Course Overview

Chapter 1: Introduction

Chapter 1 introduces the challenges that security professionals face, the three main goals of CIA security, risk management and integrity vs. non-repudiation. Students will learn the various layers of security, and what countermeasures can reduce risk. This chapter explains how to utilize the simulation labs to effectively practice different concepts within a security role.

Chapter 2: Threats, Attacks and Vulnerabilities

Chapter 2 identifies the threat actor types as well as different attack strategies and how to defend against attacks. It also covers how to implement malware protection, use Windows Security, and configure Windows Defender to secure a network. Students will also learn how to identify social engineering, and how to scan for different types of vulnerabilities, including vulnerabilities within Windows and Linux.

Chapter 3: Physical

Chapter 3 discusses physical threats and how to secure against them. It reviews guidelines for protecting servers, the Protective Distribution System, a Faraday cage, and fiber optic cabling. Students will also learn how temperature affects computer equipment, how to reduce and maintain temperatures to keep equipment running efficiently, and methods for fire suppression.

Chapter 4: Networks and Hosts Design and Diagnosis

Chapter 4 introduces how to develop a manageable network plan, what elements to identify when mapping a network, and how to protect the network while still providing necessary access. It also covers hardening, the benefits of security, how to reduce the attack surface of a device, and the importance of lean software installation. Students will learn how to identify inherited permissions, the difference between Share and NTFS permissions and how to view user permissions. This chapter concludes by exploring Linux host security. Students will learn to remove unnecessary services and scan ports, install and update iptables, and identify network connections on a system.

Chapter 5: Devices and Infrastructure

Chapter 5 covers how to install and configure a security appliance, configure network security appliance access, quality of service, and demilitarized zones. It also covers how to configure firewall rules, schedules, and a perimeter firewall. Students will learn about NAT and how to configure a VPN, VPN Client, remote access VPN, and a VPN connection from mobile devices. This chapter introduces how to protect against web threats by configuring web threat protection and URL blocking, what the two stages of Network Access Control are, and how to guard against network threats. Students learn to protect enterprise infrastructure, follow best practices to ensure resource protection, identify vulnerabilities, and apply software patches. This chapter concludes by discussing network applications, switch security, router security, and using VLANs.

Chapter 6: Identity, Access and Account Management

Chapter 6 covers best practices for access control, authentication, and authorization. Students will learn the windows operating system roles, user accounts, workgroups, online user accounts, domain user accounts, and Azure AD user accounts. They will also learn about Active Directory, the purpose of a domain, how to simplify security administration with OUs, the advantages of a hierarchal directory database, the difference between a tree and a forest, applicable user policies, and how to create GPOs. This chapter discusses how to harden user accounts, restrict local accounts, secure default accounts, enforce user account control, and configure smart card authentication. Students will learn to create, rename, and delete users and groups within Linux. This chapter ends by explaining remote access and network authentication. Students will learn to configure a RADIUS solution, learn about LDAP and Kerberos authentication, and learn how to control the authentication method and manage credentials.

Chapter 7: Cryptography and PKI

Chapter 7 explains cryptography and the difference between symmetric and asymmetric encryption, which algorithms can be used to generate a hash, how to use steganography to hide a file, and how to crack a symmetric encryption key. This chapter also covers the goals of information security, the benefits of a digital signature and the functionality of a Trusted Platform Module. Students will learn about hashing and which algorithms to use, and how to encrypt files using EFS, PGP, and GPG. This chapter concludes by discussing the public key infrastructure, certificate types, managing certificates, and extending validation.

Chapter 8: Wireless Threats

Chapter 8 reviews wireless networking and installation, potential threats to security, and how to defend against attacks. This chapter provides instruction on creating a wireless connection, cracking encryption, and how to configure rogue host protection. Students will learn to use wireless attack tools, how to crack Wi-Fi encryption, detect rogue hosts, and configure rogue host protection. This chapter ends by discussing methods of wireless authentication and access, as well as how to harden a wireless access point and configure WIPS and captive portals.

