Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Active Directory Security · modules
Red-team and blue-team AD. Kerberos, BloodHound, defensive hardening.
Module 6 · Active Directory Certificate Services Attacks
Active Directory Certificate Services (ADCS) is how Windows issues certificates — for user authentication, computer authentication, web services, VPN, code signing. It’s also, since SpecterOps’s 2021 “Certified Pre-Owned” research, one of the fastest paths from user to Domain Admin. This module covers the attack classes (ESC1-ESC8+) and defences. ADCS primer Certification Authority (CA) — issues […]
Module 5 · Golden and Silver Tickets
Forged Kerberos tickets are the ultimate AD compromise. A Golden Ticket grants domain-wide impersonation for 10 years. A Silver Ticket grants service-specific impersonation without ever touching the DC. Understanding both is essential for any practitioner serious about AD. Kerberos ticket refresher Two ticket types in a Kerberos flow: TGT (Ticket Granting Ticket) — issued by […]
Module 4 · NTLM Relay Attacks
NTLM Relay is one of the most effective attacks against modern Windows environments — and it works even on fully-patched systems if defenders haven’t enabled specific hardening. This module covers how relay works, common exploit chains, and the defences that actually block it. How NTLM authentication works NTLM is a challenge-response protocol. Client sends NTLM_NEGOTIATE; […]
Module 3 · BloodHound for Attack Paths
Individual AD misconfigurations look innocuous on their own. A group with a few extra members. A computer with delegation enabled. A user with GenericWrite on a colleague’s account. In isolation, each is a “maybe low risk.” When graph-analysed together, they form attack paths — concrete, stepwise routes from any foothold to Domain Admin. BloodHound is […]
Module 2 · Kerberoasting in Practice
Kerberoasting is the single most common Active Directory attack encountered on pen-test engagements. It’s low-noise, low-skill, highly reliable, and when it succeeds, the attacker holds privileged service account credentials — often Domain Admin. Understanding it is essential for both the offence and defence sides. This is a hands-on module. You will see the exact attacker […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.