Cybersecurity, learned like a practitioner.

24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.

24
Learning paths
398+
Live modules
0
You've completed
Free
Your tier
Browse the academy

Intermediate · modules

Modules tagged Intermediate. Use the sidebar to narrow by track or topic.

273 results · Page 20/28
Filtering: Level: Intermediate × Clear all →
DPDP Compliance Practitioner Intermediate Free

DPDP Audit Readiness — DPB Inspection Playbook

Why this module exists. The Data Protection Board has inspection powers under §28. When the DPB shows up — physically or via written information request — you have days, not months, to produce evidence. Most Indian businesses can’t currently. This module is the readiness checklist. What the DPB can ask for Under §28 + civil-court […]

Apr 27, 2026 30 min Open
Cloud Security Practitioner Intermediate Free

AWS Lambda & Serverless Attack Surface

Why this module exists. Serverless is “no server to harden” — and a new attack surface that most security teams don’t review with the same rigour as VMs. Lambda functions, Cloud Functions, Azure Functions all share patterns: event-triggered execution, IAM-defined permissions, ephemeral compute, third-party dependencies. Each is an attack vector. The Lambda attack surface — […]

Apr 27, 2026 30 min Open
Cloud Security Practitioner Intermediate Free

Cloud SSRF & IMDS — IMDSv2 and Beyond

Why this module exists. Capital One. Capital One. Capital One. Every cloud security training references it because the chain is iconic: external SSRF → IMDS → IAM credentials → S3 dump. Six years later, IMDSv1 is still enabled on enough EC2 fleets to keep the attack practical. And Azure / GCP have their own metadata-service […]

Apr 27, 2026 30 min Open
Cloud Security Practitioner Intermediate Free

CloudTrail Forensics — Reading the Audit Log

Why this module exists. If you can’t read CloudTrail, you can’t do cloud incident response. CloudTrail is to AWS what Windows Event Logs are to AD: every action by every principal is recorded. Most defenders skim the volume; experienced cloud-IR practitioners write surgical Athena queries that crack open incidents in 20 minutes. What CloudTrail records […]

Apr 27, 2026 35 min Open
Cloud Security Practitioner Intermediate Free

Cost-Based Denial of Service

Why this module exists. Modern cloud architectures auto-scale. Auto-scaling means an attacker who can drive load can drive your bill — to bankruptcy levels — without taking the service down. The 2020-2024 wave of “DenialOfWallet” attacks demonstrated that autoscaling without circuit breakers is a financial DoS. Indian SaaS, especially YC-funded startups with low cash runway, […]

Apr 27, 2026 25 min Open
Active Directory Security Intermediate Free

Password Spraying Against AD in 2026

Why this module exists. Brute force = trying many passwords against one account → triggers lockout. Spraying = trying one password against many accounts → stays under lockout thresholds. The result of spraying every Indian enterprise’s user list with “Password@2026” is, statistically, 2-5% success — sometimes including admins. The math Default AD account lockout: 5 […]

Apr 27, 2026 25 min Open
Web Application Penetration Testing Intermediate Free

Session Management — Beyond Cookies

Why this module exists. Every web app makes session decisions in the first month of development that they regret 18 months later. The wrong choice between cookies and tokens, the wrong refresh strategy, the wrong idle timeout — each is technical debt that becomes a breach footnote. This module is the playbook for getting it […]

Apr 27, 2026 30 min Open
Web Application Penetration Testing Intermediate Free

WebSocket Security

Why this module exists. Real-time chat, live trading dashboards, multiplayer games, collaborative editors — all run on WebSockets. And every web pentester I know has found at least one critical WebSocket bug because developers treat the protocol as “HTTP-but-faster” without realising the security model is fundamentally different. How WebSockets differ from HTTP Single connection, bidirectional […]

Apr 27, 2026 30 min Open
Web Application Penetration Testing Intermediate Free

NoSQL Injection

Why this module exists. Developers who learned about SQL injection often think NoSQL databases are safe by design. They aren’t — they have different injection patterns, often with even fewer guardrails. MongoDB powers half of Indian Node.js startups; nearly every one I’ve audited had at least one NoSQLi exposure. How NoSQL queries differ from SQL […]

Apr 27, 2026 30 min Open
Networking Intermediate Free

MPLS, SD-WAN, and the Indian Enterprise WAN

MPLS is the legacy carrier-grade WAN — expensive, predictable, low-jitter, with operator-managed L3 VPNs. SD-WAN overlays multiple cheaper transports (broadband, LTE, 5G, MPLS) with software-defined policy, dynamic path selection, and integrated security. The Indian enterprise WA

Apr 27, 2026 90 min Open
02 / Why learn here

Practitioners who've
shipped the controls.

Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.

Why learn here

01

Practitioner-written.

Each lesson is authored by someone who has shipped the control or run the engagement in production.

02

Quiz after every module.

20+ questions with explanations. 70%+ to mark complete. Unlimited retries.

03

Progress tracked.

Completions, scores and streaks saved automatically. Resume exactly where you left off.

04

India-priced.

Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.

Pick a path, get to work.

Browse all 398 modules View skill map