Chapter 9: Virtualization, Cloud Security and Securing Mobile Devices

Chapter 9 explores the different technologies related to virtualization and mobile and cloud security. As students explore host virtualization and virtual networking, they will discover load balancing, and learn how to create and manage virtual machines, different virtual network devices, and virtual switches. This chapter covers software-defined networking and architecture, cloud services, and cloud security. Students will learn about security issues with cloud computing and how to enhance cloud performance, as well as different types of controls and solutions. As students examine mobile devices, they will learn about different connection methods, enforcing mobile device security, sideloading an app, managing mobile devices, and enrolling a device and performing a remote wipe. This chapter concludes by discussing bring-your-own-device security, how to create a guest network for BYOD, constraints and security of embedded devices, and communication of embedded systems.

Chapter 10: Securing Data and Applications

Chapter 10 introduces data transmission security, how to add SSL to a website, allow SSL connections, and how to require IPsec for communication. This chapter introduces data loss prevention, masking, encryptions, tokenization and rights management. Students will learn to perform an SQL injection attack, prevent cross-site scripting, and exploit SQL on a webpage. Finishing with application development and security, students will learn how to harden applications on Linux, implement data execution preventions, and implement application whitelisting with AppLocker.

Chapter 11: Security Assessments

Chapter 11 introduces different tools for penetration testing, monitoring and reconnaissance, and intrusion detection. As students review different security assessment techniques, they will learn about the threat-hunting process, the common vulnerability scoring system calculator, and how to scan for common vulnerabilities in Windows and Linux, domain controllers, WAPs, and security appliances. This chapter discusses protocol analyzers, analyzing network traffic and attacks, performing ARP and DNS poisoning, and how to examine DNS attacks and identify malicious code.

Chapter 12. Incident Response, Forensics and Recovery

Chapter 12 explores different ways to discover and respond to security issues. It covers the process and framework for responding to an incident, how to mitigate an incident through reconfiguring and protecting endpoints, and isolating and containing an incident. Students will learn the importance of log management,  identifying and using trends from vulnerability scan outputs, and uses for SIEM. Students will also learn how to use Windows for logging events. This chapter covers forensic documentation and evidence, acquiring forensic data, and using forensic tools to investigate incidents. Students will discover how to manipulate files using shells and scripting, manipulate packet capture, and use TcpRelay. This chapter concludes by discussing how to implement secure network designs and manage redundant power options, backup files and recover files with file history, and use the backup domain controller.

Chapter 13: Risk Management

Chapter 13 chapter introduces organizational security policies including: personnel policies, data protection policies, and credential and organizational policies. This chapter also reviews risk types and tolerance, how to analyze risks, and business continuity planning. Students will learn about email security, protecting a client from spam, and securing an email server.

Chapter 14: Governance and Compliance

Chapter 14 explores auditing with Windows security logs, advanced audit policies, and different types of audits. This chapter covers different control categories and security frameworks. Students will finish by learning about sensitive data and privacy, by reviewing consequences of breaches, information classification, privacy and responsibility, and data destruction.

Chapter 1: Introduction

Security Overview

  • The Security Landscape
  • Security Concepts

Defense Planning

  • The Layered Security Model
  • User Education

Chapter 2: Threats, Attacks, and Vulnerabilities

Understanding Attacks

  • Threat Actor Types
  • Threat Agents Overview
  • General Attack Strategy
  • General Defense Strategy


  • Malware Facts
  • Malware Protection Facts
  • Implementing Malware Protections
  • Use Windows Security

Social Engineering

  • Social Engineering Overview
  • Social Engineering Motivation
  • Social Engineering Techniques
  • Phishing and Internet-Based Techniques
  • Social Engineer Toolkit
  • Investigating a Social Engineering Attack

Vulnerability Concerns

  • Vulnerability Concerns Facts
  • Impact of Vulnerabilities

Chapter 3: Physical

Physical Threats

  • Physical Security

Device and Network Protection

  • Hardware Security Guidelines
  • Hardware Security Facts
  • Physical Network Protection

