Cybersecurity, learned like a practitioner.

Active Directory Security Advanced Free

Azure AD / Entra ID Attack Surface

Why this module exists. Indian enterprises moved their identity to Microsoft 365 / Entra ID (formerly Azure AD) in waves between 2019 and 2024. Attackers followed. The 2023-25 surge in token-theft and consent-phishing attacks is now the dominant initial-access technique against Microsoft-shop enterprises. Different concepts, different tools, different defenders. How Entra ID is different from […]

Apr 27, 2026 35 min Open

Active Directory Security Advanced Free

DPAPI — Windows Data Protection API Attacks

Why this module exists. DPAPI is how Windows stores “secrets” — Wi-Fi passwords, browser-saved credentials, RDP credentials, OneDrive tokens, certificates. Attackers who understand DPAPI extract dozens of credentials per compromised host. Defenders who don’t understand it can’t tell which alert means “credential theft” vs “noise”. The DPAPI mental model Each Windows user has a master […]

Apr 27, 2026 30 min Open

Active Directory Security Advanced Free

DCSync — Domain Replication Abuse

Why this module exists. DCSync is the technique that lets an attacker dump every credential in your domain — without ever touching a domain controller’s filesystem. It’s not an exploit; it’s a feature being abused. Most AD environments have multiple non-DC accounts that can DCSync, and most defenders don’t know who. The mechanic Active Directory […]

Apr 27, 2026 30 min Open

Active Directory Security Advanced Free

Pass-the-Hash & Pass-the-Ticket

Why this module exists. Pass-the-Hash was first published in 1997. Microsoft has shipped 28 years of mitigations and the technique still works on most enterprise networks. Understanding why it persists, and what actually stops it, is foundational to defending AD. NTLM in 30 seconds NTLM authentication doesn’t transmit the password. The client transmits the NT […]

Apr 27, 2026 35 min Open

Web Application Penetration Testing Advanced Free

Web Cache Poisoning & Deception

Why this module exists. James Kettle’s 2018 “Practical Web Cache Poisoning” Black Hat talk made cache poisoning the bug that goes from “weird HTTP behaviour” to “CDN-served XSS to every user in the country.” The bug class hasn’t gone away; if anything it’s gotten worse with the proliferation of CDNs and edge caching. The mental […]

Apr 27, 2026 40 min Open

Web Application Penetration Testing Advanced Free

OAuth & SSO Authentication Flaws

Why this module exists. OAuth 2.0 and OIDC are the universal authentication layer of the modern web — and the most-misunderstood spec in the industry. The protocol is fine; the implementations are catastrophic. “Sign in with Google”, “Sign in with Apple”, “Sign in with Facebook” — every one of these has had account-takeover bugs in […]

Apr 27, 2026 40 min Open

Web Application Penetration Testing Advanced Free

Server-Side Template Injection (SSTI)

Why this module exists. SSTI almost always becomes RCE. The bug looks innocent — user input ends up in a template — and the impact is full server takeover. Modern frameworks make it harder, but every Indian SaaS that does email templating, custom report rendering, or user-customisable dashboards is exposed. The bug class in one […]

Apr 27, 2026 40 min Open

Networking Advanced Free

Network Forensics — Reading Captures Like a Detective

Network forensics is the art of reconstructing what happened from packets and flow logs after the fact. This module is the practitioner walk-through: chain of custody, the evidence stack (PCAP + Zeek + flow + endpoint), the workflow for a compromise investigation, the most useful

Apr 27, 2026 120 min Open

Advanced Members

Passwordless and FIDO2 Rollout

FIDO2/WebAuthn end-to-end — passkeys vs hardware keys, registration and login flows, account-recovery design, server-side WebAuthn implementation, enterprise rollout sequence.

Apr 26, 2026 80 min Open

Advanced Members

Security Audit Programme and Reporting

Three lines of defence, audit calendar, continuous control monitoring, working papers, common-control framework across ISO/SOC2/PCI/RBI/SEBI, audit-fatigue management.

Apr 26, 2026 80 min Open