// Free SecOps Learning · Powered by Red Canary

Resources for defenders in training

A curated field library from Hacker-Labs.org by Tutelr Infosec — endpoint security fundamentals, MDR demo videos and real-world case studies to pair with your hands-on labs.

// Cybersecurity 101

What is endpoint security?

Endpoints — laptops, servers, phones, IoT — are the doors into your environment. Endpoint security is the lock, the deadbolt and the 24×7 guard. This guide covers the fundamentals every operator should know.

What endpoints are

Any device that connects to and exchanges data with a network — desktops, laptops, phones, servers, workstations, IoT devices and virtual machines.

Why they're targeted

Massive surface area, human error, unpatched software and sensitive local data make endpoints the highest-ROI target for financially motivated adversaries.

Why protection matters

Endpoint protection reduces breach risk, minimizes downtime and prevents the cascading financial and reputational damage of a successful intrusion.

Types of endpoint threats

Phishing

Tricks users into clicking malicious links, opening attachments, or handing over credentials.

Drive-by compromise

Silent downloads that plant malware when a user visits a compromised page.

Malware

Viruses, worms and spyware that steal data, disrupt operations or launch follow-on attacks.

Ransomware

Encrypts endpoint data and extorts payment for decryption — often paired with data theft.

Vulnerability exploitation

Unpatched software is a doorway; attackers exploit known CVEs for initial access.

Account compromise

Weak passwords, reuse and sharing lead directly to credential abuse.

Supply-chain compromise

Third-party vendors and updates weaponized to reach your network.

Remote-access abuse

Improperly secured RDP, VPN and RMM tooling exploited for hands-on-keyboard access.

Best practices

Harden devices

Antivirus, EDR agents, host firewalls and rigorous patching across every OS and firmware.

Empower users

Ongoing phishing awareness, clear reporting paths, and least-privilege access reviews.

Enforce cyber hygiene

Strong passwords, MFA everywhere, and disabled legacy auth protocols.

Encrypt everything

Disk, transport and backup encryption for hybrid and remote workforces.

Monitor continuously

24×7 telemetry and behavioral detection — pair EDR with a mature response process.

Stay informed

Subscribe to trusted threat intel, run tabletops, and adapt to new adversary TTPs.

Types of endpoint security solutions

EPP
Endpoint Protection Platform

First line of defense — antivirus, firewall and app control unified to block known threats.

EDR
Endpoint Detection & Response

Behavioral monitoring, investigation and response for suspicious activity beyond signatures.

MTD/MDM
Mobile Threat Defense

Policy enforcement, device posture and mobile-specific threat detection for phones and tablets.

XDR
Extended Detection & Response

Cross-domain correlation across endpoint, identity, network and cloud telemetry.

MSSP
Managed Security Service Provider

Outsourced product operations and alert triage across many tools.

MDR
Managed Detection & Response

Expert-run SOC on top of your EDR — investigation, containment and remediation, 24×7.

Selecting an endpoint security tool — the questions to ask

  1. 01Why are you investing in endpoint security — visibility gap, compliance, or stopping active threats?
  2. 02What expertise and staffing does the tool actually require to operate?
  3. 03What is the business impact and rollout complexity across your fleet?
  4. 04Which OSes, platforms and architectures must it cover?
  5. 05How deep is the telemetry — process, file, network, identity, cloud?
  6. 06How does prevention integrate with detection — one agent or many?
  7. 07How are threats detected — signatures, behavior, ML, human analysts?
  8. 08What response actions are built-in — isolate, kill, roll-back?
  9. 09What reporting and metrics ship out of the box?
  10. 10Which SIEM, SOAR and IT tools does it integrate with?
  11. 11What is the performance footprint on endpoints?
  12. 12How does the vendor secure the agent and its cloud backend?
  13. 13What support tier and response SLAs are included?

// Field reports

Real-world case studies

How real security teams detect, contain and recover from active intrusions — read the full library on Red Canary's resources center.

Browse case studies

Hacker-Labs.org by Tutelr Infosec · Powered by Red Canary

Educational excerpts adapted from Red Canary's public Cybersecurity 101 library. Trademarks and content belong to their respective owners.