Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Blue Team / SOC Operations · modules
How defenders actually work. SOC structure, SIEM, detection engineering, EDR, and malware triage.
Module 20 · Purple Team — Operationalising Adversary Emulation
Red vs purple — what differs Red team Purple team Adversary emulation, blue blind Adversary emulation, blue collaborating Goal: demonstrate impact Goal: improve detection Output: detailed report; blue may not see techniques used Output: detection rules + visibility-gap remediation Annual or quarterly engagement Continuous or monthly cadence The purple-team operating model Red team executes a […]
Module 17 · Threat Hunting Operationalised — Hypotheses, Pivots, Dashboards
What threat hunting is Proactive search for adversary presence based on hypothesis, not alert. The defender assumes a sophisticated attacker may already be present and searches for traces that current detection rules would miss. The hunt cycle Hypothesis: state what you’re looking for. “Adversaries may be using WMI for lateral movement.” Data sources: identify what […]
Module 18 · Detection Engineering — Sigma, ATT&CK Coverage, Validation
What detection engineering is Design rules that fire on adversary behaviour, not noise. Test rules against historical data and red-team data. Tune to acceptable signal-to-noise. Deploy with documentation. Maintain — update when adversary techniques evolve. The detection-engineering lifecycle Source: hunt finding, TI report, red-team exercise, ATT&CK coverage gap. Hypothesis: state what the rule should catch. […]
Module 16 · SOAR — Security Orchestration, Automation, Response
What SOAR does Orchestration: connect security tools via API; trigger actions across them. Automation: execute repeatable workflows without human intervention. Case management: structured incident workflow with audit trail. Playbook execution: pre-defined response runbooks triggered by alert type. The platforms Splunk SOAR (formerly Phantom), Palo Alto XSOAR (Demisto), IBM QRadar SOAR, Microsoft Sentinel SOAR, Tines, Torq. […]
Module 14 · Threat Intelligence Operations
Why this module exists. Threat intelligence is one of the most-purchased and least-utilised security investments. Companies subscribe to feeds that nobody reads, vendor reports that nobody actions. Done well, TI shapes detection, prioritisation, and strategy. Done badly, it’s expensive noise. The three altitudes of TI Type Audience Outputs Cadence Strategic Executives, board Threat landscape, risk-driven […]
Module 15 · Purple Teaming Methodology
Why this module exists. Red teams find what defenders missed. Blue teams build detections. Purple teams put both in the same room — making a single exercise simultaneously a test, a learning event, and a detection-engineering session. The output: detections that work for the techniques attackers actually use. What purple team isn’t Not “let’s all […]
Module 7 · Incident Response Lifecycle — NIST + SANS in Practice
Why this module exists. Every CISO knows the NIST IR lifecycle (Prepare, Identify, Contain, Eradicate, Recover, Lessons Learned). Few have actually executed it under pressure. The translation from textbook diagram to “the breach is happening, what do we do at 02:30 IST” is what separates exercises from outcomes. The lifecycle in operational terms Phase What […]
Module 10 · Insider Threat Detection
Why this module exists. External attackers get the headlines; insiders cause more breaches by volume. Verizon DBIR consistently shows ~20% of breaches are insider-driven (deliberate + accidental combined). Detecting them requires different signals from external-attack detection, and operating in the privacy-respecting envelope DPDP / labour law / cultural norms allow. The insider-threat taxonomy Malicious insider […]
Module 5 · Malware Triage
Static + behavioural triage, sandbox workflow, 30-minute triage playbook, and when to escalate to a reverse engineer.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.