Hands-On Code signing
RCCE students will learn code signing implementation and management including certificate management, signing key protection, timestamp services, revocation procedures, and signature verification. RCCE students will learn to implement code signing for applications, scripts, and container images, manage signing keys using hardware security modules and key management services, configure certificate lifecycle management including rotation and revocation, verify code signatures in deployment pipelines, detect and respond to unauthorized code signing, implement code signing policies across development teams, and integrate code signing into automated build and release workflows. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Starting from foundational concepts, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Hands-On Code signing
- Execute hands-on tasks for hands-on code signing
- Execute hands-on tasks for implementation, management & security
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for core skills
- Execute hands-on tasks for advanced skills — covering unauthorized code signing events.
- Execute hands-on tasks for what is code signing
- Execute hands-on tasks for why it matters — covering Cryptographic process binding identity to code, Proves code origin (authentication).
- Execute hands-on tasks for cloud native
- Execute hands-on tasks for scripts & packages — covering Windows Authenticode, Container image signing, PowerShell script signing.
- Execute hands-on tasks for windows authenticode — covering Container image signing, PowerShell script signing.
- Execute hands-on tasks for android apk signing — covering Container image signing.
- Execute hands-on tasks for industry requirements — covering Driver signing required by modern OS kernels.
| Module 01 | Hands-On Code Signing |
| Module 02 | Implementation, Management & Security |
| Module 03 | Learning Objectives |
| Module 04 | Core Skills |
| Module 05 | Advanced Skills |
| Module 06 | What Is Code Signing |
| Module 07 | Why It Matters |
| Module 08 | Cloud Native |
| Module 09 | Scripts & Packages |
| Module 10 | Windows Authenticode |
| Module 11 | Android APK signing |
| Module 12 | Industry Requirements |
| Module 13 | Cryptographic Foundations |
| Module 14 | Asymmetric Algorithms |
All hands-on labs run on Rocheston Rose X OS. Students practice hands-on code signing by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for hands-on code signing
- Lab 2: Execute hands-on tasks for implementation, management & security
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for core skills
- Lab 5: Execute hands-on tasks for advanced skills
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Hands-On Code signing, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI