Cybersecurity, learned like a practitioner.

Cloud Security Practitioner Advanced Members

Cross-Account Attacks in AWS

Multi-account AWS (or multi-subscription Azure / multi-project GCP) is the norm. Production in one account, staging in another, security tooling in a third, sometimes dozens of accounts across business units. Each cross-account boundary is a potential attack surface — and when misconfigured, a path from one compromised account to many. Why multi-account Blast-radius limitation — […]

Apr 19, 2026 90 min Open

Web Application Penetration Testing Advanced Free

JWT Attacks

JSON Web Tokens (JWT) have become the default authentication token format in modern APIs. They’re compact, stateless, and when implemented correctly, secure. When implemented poorly, they’re a source of authentication bypass and privilege escalation. This module covers JWT structure, common attacks, and the concrete defences. JWT structure header.payload.signature # Base64-decoded example: Header: {"alg":"HS256","typ":"JWT"} Payload: {"sub":"priya","role":"admin","exp":1700000000} […]

Apr 19, 2026 90 min Open

Web Application Penetration Testing Advanced Free

XML External Entity Injection (XXE)

XML External Entity (XXE) injection exploits XML parsers that process references to external entities. A classic vulnerability in XML-consuming applications — SOAP services, document upload features, SAML, configuration parsers. Can lead to file disclosure, SSRF, DoS, and RCE. How XXE works XML supports external entities — references to external resources. When a parser fetches the […]

Apr 19, 2026 90 min Open

Web Application Penetration Testing Advanced Free

Server-Side Request Forgery (SSRF)

Server-Side Request Forgery (SSRF) is a vulnerability where an attacker tricks a server into making HTTP requests on their behalf. In a cloud environment, SSRF frequently escalates from “interesting” to “full account compromise” via metadata service abuse. The core vulnerability An application takes a URL parameter, fetches it, and returns the response. Classic example: “Enter […]

Apr 19, 2026 90 min Open

Active Directory Security Advanced Members

Active Directory Certificate Services Attacks

Active Directory Certificate Services (ADCS) is how Windows issues certificates — for user authentication, computer authentication, web services, VPN, code signing. It’s also, since SpecterOps’s 2021 “Certified Pre-Owned” research, one of the fastest paths from user to Domain Admin. This module covers the attack classes (ESC1-ESC8+) and defences. ADCS primer Certification Authority (CA) — issues […]

Apr 19, 2026 90 min Open

Active Directory Security Advanced Members

Golden and Silver Tickets

Forged Kerberos tickets are the ultimate AD compromise. A Golden Ticket grants domain-wide impersonation for 10 years. A Silver Ticket grants service-specific impersonation without ever touching the DC. Understanding both is essential for any practitioner serious about AD. Kerberos ticket refresher Two ticket types in a Kerberos flow: TGT (Ticket Granting Ticket) — issued by […]

Apr 19, 2026 90 min Open

Active Directory Security Advanced Members

NTLM Relay Attacks

NTLM Relay is one of the most effective attacks against modern Windows environments — and it works even on fully-patched systems if defenders haven’t enabled specific hardening. This module covers how relay works, common exploit chains, and the defences that actually block it. How NTLM authentication works NTLM is a challenge-response protocol. Client sends NTLM_NEGOTIATE; […]

Apr 19, 2026 90 min Open

Networking Advanced Members

IPv6 Security — Why You Already Have IPv6 Even If You Did Not Notice

IPv6 is on by default in every modern operating system. If you only configured IPv4 ACLs, half your network is unprotected. This module covers IPv6 addressing (link-local, ULA, GUA), Stateless Address Auto-Configuration (SLAAC), Neighbor Discovery (the ARP replacement and its att

Apr 19, 2026 90 min Open

System Security Advanced Members

Privilege Escalation Defence

Root escalation — getting from “regular user” to “root” or SYSTEM — is how most breaches turn catastrophic. A foothold becomes domain compromise via privilege escalation. This module covers the technique classes, the defences, and what a practitioner should be able to recognise on both the offensive and defensive sides. The privesc landscape Privilege escalation […]

Apr 19, 2026 120 min Open

Ethical Hacking Tools Advanced Members

Mimikatz — Credential Extraction

Mimikatz is the tool that defined modern Windows credential attacks. Benjamin Delpy’s 2011 research paper accompanying it single-handedly changed how the security community thinks about Windows auth. This module covers what Mimikatz does, how defenders catch it, and why Credential Guard matters. What it extracts Mimikatz reads credentials from process memory (primarily LSASS — Local […]

Apr 19, 2026 120 min Open