Linux & Cybersecurity Lab

Every Linux journey starts with three commands: `pwd` (where am I?), `ls` (what's here?) and `cd` (go somewhere). Try `pwd` to print your current directory, then `ls -la` to list everything including hidden files. Use `cd notes` to enter a folder and `cd ..` to go back up.

`cat` prints a whole file. For big files use `head` (first lines) and `tail` (last lines). Search inside files with `grep`. Try `cat welcome.txt`, then `grep linux notes/linux-basics.md` to find a word.

Security rests on three pillars — Confidentiality, Integrity, Availability. Every control you'll ever deploy protects at least one of them. As a SOC analyst, most alerts map to a threat against one pillar: data theft (C), tampering (I), or denial of service (A).

Services listen on ports: HTTP on 80, HTTPS on 443, SSH on 22. A TCP connection opens with a three-way handshake: SYN → SYN/ACK → ACK. Knowing default ports lets you read a packet capture or a scan result at a glance.