Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Advanced · modules
Modules tagged Advanced. Use the sidebar to narrow by track or topic.
ICS Threat Actors
ICS attacks have public-policy gravity. Each provides defender learning. The big incidents Stuxnet (2010) — Iranian nuclear centrifuges; multi-stage; PLC manipulation BlackEnergy / Industroyer (2015-16) — Ukraine power grid; substations TRITON / TRISIS (2017) — Saudi petrochemical; targeted safety systems Colonial Pipeline (2021) — IT-side ransomware; OT shutdown precautionary Pipedream / Incontroller (2022) — modular […]
OT Incident Response
OT IR differs from IT IR. Safety supersedes investigation. Containment can mean physical action, not just network isolation. Differences Safety first; never an action that endangers people or environment Operations team has veto on technical decisions Evidence preservation often impossible (PLCs don’t log; HMI logs sparse) System restoration may require physical access Recovery from backup […]
IoT Cloud Integration Security
Modern IoT goes cloud. Cloud security + IoT security overlap. Patterns Device identity — per-device X.509 cert (best); shared key (acceptable); password (avoid) MQTT over TLS — standard transport Device shadows — last-known state for offline devices OTA updates — signed firmware; A/B partition for rollback Cloud-specific AWS IoT Core — most mature; per-device certs; […]
IoT Penetration Testing Methodology
IoT pentesting spans more layers than typical web. Methodology to cover all of them. Phases Reconnaissance — manuals, FCC IDs, FCC database, related devices Hardware — open device, identify chips, find debug ports (UART, JTAG) Firmware extraction — flash dump, firmware update interception, OTA capture Firmware analysis — Module 9 above Wireless — Wi-Fi, BLE, […]
Persistence Techniques
MITRE ATT&CK lists 30+ persistence techniques. The 10 most-used cover 80% of real-world cases. Top techniques Run keys — HKCU/HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services — create new service or hijack existing Scheduled tasks — schtasks; survives reboot WMI event subscription — fires on conditions COM hijacking — replace InProcServer32 entries Office Test path — DLLs loaded by Office […]
Red Team in AD
The complete red-team AD chain. Modules 8-17 in AD track covered individual techniques; this is operator playbook. Path planning Initial access (phish, web exploit, valid creds) Local recon (BloodHound from compromised host) Identify shortest path to DA Choose technique per step (Kerberoast → DCSync, or RBCD → ticket forge) Execute with OPSEC (silent EDR-evasive techniques) […]
Red Team in Cloud
Cloud red teaming is different from AD. No NT hashes; tokens. No Kerberos; OAuth/STS. Different tools, different OPSEC. The cloud kill chain Initial credential acquisition (phishing dev for AWS keys, or compromise endpoint with cached cli credentials) Discovery — what services, what permissions Privilege escalation — IAM-misconfig paths (covered Cloud Module 8-9) Lateral movement — […]
Data Exfiltration Techniques
Data exfiltration is the goal of most non-ransomware attacks. Network defenders should know patterns. Common channels HTTPS to attacker domain — most common; blends with legit traffic HTTPS to cloud storage — Dropbox, Google Drive, AWS S3 (attacker bucket); user-agents look legitimate DNS tunneling — covered Module 9 Networking ICMP tunneling — niche but possible; […]
Attribution Methodology
“Who did this?” is often the wrong question. Attribution is hard, slow, and often inconclusive. Defenders mostly need TTP-level intel, not actor identity. The Diamond Model Four vertices of an intrusion analysis: Adversary — who Capability — what tools, what TTPs Infrastructure — what domains, IPs, code-signing certs Victim — who/what was targeted Pivot between […]
Malware Family Classification
Classifying samples by family enables tracking actor evolution. YARA is the de-facto language. YARA basics rule MyMalware_v2 { meta: author = "RingSafe" family = "Cobalt Strike" version = "4.x" strings: $beacon_str = "Mozilla/5.0 (Windows NT 6.1)" wide $config_marker = { 00 01 00 0E ?? ?? } condition: uint16(0) == 0x5A4D and any of them […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.