Luca Vaudano's Blog

Getting Started in Security Notes

I recently completed John Strand's 16-hour cybersecurity course offered through Antisyphon Training, and I wanted to share my notes as a resource. The course is "Getting Started in Security with BHIS and MITRE ATT&CK with John Strand". It is all about real-world techniques to defend against cyber threats.
In my Closing Thoughts paragraph (spoilers ahead!) I've written:

"I can confidently say that John is an exceptional teacher. Learning from someone at the top of their field, for free, was an incredible experience. John's closing thought, “At Antisyphon Training we wanted to change the game and we did it”, beautifully captures their mission. [...]
I want to personally thank John Strand for being an incredible tutor. Though I've only experienced his teaching through YouTube, his caring nature, enthusiasm, and empathy shine through in every lesson. His approach to education makes complex security concepts accessible to everyone."


This blog post contains my course notes (80 pages), which I'm sharing both for accountability in my learning journey and to provide a resource for others who want to follow his course. Below you'll find the full introduction section from my notes, which explains the course structure and content. For convenience, I've also included a downloadable PDF version at the end of this post.

Introduction

Looking for cybersecurity training online can be tough. There are incredible platforms available today. One of them is Antisyphon Training and their “Pay-what-you-can” courses. Some of them are taught by John Strand, in my opinion they provide incredible value. The courses are available on YouTube as live stream (if you read something written by me, you may recognize that this is my primary source of information). This 16-hour course is designed for people who are new to computer security, but is surely a good refresher of concepts and a deep-dive into areas one might have overlooked. Strand focuses on what he defines as the "Atomic Controls"—11 fundamental strategies every organization needs to defend against modern cyber threats. Unlike traditional training that drowns students in arcane technical details, this course focuses ruthlessly on what actually works: real-world techniques for repelling and detecting attackers. By being accountable and goal-oriented, I wanted to share my notes on this course, filled with John’s bite-sized life lessons and incredible anecdotes. Here’s how this course is divided and for each day the YouTube link video:

  1. Day 1:
    • Windows CLI
    • AppLocker
    • Password Cracking
    • Password Spraying
  2. Day 2:
    • Firewall Log
    • Rita & AC Hunter
    • DeepBlueCLI
    • Sysmon
  3. Day 3:
    • Atomic Red Team
    • Blue Spawn
    • Velociraptor
  4. Day 4:
    • Nmap
    • Allow listing
    • Vulnerability Management

This is based on the November 2024 course, being a recurrent course I strongly recommend following the latest one. Note that I used the local VM and not the cloud-based one featured in the video course. If you want to use your local machine as I did, here’s the link for the instructions. Additionally, I forked the original Intro Class repository by John Strand on my Github, available at this link, note that the repo John uses in the video series is this one (IntroLabsRemastered by KAISERaustin). I used the first one as reference, to my understanding the second one is more aligned with the cloud VM users.
This has been my longest blog project to date, spanning from December 4th to March 2nd. Most lab sections will include direct information from the GitHub repository files, along with my notes about each lab's scope and execution. I hope these notes will be used as a reference and maybe help someone along the way.


To make it easier for you to access and use these notes, I've compiled them into a downloadable PDF. You can download the complete notes here.