurring charges. It will be your responsibility to maintain and shut down cloud machines in a timely fashion to avoid incurring charges on AWS. Note that creating instances in EC2 involves the use of AMIs (Amazon Machine Images) and not OVAs.
Files customized for this course are intended for students and should not be shared/distributed beyond this class.
This course is composed of 8 modules, each module with its own theme and 2 projects....
Please refer to the downloads table at the bottom of this document to find the downloadable resources you will need for each lab.
| Class # | Topic | Lab |
|---|---|---|
| 01 | Strategic Policy Development | Scenario: Policy Development + Automated Compliance |
| 02 | Cloud Security Principles and Frameworks | Scenario: IaaS Provider Recommendation based on SOC2 Compliance |
| 03 | Cyber Risk Analysis | Scenario: Create risk assessment report for client |
| 04 | Systems Hardening with CIS Standards | Deploy and harden a Windows 2019 server to EC2 |
| 05 | Career Coaching Workshop | Resume Review |
| Class # | Topic | Lab |
|---|---|---|
| 06 | Data File Encryption and Hashing | Transfer files securely between computers |
| 07 | Protecting Data at Rest | Full Disc Encryption on Windows and Linux |
| 08 | DLP and Classification | Implement Data Lost Prevention & Data Classification Solution |
| 09 | Public Key Infrastructure (PKI) | Use PKI in Windows and Linux to send and decrypt messages |
| 10 | Career Coaching Workshop | Personal Pitch |
| Class # | Topic | Lab |
|---|---|---|
| 11 | Foundational SIEM Operations | Deploy and use SIEM Solution (Splunk) |
| 12 | Log Analysis with Splunk | Scenario: Search log data using splunk |
| 13 | Reconstructing a Cloud Attack Using Log Data | Scenario: Use Splunk to trace/re-create an attack |
| 14 | Intrusion Detection and Prevention Systems (IDS/IPS) | Deploy IDS/IPS and trigger rules |
| 15 | Career Coaching Workshop | Targeted Job Search/Negotiations |
| Class # | Topic | Lab |
|---|---|---|
| 16 | Cloud Identity and Access Management (IAM) with AWS | Configure users & groups via CLI |
| 17 | Cloud Network Security | Manage AWS networking and security |
| 18 | Cloud Logging and Monitoring | Enable logs and triggers in AWS |
| 19 | Cloud Detective Controls | Configure Amazon Guard Duty and logging triggers |
| 20 | Project Prep | Team Building, Planning |
| Class # | Topic | Lab |
|---|---|---|
| 26 | Remote Code Execution | Reproduce attack, fix with RCE Script |
| 27 | Persistence | Keep open shell connection with remote computer |
| 28 | Log Clearing | Reproduce and then mitigate a log clearing attack |
| 29 | Modeling a Web Application | Scenario: Threat modeling and DFD |
| 30 | Career Coaching Workshop | Behavioral Interviews |
| Class # | Topic | Lab |
|---|---|---|
| 31 | Threat Hunting with YARA | Write and test YARA rules |
| 32 | Malware Traffic Analysis with Wireshark | Find malicious attack with Wireshark; Incident Reporting |
| 33 | Threat Hunting with Zeek, RITA | Active Countermeasures Threat Hunting Scenarios |
| 34 | Forensic Investigation with Autopsy | Post Mortem analysis of hard drive using Autopsy |
| 35 | Career Coaching Workshop | Technical Interviews |
| Class # | Topic | Lab |
|---|---|---|
| 36 | XSS with w3af, DVWA | Scan a web app using w3af |
| 37 | Automated AppSec with OWASP ZAP | Use ZAP to crawl and brute force attack a web app |
| 38 | Attacking Juice Shop with Burp Suite | Using Burp Suite to probe an app |
| 39 | SQLi with Burp Suite, Web Goat | Practice SQL Injection through scenarios |
| 40 | Career Coaching Workshop | Personal Presentation |
| Class # | Topic | Lab |
|---|---|---|
| 41 | Reconnaissance with Maltego | Information gathering with Maltego |
| 42 | Pass the Hash with Mimikatz | Practice & Document a "pash the hash" attack |
| 43 | Traffic Sniffing with Ettercap | Implement a man-in-the-middle attack via spoofing |
| 44 | Pentest Practice 1 of 2 | Scenario: Use metasploit to gather information and start attack plan |
| 45 | Pentest Practice 2 of 2 | Scenario: Gather information, report findings |
Files are either hosted externally by the source (for example, kali.org hosts Kali Linux ISO) or hosted by Code Fellows using iCloud (Mirror 1) or Google Drive (Mirror 2). You may be prompted to create a free user account for the corresponding service in order to download the hosted files.
