Cybersecurity, learned like a practitioner.

24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.

24
Learning paths
398+
Live modules
0
You've completed
Free
Your tier
Browse the academy

Intermediate · modules

Modules tagged Intermediate. Use the sidebar to narrow by track or topic.

273 results · Page 17/28
Filtering: Level: Intermediate × Clear all →
System Security Intermediate Free

macOS Security in Enterprise

macOS isn’t niche anymore. Most Indian SaaS startups have 30-50% Macs. Security model differs from Windows. Native protections Gatekeeper — only signed/notarised apps run by default XProtect — Apple’s anti-malware System Integrity Protection (SIP) — even root can’t modify protected paths FileVault — full-disk encryption App Sandbox + Hardened Runtime — for App Store apps […]

Apr 27, 2026 20 min Open
Ethical Hacking Tools Intermediate Free

sqlmap — Automated SQL Injection

Why this module. sqlmap automates 80% of SQLi work. Mastering it means going from “I think this is injectable” to “here’s the database dump” in 15 minutes. The base workflow # Detect sqlmap -u "https://target.com/page?id=1" --batch --level=3 --risk=2 # Confirm with banner sqlmap -u "https://target.com/page?id=1" --batch --banner # Enumerate sqlmap -u "https://target.com/page?id=1" --batch --dbs sqlmap […]

Apr 27, 2026 25 min Open
Ethical Hacking Tools Intermediate Free

John & Hashcat — Cracking Workflow

Why this module. Cracked hashes power lateral movement. Knowing how to crack quickly turns a low-impact LSASS dump into a Domain Admin compromise. Identify the hash hashid 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0' # Output: NTLM Hashcat modes (the ones you need) Mode Hash 0 MD5 100 SHA1 1000 NTLM 5500 NetNTLMv1 5600 NetNTLMv2 1800 sha512crypt (Linux) 13100 Kerberos 5 […]

Apr 27, 2026 25 min Open
Ethical Hacking Tools Intermediate Free

CrackMapExec / NetExec

CrackMapExec (now NetExec / nxc) is the parallel-executor that makes Impacket scriptable across hundreds of hosts. Workflow # Enumerate SMB hosts nxc smb 10.0.0.0/24 # Test credentials across the subnet nxc smb 10.0.0.0/24 -u alice -p 'Password@2026' --continue-on-success # Pass-the-hash nxc smb 10.0.0.0/24 -u admin -H aad3b435b51404ee...:31d6cfe... # Once you have admin somewhere nxc smb […]

Apr 27, 2026 20 min Open
API Security Deep Dive Intermediate Free

API DDoS & Bot Mitigation

Why this module. APIs are bot magnets. Credential stuffing against /login, scraping of /products, account creation abuse, comment spam. Volumetric DDoS is solved at the edge; L7 abuse is a per-API battle. Bot patterns by endpoint /login — credential stuffing, brute force /signup — fake account creation for fraud / spam /api/search — scraping / […]

Apr 27, 2026 25 min Open
API Security Deep Dive Intermediate Free

API Versioning & Deprecation Security

Why this module. Old API versions are where security debt accumulates. v1 was insecure by 2019 standards; it’s still serving 5% of traffic in 2026 because retiring it requires customer coordination. Most teams underestimate the security cost of supporting old versions. Versioning patterns URL versioning — /v1/users vs /v2/users. Visible, easy to route. Most common. […]

Apr 27, 2026 20 min Open
API Security Deep Dive Intermediate Free

API Logging & Anomaly Detection

Why this module. APIs generate massive log volume; most teams collect it and never query it. Anomaly detection at the API layer catches account takeover, scraping, and business-logic abuse that WAFs miss. What to log per API call Timestamp, request ID Authenticated user / API key Source IP, ASN, country Method + path + query […]

Apr 27, 2026 25 min Open
API Security Deep Dive Intermediate Free

WebAuthn & Passkeys for APIs

Why this module. Phishing-resistant auth is the only auth that holds up against modern proxy-phishing attacks (EvilGinx and similar). WebAuthn / Passkeys are the standard. Apple, Google, Microsoft all default-support; Indian banks are following. Why TOTP isn’t enough anymore EvilGinx-style proxy phishing intercepts the TOTP at login time. User enters TOTP on phishing page → […]

Apr 27, 2026 25 min Open
API Security Deep Dive Intermediate Free

API Mocking & Contract Testing

Why this module. APIs evolve; consumers break. Contract testing catches it before production. From a security view, contract testing also catches “we accidentally exposed an internal field” and “auth was removed from this endpoint.” Two patterns Schema-first — OpenAPI spec is the contract. Validate every request/response. Consumer-driven (Pact) — consumers declare expectations; provider validates them. […]

Apr 27, 2026 20 min Open
API Security Deep Dive Intermediate Free

SDKs as Attack Surface

Why this module. If you publish an SDK (Python, JS, mobile native), attackers analyse it to learn about your API’s structure, undocumented endpoints, and assumptions. Plus: SDK becomes part of customer’s supply chain — your bugs become their problems. The SDK threat model Attacker reverse-engineers SDK to learn API structure Attacker finds hardcoded endpoints, debug […]

Apr 27, 2026 20 min Open
02 / Why learn here

Practitioners who've
shipped the controls.

Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.

Why learn here

01

Practitioner-written.

Each lesson is authored by someone who has shipped the control or run the engagement in production.

02

Quiz after every module.

20+ questions with explanations. 70%+ to mark complete. Unlimited retries.

03

Progress tracked.

Completions, scores and streaks saved automatically. Resume exactly where you left off.

04

India-priced.

Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.

Pick a path, get to work.

Browse all 398 modules View skill map