Linux Threats and Detection
RCCE students will learn Linux endpoint security including OS hardening, kernel security modules, filesystem permissions, SSH hardening, service management, and Linux audit subsystem configuration. RCCE students will learn to harden Linux operating systems following CIS Benchmarks, configure SELinux and AppArmor policies, implement secure filesystem permissions and access controls, harden SSH configurations and key management, manage systemd services and minimize attack surface, configure the Linux audit subsystem for security event collection, detect and investigate Linux-based attacks including privilege escalation, rootkit installation, and persistent backdoors, and manage Linux security patching. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing Linux Threats and Detection
- Build detections and response workflows for privilege escalation
- Explain Course Overview and Objectives fundamentals
- Execute hands-on tasks for course scope
- Execute hands-on tasks for learning outcomes — covering Linux endpoint security fundamentals, Harden Linux following industry standards.
- Execute hands-on tasks for threat-informed mindset — covering Think like adversaries to build robust defenses.
- Execute hands-on tasks for linux security landscape
- Execute hands-on tasks for threat growth
- Execute hands-on tasks for attack surface
- Execute hands-on tasks for defense imperative — covering Linux servers host 96% of.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for applications & services
| Module 01 | Linux Threats and Detection |
| Module 02 | Hardening, Detection, and Defense for Linux Operating Systems |
| Module 03 | Course Overview and Objectives |
| Module 04 | Course Scope |
| Module 05 | Learning Outcomes |
| Module 06 | Threat-Informed Mindset |
| Module 07 | Linux Security Landscape |
| Module 08 | Threat Growth |
| Module 09 | Attack Surface |
| Module 10 | Defense Imperative |
| Module 11 | Linux Architecture Security Layers |
| Module 12 | Applications & Services |
| Module 13 | User Space (Libraries, Shells, Utilities) |
| Module 14 | System Call Interface |
All hands-on labs run on Rocheston Rose X OS. Students practice linux threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Explain Course Overview and Objectives fundamentals
- Lab 4: Execute hands-on tasks for course scope
- Lab 5: Execute hands-on tasks for learning outcomes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Linux Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI