Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Expert · modules
Modules tagged Expert. Use the sidebar to narrow by track or topic.
Sliver C2 Operator Guide — Implants, Transports, OPSEC, and the Detection Patterns Blue Teams Should Hunt
Sliver is the open-source post-Cobalt-Strike C2 framework — accessible to Indian red teams without licensing barriers, and the most-abused C2 after CS itself. Architecture, implant generation, transport choices, OPSEC patterns, and the defender-side hunt queries that actually catch it.
LLM Jailbreaks 2026 — Universal Suffixes, Many-Shot, Crescendo, and What Constitutional AI Actually Stops
LLM jailbreak research in 2026: GCG universal suffixes, AutoDAN, many-shot context-poisoning, Crescendo multi-turn, multimodal vision attacks. Why alignment is structurally defence-in-depth, the production controls that actually work, and a test harness for measuring your model versions.
Building Like Cursor / Perplexity / v0 — Backend Architecture of Trending AI Tools
Cursor, Perplexity, v0, Claude Artifacts, Lovable — the products defining 2026 AI UX. Their backends share patterns: streaming LLM gateways, smart context windows, agentic loops with tool use, observability-first design. This module reverse-engineers the architecture and shows ho
AI Supply Chain — Hugging Face Hijacks, Pickle Attacks, Model Card Poisoning
You download a model from Hugging Face. The model file format (Pickle) supports arbitrary code execution on load. The model card lies about training data. Adversaries upload typo-squat model names. This is the AI version of the npm supply chain problem and most teams have no cont
Browser-Use Agents — Risks When LLMs Browse the Web
Anthropic computer-use Claude, OpenAI Operator, and frameworks like browser-use let agents control real browsers. They click, type, fill forms, log in. Every webpage is now an attack surface against the agent. This module covers the documented attacks (visual prompt injection, de
Multi-Modal Attacks — Image Prompt Injection and Audio Adversarials
GPT-4V, Claude 3.5 Sonnet, and Gemini accept images. Whisper, ElevenLabs, and others accept audio. Each modality is an injection surface. This module covers documented multi-modal attacks (invisible-text prompt injection, audio-watermark adversarials, deepfake-driven phishing) an
Kerberos Delegation Abuse — Unconstrained, Constrained, RBCD
Why this module exists. Kerberos delegation is one of the most-misunderstood AD features and one of the most-abused. Three flavours, all dangerous when misconfigured: Unconstrained (legacy, terrifying), Constrained (better, still bad), and Resource-Based Constrained Delegation (the new one, with its own attack class). Every red team checks all three. Why delegation exists Tiered apps need […]
AI Security & Red Teaming
Attack and defend AI systems — the field almost no one teaches. OWASP LLM Top 10, prompt injection, jailbreaks, guardrails, RAG poisoning, model extraction.
Multi-Cloud — The Complexity Tax
Per-cloud skill, divergent defaults, N × CSPM. Multi-cloud without investment = weaker overall security.
Hybrid AD — On-Prem Meets Cloud
Entra Connect crown jewel, Golden SAML, Azure AD attacks, AZUREADSSOACC$ legacy, PRT theft.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.