restart

Week 1

Day 1

Administration
Details about the Internet / architecture
Who are you?
What is the cloud?
Cloud vs On-Premises (On-Prem) and Hybrid
Service Types: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS)
Operating System overview
Version Control Basics & GitHub
Using Discord
Installing Python & Visual Studio Code

Day 2

Hardware & Brief history of computers
CPU (Cores/Threads)
RAM / Memory
GPU (lots of cores)
SSD/HDD
Choosing components when building or deploying a server
Cloud Pricing: AWS Pricing Calculator

Day 3

Operating Systems: History, UNIX family: Linux, BSD, MacOS, Android, iOS, Windows
Virtualization, Virtual Machines, and AMIs (Amazon Machine Images)
Databases: Relational (SQL) and Non-relational (NoSQL)
Shared Responsibility Model Basics
Object Storage (S3 / Simple Storage Service)
x86 vs ARM (in light details)
ping, traceroute / tracert
EC2 Lab - Deploying a virtual machine

Day 4

Networking Basics (IPv4)
Ports Basics
HTTP & Request/Response basics
Firewalls (The concept)
Python interpreter & HTTP module
EC2 Lab Continued - Connecting to it

Week 2 Topics

Day 1

Virtualbox & Virtual Machines
Linux Kernel Overview
Shells
Directory Structure
Basic Commands: man, ls, cd, pwd, mkdir
Using sudo
Package Management (yum, apt, and others)

Day 2

More Basic Commands: touch, cat, more, less, head, tail, cp, rm, mv, rmdir, find
Piping data with |
Creating files (file redirection) with >
Text Editors: vim basics, nano, and mention of gedit/visual studio code
Understanding output of --help and arguments from manpages.
Contents of /sbin directory
Symbolic Links
CommandLineFu.com

Day 3

Working with jobs: Ctrl-Z (suspend), fg, bg, jobs
Working with users/groups
Understanding /etc/passwd
Filesystem Hierarchy Standard - /bin, /boot, /dev, etc.

Day 4

File Permission basics with chmod and chown.
Understanding the output of ls -al
Managing Processes with ps, top, htop, grep, kill
Signals (man signal)
Systemd and services with systemctl.
Networking basics with ip (and the older/deprecated ifconfig)
Log files and /var.
Modern Unix Replacements

Week 3

Day 1

Core Topics

Basics of using Bash
Setting the PATH environment variable and how it works.
Creating/removing aliases in Bash with the alias and unalias commands.
Listing environment variables with env and setting them with export.
Using which to get location of a commands.
echo,
Accessing a variable e.g. echo $HOME
Installing git & fzf
Running scripts from ./
Making a file executable with chmod +x

Supplementary Topics

Day 2

Core Topics

Reading and writing Bash/shell scripts.
Running commands with $( ) e.g. $(whoami).
File permissions with chmod using symbolic (u+x, g-rw, o+rwx, ug-x, etc.) or octal (700, 444, 111, etc.) notation.
Conditionals with if, elif, and else.
Persisting aliases and changes to PATH by editing .bashrc.
Using curl.

Supplementary Topics

Day 3

Core Topics

Base-10 (Decimal) Revision, Base-8 (Octal), Base-16 (Hexadecimal/Hex), and Base-2 (Binary)
Know how to count to 16 in binary and hex.
Converting between bases
ASCII
Networking Concepts: Modems, Routers, Switches
Internet Protocol (IPv4 & IPv6)
TCP & UDP (Connection vs Connectionless)
Ports
IP Subnetting Basics (History & Classful Addressing)
Signed vs Unsigned numbers
Integer Overflows (and the Gangnam Style viewcount bug)
Example of integer overflow (just for demonstration purposes, you don't need to know C for the course)

#include <stdio.h>
#include <unistd.h>

int main() {  // Press Ctrl-C to exit if it gets stuck looping forever.
  //int counter = 0;  // Example of how the counter should work without an overflow.
  //unsigned char counter = 0; // 8-bit. Resets to 0 when it overflows above 256.
  char counter = 0;  // 8-bit. Overflows to -128 when it overflows.

  for (counter = 0; counter <= 300; counter++) {
    printf("Value: %d\n", counter);

    // Sleep for 50 milliseconds.
    usleep(50 * 1000);
  }
}

Supplementary Topics

Software Bugs: Y2K, Knight Capital, 787 Dreamliner overflow, 737 MAX, Mars Orbiter, 2038 Bug (Epochalypse)
What packets look like in tcpdump.
What files look like in a hex viewer (such as xxd or hexyl)
Basics of how a disassembler works.

