Learn How This
Actually Works.
Four rooms covering the tools and concepts I use at work. Built for people who want to understand what is happening under the hood, not just pass a certification exam.
SIEM & Detection Engineering
How to build a detection pipeline that catches real threats. Full Wazuh + Elastic setup, writing your own detection rules, and learning how to triage and hunt.
- Installing and configuring Wazuh + Elastic
- Writing detection rules and Sigma rules
- Log correlation and alert logic
- Triage workflow from alert to incident
- Threat hunting inside your own data
Windows OS Fundamentals
Windows is the dominant target in most environments. This room covers the internals you need to understand to defend it and recognize when something is wrong.
- Windows event log deep-dive
- Active Directory attack paths
- Group Policy security hardening
- PowerShell for forensic analysis
- Understanding Defender and AMSI
Linux OS for Cybersecurity
Servers run Linux. Attacker tooling runs on Linux. Most detection gaps I have seen in the field are on systems people assumed were safe by default.
- File system layout and permissions
- SUID, GUID, and privilege escalation paths
- Bash scripting for security automation
- Firewall configuration with iptables
- Log monitoring with auditd and rsyslog
Networking for Security
Most attacks move over a network. If you do not understand the protocols, you will miss the indicators. This room covers what actually matters for detection and defense.
- TCP/IP, UDP, and reading packet captures
- How DNS, HTTP, and TLS get abused
- Network segmentation and VLAN strategy
- Wireshark for practical traffic analysis
- Firewall rules, IDS, and IPS concepts