Note that "Mirror 2" is an alternative source for downloading the same file. Use the Mirror 2 download link if the primary download link, Mirror 1, does not work. You do not need to download both the Mirror 1 and Mirror 2 for a given class; they are the same file. If none of the provided download links work, contact your instructor for assistance.
Occasionally an OS installer ISO is listed for the class, which indicates that the listed OS is required for the lab. For ISO files, you do not need to download more than one copy to a local computer. Many of these you likely already have saved locally if you completed previous prerequisite coursework with Code Fellows.
| Class | File | Size | Mirror 1 | Mirror 2 |
|---|---|---|---|---|
| Class 1 | SOC 2 Policy Docs | 9 KB | Download | --- |
| Class 2 | Cloud Security Policy Template PDF | 813 KB | Download | --- |
| Class 3 | CyHy Sample Report_508C.pdf | 1.65 MB | Download | --- |
| Risk Assessment Worksheet.xlsx | 410 KB | Download | --- | |
| Class 5 | class-05-cryptor.ova | 2.63 GB | Download | --- |
| Win10 VM | 5.81 GB | Download | --- | |
| Windows Media Creation Tool | 18.5 MB | Download | --- | |
| 7-Zip Installer | 1414 KB | Download | --- | |
| Class 7 | Ubuntu Linux Desktop 20.10 ISO | 2.7 GB | Download | --- |
| Class 8 | FileZilla FTP Client Installer | 13.5 MB | Download | --- |
| Win10 VM | 5.81 GB | Download--- | ||
| Class 9 | Gpg4win 3.1.13 Installer | 13.5 MB | Download | --- |
| Win10 VM | 5.81 GB | Download--- | ||
| Class 10 | class-10-target.ova | 855 MB | Download | --- |
| ADHD4-sha1.ova | 6.0 GB | Download | --- | |
| Class 11-13 | Class-11-13-SIEM.ova | 2 GB | Download | --- |
| Class 14 | Class-14-hunter3.ova | 4 GB | Download | --- |
| Class 15 | Metasploitable 1 | 545 MB | Download | --- |
| Class 26 | term2-baseline-lab-v5.zip (Contains winserv2019-dc1, pfsense-corpnet, siem.ova): Grab this bundle, or each OVA individually from below | 39 GB | Download | |
| README.txt - Includes login / network config details | 1.37 KB | Download | Download | |
| Kali Linux 64-bit Image (Attacker VM) | 4.0 GB | Download | ||
| win10-v2.ova (Single VM, fresh Win10 image) | 5.81 GB | Download | Download | |
| ids.ova (Single VM with Snort) | 9.88 GB | Download | Download | |
| winserv2019-dc1.ova (Single VM) | 9.36 GB | Download | Download | |
| pfsense-corpnet.ova (Single VM) | 748 MB | Download | Download | |
| siem.ova (Single VM with Splunk) | 13.5 GB | Download | Download | |
| Class 29 | Microsoft Threat Modeling Tool | 16.2 KB | Download | --- |
| Class 30 | Metasploitable 3 | 7 GB | Download | Download |
| Class 31 | class-31-34-flare-vm-v2.ova | 21.3 GB | Download | Download |
| Class 33 | Rita VM | 8 GB | Download | --- |
| sample-1500.pcap | 1.6 GB | Download | --- | |
| sample-500.pcap | 832 MB | Download | --- | |
| sample-200.pcap | 523 MB | Download | --- | |
| Class 35 | class-35-webserv.ova | 491 MB | Download | Download |
| Class 36 | class-36-39-security-dojo.ova | 5.82 GB | Download | Download |
| Class 40 | Kali Linux 64-bit Image | 4 GB | Download | --- |
| class-40-target.ova | 646 MB | Download | --- | |
| Class 42 | class-42-target1-win7.ova | 7.22 GB | Download | --- |
| class-42-target2-win7 2.ova | 6.15 GB | Download | --- | |
| Class 44 | class-44-target.ova | 855 MB | Download | --- |
| Class 45 | class-45-target.ova | 7.01 GB | Download | --- |
The following is a more detailed breakdown of required VMs and downloads for each class. If you're wondering "Can I delete the VM from today?" take a look at here to see what's coming up next in terms of required downloads. Links to download mirrors will not be provided here; see the above table for all download mirrors.
