Week 2 — Day 13: Runtime Security with Falco
A full walkthrough of Falco — syscall-based runtime threat detection for containers and Kubernetes, writing custom rules, and forwarding alerts to Slack or a SIEM.
A full walkthrough of Falco — syscall-based runtime threat detection for containers and Kubernetes, writing custom rules, and forwarding alerts to Slack or a SIEM.

A full walkthrough of Kubernetes RBAC, Pod Security Standards, Network Policies, and service account hardening — securing your cluster beyond just the application layer.

WEEK 5 Antivirus Evasion & Privilege Escalation (Part 1)
Chapter 3 of Linux Shell Scripting Cookbook — file creation, permissions, comparison, navigation, and filesystem operations

A full walkthrough of Trivy — scanning container images, filesystems, Git repos, and IaC files for vulnerabilities and misconfigurations, plus integrating it into GitHub Actions.
A full walkthrough of Docker security hardening — non-root users, read-only filesystems, dropped capabilities, multi-stage builds, minimal base images, and Docker Bench for Security.

A full walkthrough of HashiCorp Vault — architecture, secrets engines, auth methods, dynamic secrets, and hands-on usage for multi-cloud and on-prem secrets management.

A full walkthrough of AWS Secrets Manager and SSM Parameter Store — how to store, rotate, and retrieve secrets securely without hardcoding credentials anywhere.

A full walkthrough of AWS WAF for application-layer filtering and AWS Shield for DDoS protection — how they work, how to configure them, and how they fit into your defense stack.
Test your enumeration skills on this boot-to-root machine.