Day 4

Core Topics

Line Endings (LF aka 0x0a on Linux/MacOS, vs CRLF aka 0x0d0a on Windows)

00000000: 7468 6973 2069 730a 610a 7465 7374 0a74  this is.a.test.t
00000010: 6f0a 7365 650a 6966 0a6c 696e 6566 6565  o.see.if.linefee
00000020: 6473 0a61 7265 0a73 7469 6c6c 0a62 7567  ds.are.still.bug
00000030: 6765 640a 696e 0a6e 6f74 6570 6164 0a    ged.in.notepad.

vs

00000000: 7468 6973 0d0a 6973 0d0a 616e 6f74 6865  this..is..anothe
00000010: 720d 0a74 6573 740d 0a6f 660d 0a6e 6577  r..test..of..new
00000020: 6c69 6e65 0d0a 6368 6172 6163 7465 7273  line..characters

DHCP vs Static IPs (Basics)
Public vs Private IP Addresses - Private Network
Network Address
Default Gateway
Broadcast Address
Classless Inter-Domain Routing (CIDR) (/14, /24 etc)
Regional Internet Registries (RIRs, ARIN, RIPE, APNIC, AFRINIC, LACNIC)
Internet Assigned Numbers Authority (IANA)
Interpreting data from whois.
Country-Code Top-Level Domains (ccTLDs)
OSI Model & TCP Model Basics
DNS Basics (A-record, converts domain name to IP address)

Supplementary Topics

Week 4

Day 1

Core Topics

Revision
More CIDR & Subnetting
VPC Basics

Supplementary Topics

Day 2

Core Topics

Boolean Algebra Basics (AND, OR, and NOT)
More Networking & Subnetting
An IP address is just a 32-bit integer. e.g. http://2899908654/ and http://0xacd9182e/
Using netstat to show active connections.
Security - Network Discovery (nmap)
Router settings: DHCP, Subnets, Route Tables, NAT (Network Address Translation) & Ports

Supplementary Topics

None, just practice the labs on Canvas.

Day 3

Core Topics

Cyber Kill Chain (Overview)
Vulnerabilities
Risk & Security Trade-offs
Responsible Disclosure
Bug Bounties & HackerOne
Zero-days / 0days.
APT Groups
White, grey, and black hats.
Red (Offense) & Blue (Defense) Teams
Social Engineering Attacks
VPC Subnetting Lab

Supplementary Topics

Day 4

Core Topics

CIA Triad - Confidentiality, Integrity, Availability
Encryption Basics. Classical ciphers (rot13/Caesar cipher), brief mention of AES.
At-rest vs In-transit
Hashing
Password Managers (BitWarden, LastPass, KeePass, etc)
Storing Passwords: Salting & Pepper. Why MD5 is bad, why bcrypt, scrypt, and Argon2 are good.
Identifying Fraudulent Emails - FBI's mailserver hacked a few days prior
MD5 and its problems (fast & collisions)

Supplementary Topics

Week 5

Day 1

Core Topics

TryHackMe
Bruteforcing: icloud & instagram bugs
Estimation of time required to bruteforce all 10-char passwords
Analysis of an attack. Spammer using an open mailing form to send spam. Analyzing webserver logs to identify spammer.
Question about people who fall for scam apps. Techniques to identify scams.
CVE
ATT&CK & D3FEND
SecLists on GitHub - Leaked Passwords
Encoding / Decoding
How to create a hash of something in Python using hashlib

Day 2

Core Topics

Python - Writing a small password strength checking program
Control Flow (if/elif/else)
Functions
Modules

Supplementary Topics

Day 3

Core Topics

More Python
Containers: Lists, Tuples, Dictionaries
Javascript/Node Basics: Variables/Lists (arrays) and surface similarity with Python
How minifying code saves bandwidth.
Debugging
Files (open and close)

Supplementary Topics

Python Cheat Sheet - Basics, Flow Control, Functions, Lists

Day 4

Core Topics

More Python
Loops (for & while)
time.sleep(10)
random library
string library
Python Conventions / Style Guide (PEP8)
Linting

Week 6

Day 1

Core Topics

More Python
Software Licenses
Markdown
Forking & Other GitHub features
with keyword in Python (Known as context managers) for opening/closing resources.
socket library basics and how network services communicate
File Descriptors and the /proc/<process_id>/fd directory.

