student@hack3rs:~/learning$ ls -R modules/
Network Security Learning Path
Detailed modules covering foundations, monitoring, vulnerability management, and response improvement. Each topic page includes deep-dive notes, labs, common pitfalls, outputs, and a -> next page path link.
Recommended Starting Paths (By Role)
Start with the curriculum modules below, then use a guided tool path that matches your role. These links jump into the curated path tracks under /learning/tools/paths.
Foundations (Weeks 1-2)
- 1 TCP/IP, DNS, HTTP, TLS, Routing and Switching Fundamentalsopen module topic 1
Build the protocol literacy needed for defensive work. This module explains how traffic moves, how names resolve, how web sessions are built, and where defenders can observe or control each step.
- 2 Subnetting, NAT, Firewall Policy Logic, and Segmentation Basicsopen module topic 2
Learn how address planning, policy boundaries, and segmentation reduce blast radius and simplify detection. This module turns network structure into a defensive control instead of a routing afterthought.
- 3 Linux and Windows Logging Basics for Defendersopen module topic 3
Introduce host logging as the other half of network defense. This module covers what logs exist, what they are good for, and how to collect enough data for investigations without drowning in noise.
Detection & Monitoring (Weeks 3-6)
- 4 Packet Capture and Protocol Analysis with Wireshark / TSharkopen module topic 1
Develop a repeatable packet-analysis workflow using Wireshark and TShark. Focus on scoping captures, filtering effectively, and turning packet evidence into defensive conclusions.
- 5 Network Security Monitoring with Zeek and Suricataopen module topic 2
Learn how Zeek and Suricata complement each other in a monitoring stack: Zeek for rich telemetry and protocol logs, Suricata for signatures and protocol-aware detections.
- 6 Alert Triage, False Positives, and Detection Tuningopen module topic 3
Build a disciplined triage workflow that improves alert quality over time. This module focuses on evidence gathering, decision hygiene, and tuning detections without destroying coverage.
Vulnerability & Exposure (Weeks 7-8)
- 7 Nmap Scanning Strategy and Safe Validation Workflowsopen module topic 1
Use Nmap as a defensive validation tool rather than uncontrolled scanning. This module emphasizes scope control, authorization, and repeatable workflows for inventory and exposure checks.
- 8 OpenVAS / Greenbone Scanning: Credentialed vs Unauthenticated Scansopen module topic 2
Understand what vulnerability scanners can and cannot tell you, and why credentialed scans are often dramatically more useful for remediation planning than unauthenticated scans alone.
- 9 Exploit-Informed Remediation and Asset Criticality Taggingopen module topic 3
Move from severity-only patching to a risk-based remediation model that considers exploit activity, exposure, privilege, and business impact. This is where vulnerability management becomes operationally useful.
Response & Improvement (Weeks 9-10)
- 10 Incident Response Playbooks Aligned to Recognized Cybersecurity Framework Functionsopen module topic 1
Design incident response playbooks that map to common framework functions (identify, protect, detect, respond, recover) while staying practical for real analysts and operators.
- 11 Threat-Informed Defense Using ATT&CK-Style Technique Mappingopen module topic 2
Use ATT&CK-style mapping to organize detections and identify blind spots by technique, telemetry source, and control layer. The goal is coverage clarity, not checkbox compliance.
- 12 Post-Incident Review, Hardening Backlog, and Detection Coverage Gapsopen module topic 3
Turn incidents into durable improvements by running structured post-incident reviews and converting findings into hardening, logging, and detection backlog items with owners and due dates.
Tool Guides (Detailed Defensive Usage)
Long-form guides for core network security tools with ethical-use guidance, CLI workflows, operational pitfalls, and defensive playbook integration.
Frameworks and Feeds (Decision-Making for Defenders)
This track teaches how to prioritize work, build a practical baseline, structure operations with NIST CSF, map detections using MITRE ATT&CK, and learn tools deeply from vendor/community documentation. It fits between core modules and advanced tool usage because it improves judgment, not just command knowledge.