Environment Controls

  • Securing Environmental Systems
  • Environmental Control Facts
  • Fire Protection Facts

Chapter 4: Networks and Hosts Design and Diagnosis

Manageable Network Plan

  • Manageable Network Plan Facts

Windows System Hardening

  • Hardening Facts
  • Hardening an Operating System
  • Managing Automatic Updates
  • Configure Automatic Updates
  • Configure Microsoft Defender Firewall

File Server Security

  • File System Security Facts
  • File Permission Facts
  • Configuring NTFS Permissions

Linux Host Security

  • Removing Unnecessary Services
  • Linux Host Security Facts
  • Configure iptables

Chapter 5: Devices and Infrastructure

Security Appliances

  • Security Solutions
  • Security Zones
  • All-In-One Security Appliances
  • Security Solution Facts
  • Configuring Network Security Appliance Access
  • Configure QoS
  • Attack Deception
  • Detect Malicious Network Traffic with a Honeypot

Demilitarized Zones

  • Demilitarized Zones
  • Configuring a DMZ
  • DMZ Facts


  • Firewall Facts
  • Configure Firewall Rules
  • Configure Firewall Schedules

Network Address Translation

  • Network Address Translation Facts
  • Configure NAT

Virtual Private Networks

  • Virtual Private Networks
  • Configuring a VPN
  • Configuring a VPN Client
  • VPN Facts
  • VPN Protocol Facts

Web Threat Protection

  • Configure Web Threat Protection
  • Configure URL Blocking
  • Web Threat Protection Facts

Network Access Control

  • Network Access Control Facts

Network Threats

  • Network Threats Overview

Network Device Vulnerabilities

  • Device Vulnerability Facts
  • Searching for Default Passwords
  • Unauthorized SSH Connection
  • Securing a Switch

Network Applications

  • Network Application Security
  • Configuring Application Control Software
  • Network Application Facts

Switch Security and Attacks

  • Switch Features
  • Securing Network Switches
  • Switch Security Facts
  • Switch Attacks
  • Use SMAC to Spoof MAC Addresses
  • Spoof MAC Addresses with SMAC
  • Switch Attack Facts
  • Hardening a Switch

Using VLANs

  • VLAN Facts
  • Configuring VLANs

Router Security

  • Router ACLs
  • Router Security Facts
  • Configuring ACLs

Chapter 6: Identity, Access and Account Management

Access Control Models

  • Identity and Access Management
  • Authentication, Authorization and Accounting
  • Access Control Facts
  • Access Control Best Practices
  • Access Control Models
  • Implementing Dynamic Access Control


  • Authentication
  • Authentication Methods
  • Biometrics and Authentication Technologies
  • Using a Biometric Scanner
  • Using Single Sign-on


  • Cumulative Access
  • Authorization Facts
  • Examining the Access Token

Windows User Management

  • Windows Operating System Roles
  • Using Local User Accounts for Sign-in
  • Join a Workgroup
  • Using Online User Accounts for Sign-in
  • Using Domain User Accounts for Sign-in
  • Using Azure AD User Accounts for Sign-in
  • Windows User Management Facts

Active Directory Overview

  • Joining a Domain
  • Managing Active Directory Objects
  • Active Directory Facts
  • Group Policy
  • Using Group Policy

Hardening Authentication

  • Configuring User Account Restrictions
  • Configuring Account Policies and UAC Settings
  • Hardening User Accounts
  • Hardening Authentication Facts
  • Configuring Smart Card Authentication
  • Smart Card Authentication Facts

Linux User

  • Linux User and Group Overview
  • Managing Linux Users
  • Linux User Commands and Files
  • Linux User Security and Restrictions
  • Configuring Linux User Security and Restrictions

Linux Groups

  • Managing Linux Groups
  • Linux Group Commands

Remote Access

  • Remote Access Facts
  • Configuring a RADIUS Solution
  • RADIUS and TACACS+ Facts

Network Authentication

  • Network Authentication Protocols
  • Network Authentication Facts
  • LDAP Authentication
  • Kerberos Authentication
  • Controlling the Authentication Method
  • Credential Management

Chapter 7: Cryptography and PKI


  • Cryptography Concepts
  • Symmetric vs Asymmetric Encryption
  • Cracking a Symmetric Encryption Key
  • Cryptography Algorithm
  • Blockchain
  • Use Steganography to Hide a File
  • Cryptographic Attacks

Cryptography Implementations

  • Cryptography Uses and Limitations
  • Combining Cryptographic Methods
  • Hardware-Based Encryption Devices
  • Cryptographic Implementation Facts


  • Hashing Algorithms
  • Hashing Facts
  • Using Hashes

File Encryption

  • Encrypting File System
  • Securing Files using EFS
  • PGP and GPG
  • Encrypting Files with GPG
  • BitLocker and Database Encryption
  • Configuring BitLocker
  • File Encryption Facts

Public Key Infrastructure

  • Public Key Infrastructure
  • Certificate Types
  • Manage Certificates
  • Extended Validation
  • Certificate Concepts

Chapter 8: Wireless Threats

Wireless Overview

  • Wireless Networking Overview
  • Wireless Installation
  • Wireless Networking Facts
  • Configuring a Wireless Connection

Wireless Attacks

  • Wireless Attacks
  • Using Wireless Attack Tools
  • Crack Wi-Fi Encryption with Aircrack-ng
  • Detecting Rogue Hosts

Wireless Defenses

  • Wireless Security
  • Wireless Authentication and Access Methods
  • Wireless Authentication and Access Methods Facts
  • Hardening a Wireless Access Point
  • Harden a Wireless Network
  • Configure WIPS
  • Configuring a Captive Portal

Chapter 9: Virtualization, Cloud Security and Securing Mobile Devices

Host Virtualization

  • Host Virtualization Overview
  • Load Balancing with Virtualization
  • Virtualization Facts
  • Creating Virtual Machines
  • Managing Virtual Machines
  • Adding Virtual Network Adapters

Virtual Networking

  • Virtual Network Devices
  • Configuring Virtual Network Devices
  • Virtualization Implementation Facts
  • Virtual Networking Facts

Software-Defined Networking

  • Software-Defined Networking Basics
  • SDN Infrastructure and Architecture

Cloud Services

  • Cloud Services Introduction
  • Enhancing Cloud Performance
  • Cloud Computing Security Issues
  • Cloud Computing Facts
  • Cloud Storage Security Facts

Cloud Security

  • Cloud Security Controls
  • Cloud Security Solutions

Mobile Devices

  • Mobile Device Connection Methods
  • Mobile Device Connection Facts
  • Enforcing Mobile Device Security
  • Enforcing Security Policies on Mobile Devices
  • Sideload an App

Mobile Device Management

  • Mobile Device Management Facts
  • Enroll Devices and Perform a Remote Wipe
  • Enrolling Non-Windows Devices
  • Mobile Application Management Facts

BYOD Security

  • BYOD Security Issues
  • BYOD Security Facts
  • Securing Mobile Devices
  • Secure an iPad
  • Creating a Guest Network for BYOD

Embedded and Specialized Systems

  • Embedded and Specialized Systems
  • Smart Home
  • Constraints and Security of Embedded Devices
  • Communication of Embedded Systems
  • Embedded and Specialized Systems Facts

Chapter 10: Securing Data and Applications

Data Transmission Security

  • Secure Protocol Facts
  • Adding SSL to a Website
  • IPsec

Data Loss Prevention

  • Data Loss Prevention Facts

Web Application Attacks

  • Web Application Attacks
  • XSS and CSRF Attacks
  • Injection Attacks
  • Header Manipulation
  • Zero Day Application Attacks
  • Client-Side Attacks
  • Web Browser Threats
  • Web Browser Security Facts
  • Preventing Cross-Site Scripting
  • SQL Injections
  • Exploit SQL on a Web Page
  • Web Application Attack Facts

