Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Active Directory Security · modules
Red-team and blue-team AD. Kerberos, BloodHound, defensive hardening.
Module 20 · AD Trust Relationships Deep Dive — Forest, External, Shortcut
Why this module exists. AD has six distinct trust types. Each has different transitivity, SID Filtering defaults, Kerberos behaviour, and attacker-reachable abuse pattern. The median Indian-bank AD environment we audit has at least one trust whose properties the owning team cannot explain. This module is the missing reference. The six trust types — at a […]
Module 18 · AdminSDHolder & SDProp Persistence
Why this module exists. AdminSDHolder is one of the cleanest persistence primitives in AD because it abuses a feature, not a bug. Microsoft built SDProp to protect privileged accounts from accidental ACL drift. Attackers turned that protection into a self-healing backdoor. If you have ever seen an environment where the IR team cleaned up the […]
Module 17 · Read-Only Domain Controllers (RODCs) — Attack & Defence
Why this module exists. RODCs were Microsoft’s 2008 answer to “we need a DC at a branch office, but the branch office has no physical security.” The model: cache only specific user passwords; if the RODC is stolen, only those users’ hashes are exposed. The reality: misconfigured RODCs cache more than admins realise, and compromised […]
Module 16 · AD Tier-0 Hardening — The Defender’s Playbook
Why this module exists. Most AD breaches succeed because Domain Admin credentials end up exposed on workstations or member servers. Microsoft’s Tiered Administration Model (originally “Securing Privileged Access” / “Enterprise Access Model”) is the structural fix. It’s well-documented and rarely implemented in full. This module is the practical playbook. The model Three tiers, in increasing […]
Module 14 · Group Policy Object (GPO) Abuse
Why this module exists. Group Policy was designed in 2000 to centralise Windows administration. It’s still the primary configuration mechanism for AD-joined hosts in 2026. Attackers learned its weaknesses long ago; defenders mostly still don’t audit GPO ACLs. Three flavours of GPO abuse pay off in nearly every internal pentest. The GPP cpassword bug — […]
Module 13 · Azure AD / Entra ID Attack Surface
Why this module exists. Indian enterprises moved their identity to Microsoft 365 / Entra ID (formerly Azure AD) in waves between 2019 and 2024. Attackers followed. The 2023-25 surge in token-theft and consent-phishing attacks is now the dominant initial-access technique against Microsoft-shop enterprises. Different concepts, different tools, different defenders. How Entra ID is different from […]
Module 12 · DPAPI — Windows Data Protection API Attacks
Why this module exists. DPAPI is how Windows stores “secrets” — Wi-Fi passwords, browser-saved credentials, RDP credentials, OneDrive tokens, certificates. Attackers who understand DPAPI extract dozens of credentials per compromised host. Defenders who don’t understand it can’t tell which alert means “credential theft” vs “noise”. The DPAPI mental model Each Windows user has a master […]
Module 10 · DCSync — Domain Replication Abuse
Why this module exists. DCSync is the technique that lets an attacker dump every credential in your domain — without ever touching a domain controller’s filesystem. It’s not an exploit; it’s a feature being abused. Most AD environments have multiple non-DC accounts that can DCSync, and most defenders don’t know who. The mechanic Active Directory […]
Module 9 · Pass-the-Hash & Pass-the-Ticket
Why this module exists. Pass-the-Hash was first published in 1997. Microsoft has shipped 28 years of mitigations and the technique still works on most enterprise networks. Understanding why it persists, and what actually stops it, is foundational to defending AD. NTLM in 30 seconds NTLM authentication doesn’t transmit the password. The client transmits the NT […]
Module 8 · AS-REP Roasting — The Quiet Cousin of Kerberoasting
Why this module exists. Every AD pentester checks Kerberoasting first. Most check AS-REP Roasting second. The astonishing thing is how often it works in 2026 — accounts with DONT_REQ_PREAUTH set, often “temporarily” by an admin in 2014 and never unset. One vulnerable account is enough to crack a domain user’s password offline. The bug, structurally […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.