- Class 1
- SOC 2 Policy Docs Templates by Blissfully.zip
- Class 2
- Cloud Security Policy Template PDF
- Class 3
- CyHy Sample Report_508C.pdf
- Risk Assessment Worksheet.xlsx
- Class 4
- No downloads
- Class 5
- A Windows 10 VM is required for this Ops Challenge. This can be installed with any of the below options:
- Media Creation Tool
- MSEdge on Win10 (x64) Stable 1809 6.75GB Download
- 7-Zip Installer 1414KB Download
- A Windows 10 VM is required for this Ops Challenge. This can be installed with any of the below options:
- Class 6
- No downloads
- Class 7
- A Windows 10 VM and Ubuntu Linux Desktop VM are required for this lab
- Class 8
- A Windows 10 VM is required for this lab
- FileZilla Download
- Class 9
- A Windows 10 VM is required for this lab
- Gpg4win 3.1.13 Download
- Class 10
- A Kali Linux VM is required for this lab
- Class 11
- Class-11-13-splunkserv.ova (10 GB)
- Class 12
- No downloads, uses the OVA from Class 11
- Class 13
- No downloads, uses the OVA from Class 11
- Class 14
- Ubuntu IDS OVA
- Class 15
- This Ops Challenge requires Kali Linux.
- Metasploitable 1 OVA
- Class 16
- No downloads
- Class 17
- No downloads
- Class 18
- No downloads
- Class 19
- No downloads
- Class 20
- No downloads
- Class 26
- Term 2 Baseline Lab
- Class 27
- Term 2 Baseline Lab
- Class 28
- Term 2 Baseline Lab
- Class 29
- Microsoft Threat Modeling Tool
- Class 30
- The following VMs are used in this Ops Challenge:
- Kali Linux
- Metasploitable 3
- Windows 10
- The following VMs are used in this Ops Challenge:
- Class 31
- The FLARE VM is required for this lab
- Class 32
- The FLARE VM is required for this lab
- Class 33
- This lab will have you analyze some PCAP files from Active Countermeasures. Download these to a VM where you've installed Zeek, RITA, and Wireshark.
- sample-1500.pcap (1.6 GB)
- sample-500.pcap (832 MB)
- sample-200.pcap (523 MB)
- This lab will have you analyze some PCAP files from Active Countermeasures. Download these to a VM where you've installed Zeek, RITA, and Wireshark.
- Class 34
- The FLARE VM is required for this lab
- Class 35
- class-35-webserv.ova (491 MB)
- Class 36
- class-36-39-security-dojo.ova
- Class 37
- The class-36-39-security-dojo.ova is required for this lab
- Class 38
- The class-36-39-security-dojo.ova is required for this lab
- Class 39
- The class-36-39-security-dojo.ova is required for this lab
- Class 40
- Kali VM
- class-40-target.ova
- Class 41
- This lab requires a Kali VM.
- Class 42
- class-42-target1-win7.ova
- class-42-target2-win7.ova
- Class 43
- This lab requires a Kali VM and class-42-target2-win7.ova
- Class 44
- class-44-target.ova
- Class 45
- class-45-target.ova