Application Development and Security

  • Development Life Cycle
  • Automation and Scripting
  • SDLC and Development Facts
  • Version Control Management
  • Secure Coding Concepts
  • Application Hardening
  • Application Development Security Facts
  • Hardening Applications on Linux
  • Implement Application Whitelisting with AppLocker
  • Implement Data Execution Preventions
  • Hardening Applications Facts

Chapter 11: Security Assessments

Penetration Testing

  • Penetration Testing Facts
  • Exploring Penetration Testing Tools

Monitoring and Reconnaissance

  • Network Monitoring Facts
  • Performing Port and Ping Scans
  • Reconnaissance
  • Performing Reconnaissance
  • Perform Reconnaissance with Nmap
  • Perform Reconnaissance with the Harvester
  • Reconnaissance Facts

Intrusion Detection

  • IDS Facts
  • Use Squil and Squert
  • Implement Intrusion Detection and Prevention

Security Assessment Techniques

  • Vulnerability Assessment Facts
  • SIEM and SOAR Facts
  • Conduct Vulnerability Scans
  • Scanning a Network with Nessus

Protocol Analyzers

  • Protocol Analyzer Facts
  • Analyzing Network Traffic

Analyzing Network Attacks

  • Analyzing Network Attacks Facts
  • Performing ARP Poisoning
  • Performing DNS Poisoning
  • Performing a SYN Flood
  • Examining DNS Attacks
  • Malicious Code Facts

Password Attacks

  • Password Attack Facts
  • Using Rainbow Tables
  • Crack Passwords
  • Crack Password Protected Files

Chapter 12. Incident Response, Forensics and Recovery

Incident Response

  • Incident Response Process
  • Incident Response Frameworks and Management

Mitigation of an Incident

  • Reconfigure and Protect Endpoints
  • Isolate and Containment Facts

Log Management

  • Security Information and Event Management
  • SIEM and Log Management Facts
  • Monitoring Data and Metadata
  • Saving Captured Files with Wireshark
  • Use Elasticsearch Logstash Kibana
  • Use NetworkMiner
  • Configuring Remote Logging on Linux
  • Logging Events on pfSense

Windows Logging

  • Windows Event Subscriptions
  • Configuring Collector-Initiated Subscriptions
  • Configuring Source-Initiated Subscriptions
  • Logging Events with Event Viewer

Digital Forensics

  • Forensic Documentation and Evidence
  • Forensic Acquisition of Data
  • Forensic Tools
  • Create a Forensic Drive Image with FTK
  • Create a Forensic Drive Image with Guymager
  • Create a Forensic Drive Image with DC3DD
  • Examine a Forensic Drive Image with Autopsy
  • Forensic Data Integrity and Preservation
  • Forensic Investigation Facts

File and Packet Manipulation

  • Manipulating Files
  • 12.6.3 Shells and Scripting
  • Packet Capture Manipulation
  • Use TcpReplay
  • Packet Capture Facts


  • Redundancy Facts
  • RAID
  • Implementing RAID
  • Configure Fault-Tolerant Volumes
  • Hardware Clustering
  • Clustering Facts

Backup and Restore

  • Backup Types
  • Backup Storage Options
  • Configure Network Attached Storage
  • Implementing File Backups
  • Demo Recovering Files
  • Backup a Domain Controller
  • Restoring Server Data from Backup

Chapter 13: Risk Management

Organizational Security Policies

  • Personnel Policies
  • Managing Third Parties
  • Data Protection and Policies
  • Credential and Organizational Policies

Risk Management

  • Risk Types and Tolerance
  • Analyzing Risks
  • Business Continuity Planning


  • Email Security
  • Protecting a Client from Spam
  • Securing an Email Server
  • Securing Accounts on an iPad

Chapter 14: Governance and Compliance


  • Audit Facts
  • Auditing the Windows Security Log
  • Auditing Device Logs
  • Enable Device Logs

Controls and Frameworks

  • Control Categories and Types
  • Security Frameworks

Sensitive Data and Privacy

  • Consequences of Breaches
  • Information Classification
  • Privacy and Responsibility of Data
  • Data Destruction
  • File Shredding and Hard Drive Wiping