Day 2

Core Topics

More Python
/etc/hosts and /etc/resolv.conf
os module and dangers of using os.system(...)
Virtual Environments (venv module)
JSON basics
Exception Basics - Creating and raising a custom exception
netstat Basics

Supplementary Topics

Python Module Of The Week - PyMOTW

Day 3

Core Topics

More Python & how network services work
More JSON
Using FastAPI to create an API
DevOps

Supplementary Topics

HackerNews
GitHub Student Developer Pack - Link GitHub with your @myunitec.ac.nz email address.
roadmap.sh

Day 4

Core Topics

Concurrency/threading basics
Compiling basics (download, unzip, ./configure, make, run) - Compiled Python & redis
Software Testing basics with pytest. Brief example of test driven development
Database Basics (NoSQL)
Basics of using redis

Supplementary Topics

Try redis

Week 7

Day 1

Core Topics

SQL Basics
Data Manipulation Language (DML): SELECT, FROM, WHERE, ORDER BY, Comments
INNER JOIN basics
Date ranges with BETWEEN

Supplementary Topics

StackShare.io

Day 2

Core Topics

Using SQL with SQLite (Vocareum labs were down)
SQLite Browser
Sakila Database File - SQLite version - Download the sakila.db file.
Making queries with Python's sqlite3 module
Creating an API that talks to a database with FastAPI.

Supplementary Topics

None today. See main.py in this repo.

Day 3

Core Topics

Entity-Relationship Diagrams
Database Diagrams (and relationships)
Database Normalization
ACID
SQL: INSERT
Amazon RDS (Brief mention)
Continued building API with FastAPI & SQLite with sakila database.

Supplementary Topics

Day 4

Core Topics

OOP Basics
Amazon RDS
MariaDB & PostgreSQL
Finishing up API server (deploy to EC2)
Using scp.

Supplementary Topics

Design Pattern Basics

Week 8

Day 1

Core Topics

Assignment Review
Bad Bugs that occurred over the break: Y2K22, Log4Shell, CVE-2021-39659 (Emergency Services Broken on Android devices)
Containers
Docker (Basics)

Supplementary Topics

LiveOverflow - Log4Shell

Day 2

Core Topics

Cloud Adoption Framework
Fact Finding Group Exercise
Well Architected Framework

Supplementary Topics

Well Architected Labs - NOTE: Requires AWS Account for most of them so use after the course.

Day 3

Core Topics

Assignment Help
Cloud Practitioner Exam Prep
Anki
Using IAM, S3 & AWS CLI Basics

Supplementary Topics

awscli examples

Day 4

Core Topics

ssh, scp, rsync & public key cryptography revision
iptables basics
More S3 & awscli
HTTP GET/POST revision & Insomnia REST

Supplementary Topics

Week 9

Day 1

Core Topics

PaaS Basics & ElasticBeanstalk
More Docker
Windows Registry
Proxy Servers
Nginx & Reverse Proxies

Supplementary Topics

Day 2

Core Topics

DNS in depth
Registrars, Root Servers, Hosting, Resolvers
ccTLD, gTLDs, Internationalized Domain Names & issues with them
whois & dig (again)
Zone Files (basics)
DNS Based Load Balancing (Round-Robin DNS)
NS, A, AAAA, MX, CNAME, SOA, TXT, SPF, PTR records
Load Balancer Types (Application, Network), more detail tomorrow

Supplementary Topics

CloudFlare Learning - DNS

Day 3

Core Topics

Understanding metrics for scaling
Vertical vs Horizontal Scaling
EC2 Instance Types
DB Replicas & Sharding
Route53

Day 4

Core Topics

More Git
Container Basics (ECS, ECR, Fargate)
Lambda Basics

Week 10

Day 1

Core Topics

DNS debugging case study
Load balancer & other AWS services pricing
Popular/common DockerHub images
More containers / Docker
HTML/CSS Basics

Supplementary Topics

DockerCheatSheet.com

Day 2

Core Topics

Amazon Aurora Basics
Docker Compose & container management/orchestration
docker-compose.yml file syntax (services, ports, images)
Getting services/containers to talk to each other
Using a cache

Supplementary Topics

Day 3

Core Topics

More Docker Compose
ElastiCache
Elastic Block Store (EBS) with EC2
EC2 Instance Stores vs EBS
Creating/Attaching
Filesystem Basics, Mounting/Unmounting
lsblk, xxd /dev/xvdf | less, parted -l, mkdir /mnt/mydisk, mount /dev/xvdf /mnt/mydisk, df -h, create files on disk, umount /mnt/mydisk

Supplementary Topics

ElastiCache

Day 4

Core Topics

Storage Types (SSD, Magnetic, Tape)
EBS Volume Types
More on Filesystem & Types
Network File Storage (NFS) Basics & Elastic File System (EFS)
Block Storage vs Object Storage
More S3
Glacier & Archival

Supplementary Topics

Week 11

Public Holiday - No Class on 1st Day of Week

Day 1

Core Topics

Group Exercise review of AWS products for Compute, Storage, Databases, Security, IoT, and Frontend/Web/Mobile
Intro to CloudWatch
Debugging & benefits of logging (example with 2degrees topups & payment providers)
CloudTrail basics