Cybersecurity, learned like a practitioner.

Cyber Threat Intelligence Advanced Free

Attribution Methodology

“Who did this?” is often the wrong question. Attribution is hard, slow, and often inconclusive. Defenders mostly need TTP-level intel, not actor identity. The Diamond Model Four vertices of an intrusion analysis: Adversary — who Capability — what tools, what TTPs Infrastructure — what domains, IPs, code-signing certs Victim — who/what was targeted Pivot between […]

Apr 27, 2026 15 min Open

Cyber Threat Intelligence Advanced Free

Malware Family Classification

Classifying samples by family enables tracking actor evolution. YARA is the de-facto language. YARA basics rule MyMalware_v2 { meta: author = "RingSafe" family = "Cobalt Strike" version = "4.x" strings: $beacon_str = "Mozilla/5.0 (Windows NT 6.1)" wide $config_marker = { 00 01 00 0E ?? ?? } condition: uint16(0) == 0x5A4D and any of them […]

Apr 27, 2026 20 min Open

Mobile App Penetration Testing Advanced Free

Frida & Objection — Runtime Mobile Analysis

Frida injects JavaScript into running mobile apps. Objection wraps Frida with ready-made tools. Together: bypass any client-side check. Common bypasses # SSL pinning bypass (so Burp can intercept) objection -g com.example.app explore android sslpinning disable # Jailbreak/root detection bypass ios jailbreak disable android root disable # Hook a specific method android hooking watch class_method com.example.MyClass.checkLicense […]

Apr 27, 2026 25 min Open

Mobile App Penetration Testing Advanced Free

Runtime Tampering Detection

Many apps add “tamper detection”: Frida hook detection, jailbreak/root detection, debugger detection. Attackers bypass them all (Module 7). Why bother? Why detection still has value Raises attacker effort Generates telemetry — when an account triggers tamper detection, treat as suspicious server-side Combined with server-side enforcement, raises bar significantly What to detect Frida-server processes / TCP […]

Apr 27, 2026 20 min Open

Ethical Hacking Tools Advanced Free

Cobalt Strike — Defender Perspective

Cobalt Strike is the most-used commercial C2 framework — by red teams and by the most ransomware operators. Defenders must know its capabilities and detection signals. Capabilities Beacon — implant; supports HTTP, HTTPS, DNS, SMB pipe Malleable C2 — operator customises traffic profile (mimic Outlook, Slack, etc.) Pivoting — beacon-to-beacon over SMB Built-in tools — […]

Apr 27, 2026 20 min Open

System Security Advanced Free

EDR Evasion — Defender View

Modern EDRs (CrowdStrike, SentinelOne, Defender for Endpoint, Carbon Black) hook into kernel and user space. Attackers evolved evasion. Knowing the techniques helps defenders evaluate detection coverage. Common evasion techniques Process injection variants — APC injection, atom bombing, CTRL injection, NtMapViewOfSection. Each evades signature-based hooks. AMSI bypass — disable Microsoft’s anti-malware scan interface in-process. Many published […]

Apr 27, 2026 25 min Open

System Security Advanced Free

Zero Trust Architecture

Zero trust is a posture, not a product. Module 16 (Cloud track) covered ZTNA specifically. This module is the architectural view. The seven pillars (NIST) User/identity Device Network/environment Application/workload Data Visibility/analytics Automation/orchestration Core principles Never trust; always verify Assume breach Least privilege Continuous verification Phased rollout (24-36 months realistic) Identity — strong IdP, MFA, conditional […]

Apr 27, 2026 25 min Open

Ethical Hacking Tools Advanced Free

EvilGinx — Modern Phishing

For defensive understanding only. Don’t deploy without clear authorisation. EvilGinx is the proof that “MFA stops phishing” was true in 2018, false by 2024. How proxy phishing works Attacker hosts EvilGinx with a phishlet for the target service (Microsoft, Google, etc.). EvilGinx is a transparent reverse proxy: requests come in, get forwarded to legitimate service, […]

Apr 27, 2026 20 min Open

Ethical Hacking Tools Advanced Free

Impacket — The Swiss Army Knife

Python toolkit for SMB/MSRPC/Kerberos. Used in nearly every AD pentest. Top scripts secretsdump.py — dump SAM, LSA, NTDS psexec.py / smbexec.py / wmiexec.py — remote command execution GetUserSPNs.py — Kerberoasting GetNPUsers.py — AS-REP roasting ntlmrelayx.py — NTLM relay attacks ticketer.py — forge Kerberos tickets (Golden/Silver) addcomputer.py — create computer accounts (RBCD) rbcd.py — Resource-Based Constrained […]

Apr 27, 2026 25 min Open

Ethical Hacking Tools Advanced Free

Responder & MITM6

Most internal pentests start with passive listening. Responder + MITM6 capture authentication attempts and convert them to crackable hashes. Responder — LLMNR/NBT-NS poisoning When Windows can’t resolve a name via DNS, it falls back to LLMNR/NBT-NS broadcasts. Responder answers them, claiming to be the target. Victim authenticates to Responder; NetNTLMv2 hashes captured. sudo responder -I […]

Apr 27, 2026 20 min Open