Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Advanced · modules
Modules tagged Advanced. Use the sidebar to narrow by track or topic.
Detection Engineering — Sigma, ATT&CK Coverage, Validation
What detection engineering is Design rules that fire on adversary behaviour, not noise. Test rules against historical data and red-team data. Tune to acceptable signal-to-noise. Deploy with documentation. Maintain — update when adversary techniques evolve. The detection-engineering lifecycle Source: hunt finding, TI report, red-team exercise, ATT&CK coverage gap. Hypothesis: state what the rule should catch. […]
SOAR — Security Orchestration, Automation, Response
What SOAR does Orchestration: connect security tools via API; trigger actions across them. Automation: execute repeatable workflows without human intervention. Case management: structured incident workflow with audit trail. Playbook execution: pre-defined response runbooks triggered by alert type. The platforms Splunk SOAR (formerly Phantom), Palo Alto XSOAR (Demisto), IBM QRadar SOAR, Microsoft Sentinel SOAR, Tines, Torq. […]
Serverless Security — Functions, Event Sources, API Gateway
The serverless threat model What you no longer manage: OS patches, container runtime, network firewall (mostly). What becomes more critical: function code, IAM permissions, event sources, dependencies. The recurring vulnerability classes Over-privileged function roles: function role can do far more than the function actually needs. Compromise of function = wide IAM access. Injection via event […]
Cloud Workload Protection (CWPP) — VMs, Containers, Serverless
CWPP vs CSPM CSPM CWPP Configuration of cloud resources What is running on those resources Public buckets, broad SGs, unencrypted volumes Malware, intrusion, suspicious processes, file integrity Agentless (mostly) Agent or eBPF probe per workload Mature programmes deploy both. CNAPP (Cloud-Native Application Protection Platform) is the converged offering — CSPM + CWPP + CIEM (identity […]
Kubernetes Security at Production Scale
The four production K8s domains Cluster security: API server, etcd, kubelet, control plane hardening. Workload security: Pod Security Standards, admission control, runtime protection. Network security: NetworkPolicy, service mesh, ingress, egress. Supply chain: image signing, SBOM, admission control verification. API server hardening API server reachable only through bastion / VPN / private endpoint; never public. Audit […]
Securing Multi-Cloud Architectures
Why organisations go multi-cloud Resilience against single-provider outage. Regulator preference (RBI may prefer certain providers for specific workloads). Best-of-breed (Azure for M365 integration, AWS for ML, GCP for data analytics). Vendor leverage in negotiation. Acquired company arrives with different cloud. The multi-cloud security challenges Distinct IAM models: AWS IAM, Azure RBAC, GCP IAM each have […]
WebSockets, SSE, WebRTC — Realtime Web Vulnerabilities
Why realtime channels need different testing Persistent connection rather than request-response. Often bypass HTTP-aware controls (rate limit, WAF rules). Authentication happens at connection-open; subsequent messages may not re-validate. Message framing varies; binary, JSON, custom protocols. The protocols Protocol Direction Use case WebSocket Bidirectional Chat, gaming, trading dashboards SSE (EventSource) Server → client Live notifications, dashboards […]
Web Cache Attacks — Deception, Poisoning, Key Confusion
Why cache attacks are different Web applications use multiple cache layers: CDN edge cache, origin proxy cache, application cache. Each interprets URLs and headers slightly differently. The gap between interpretations is the attack surface. Web Cache Deception The attack: Authenticated user visits https://app.com/account/details.css. CDN sees “.css” suffix; caches the response as a static asset. Origin […]
Smart Contract Pentest Fundamentals for Web Testers
What is different about smart contracts Immutable once deployed: no patch cycle (mostly). Find the bug, lose the funds. Public source code: bytecode is on-chain; usually source code published for verification. Direct financial exposure: vulnerabilities translate to ETH / tokens immediately. Gas economy: every operation costs; some attacks exploit gas pricing. Composability: contract A calls […]
GraphQL Pentesting — Introspection, Authz, Query Abuse
Why GraphQL needs different testing GraphQL provides a single endpoint that responds to flexible query shapes. The implications: Introspection lets the attacker enumerate the entire schema with a single query. Each field can have its own authorization; missing authz on a single field exposes data. Query depth and breadth can be weaponised for resource exhaustion. […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.