Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Advanced · modules
Modules tagged Advanced. Use the sidebar to narrow by track or topic.
Mutual TLS and Service Identity at the Network Layer
What mTLS provides Each side of the connection presents a certificate. Both verify the other’s certificate against trust chain. Traffic encrypted with negotiated keys. Identity bound cryptographically to the endpoint. This eliminates network-position-based trust: “you’re inside the firewall, so I trust you” becomes “you have a valid certificate from our CA, so I trust you.” […]
Network Forensics — PCAP, NetFlow, Zeek
The network-forensics evidence layers Layer What it shows Full PCAP Every byte of every packet NetFlow / IPFIX / sFlow Conversation summaries (src, dst, bytes, duration) Zeek / Bro logs Protocol-decoded conversation logs DNS / Proxy logs Application-layer name resolution / web access Firewall logs Connection accept / deny events Each layer trades storage for […]
IPv6 Security in Modern Networks
The IPv6 attack surface The single most common Indian enterprise issue: IPv6 enabled on endpoints / VMs by default, no explicit IPv6 security controls. Dual-stack hosts get IPv6 addresses, IPv4 firewalls don’t see the traffic, attack-paths become invisible. The recurring IPv6-specific issues Link-local addresses: every host has fe80::/10. No DHCP needed; auto-configuration via SLAAC. Attacker […]
SD-WAN and SASE Architecture
The traditional WAN vs SD-WAN Traditional SD-WAN MPLS private circuits Internet underlay with overlay tunnels All branches → HQ → internet Local internet break-out at branches Static routing Dynamic policy-driven path selection High cost per Mbps Internet-economics pricing SASE — the convergence SASE = SD-WAN + cloud-delivered security stack: SWG (Secure Web Gateway): web traffic […]
Initial Access — Modern Techniques in 2026
The initial-access categories Phishing: targeted email with malicious link or attachment. Valid accounts: stolen / purchased credentials; password spray. Exposed services: VPN, RDP, web-app vulnerabilities. Supply chain: compromise a vendor; reach the target. Drive-by compromise: malicious website; user visits and is compromised. Removable media: USB drops, infected media. Modern phishing — beyond Office macros Microsoft […]
Living-off-the-Land Binaries (LOLBins) Mastery
Why LOLBins matter Binary is signed by Microsoft — passes signature checks. Binary is present on every Windows host — no payload to drop. Binary’s normal use is legitimate — context-aware detection required. Operators chain LOLBins to perform attacker workflows entirely with native tools. The LOLBAS project LOLBAS (lolbas-project.github.io) is the community-maintained catalogue of LOLBins, […]
Beyond Cobalt Strike — Sliver, Mythic, Brute Ratel, Havoc
The C2 landscape Framework Licence Notes Cobalt Strike Commercial (Fortra) Industry standard; highly detected Sliver Open-source (Bishop Fox) Go-based; mTLS / DNS / WireGuard transport Mythic Open-source Modular agent framework; multiple agents Brute Ratel Commercial Newer; modern evasion features Empire / Starkiller Open-source PowerShell-centric; widely detected Havoc Open-source Modern; community-active Why teams move beyond Cobalt […]
Adversary Emulation Plans — TTPs from Threat Intel to Engagement
Why emulate vs. just pentest Generic pentests find generic findings. Adversary emulation tests whether you can withstand the specific groups that target your industry / geography: APT29 / Cozy Bear for government / defence. FIN7 / FIN8 for retail / hospitality. APT41 for telecom and travel. Specific groups targeting Indian financial sector. The sources MITRE […]
Purple Team — Operationalising Adversary Emulation
Red vs purple — what differs Red team Purple team Adversary emulation, blue blind Adversary emulation, blue collaborating Goal: demonstrate impact Goal: improve detection Output: detailed report; blue may not see techniques used Output: detection rules + visibility-gap remediation Annual or quarterly engagement Continuous or monthly cadence The purple-team operating model Red team executes a […]
Threat Hunting Operationalised — Hypotheses, Pivots, Dashboards
What threat hunting is Proactive search for adversary presence based on hypothesis, not alert. The defender assumes a sophisticated attacker may already be present and searches for traces that current detection rules would miss. The hunt cycle Hypothesis: state what you’re looking for. “Adversaries may be using WMI for lateral movement.” Data sources: identify what […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.