Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Cryptography & PKI · modules
Modern crypto primitives, TLS, PKI architecture, secrets management at scale.
Module 5 · Symmetric Cryptography in Practice
Symmetric crypto is fast, ubiquitous, and routinely misused. Modes that matter AES-256-GCM — authenticated encryption with associated data; default choice ChaCha20-Poly1305 — alternative AEAD; faster on devices without AES-NI AES-CBC — legacy; no built-in auth (vulnerable to padding-oracle if MAC absent) AES-CTR — fast; needs separate MAC; nonce reuse catastrophic AES-ECB — never use; reveals […]
Module 6 · Asymmetric Cryptography
Asymmetric (public-key) crypto for digital signatures and key exchange. The choices RSA-2048 — minimum acceptable; phasing out for 4096 in regulated RSA-4096 — slow; use only when compatibility requires ECDSA P-256 — fast; smaller keys (256-bit ~ RSA-3072 strength) Ed25519 — modern; fast; safer-by-default than ECDSA X25519 — for ECDH key agreement When to use […]
Module 7 · PKI Fundamentals
PKI = the trust infrastructure for asymmetric crypto. Most engineers use it; few understand it. The components Certificate Authority (CA) — issues certs; private key very protected Certificate Signing Request (CSR) — what you submit to a CA X.509 certificate — public key + identity, signed by CA Certificate chain — your cert → intermediate […]
Module 8 · TLS Cipher Suite Selection
TLS 1.3 covered in Networking Module 10. This is the operational hardening view. The 2026 baseline TLS 1.2 + TLS 1.3 only Disable TLS 1.0, 1.1 entirely Forward-secret ciphers only (ECDHE-*) AEAD ciphers (GCM or ChaCha20-Poly1305) Strong elliptic curves (X25519, P-256, P-384) HSTS enabled Sample nginx config ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; ssl_ecdh_curve […]
Module 11 · Secret Management Platforms
Module 7 (DevSecOps track) covered secret-leak prevention. This is the platform comparison. Comparison Platform Strengths Weaknesses HashiCorp Vault Open source; flexible; rich auth methods; dynamic secrets Operational complexity AWS Secrets Manager AWS-native; rotation built-in; KMS integration AWS-only; per-secret cost Azure Key Vault Azure-native Azure-only GCP Secret Manager GCP-native; simple GCP-only; fewer features Doppler Modern UX; […]
Module 12 · Hashing — Passwords & Integrity
“How do we hash passwords?” is the most-asked question. The answer evolved. 2026 password-hashing recommendations Argon2id — first choice; OWASP recommended bcrypt — second choice; widely supported scrypt — third; less library support PBKDF2 — only when FIPS 140 compliance forced NEVER — MD5, SHA-1, SHA-256/512 alone, plain hashing without salt Argon2id parameters (OWASP 2026) […]
Module 13 · TLS/PKI Incidents — What Happens When Crypto Breaks
Crypto breaks rarely; when it does, it’s catastrophic. Notable incidents DigiNotar 2011 — CA compromised; rogue certs for Google. Browser distrust = company death. Heartbleed 2014 — OpenSSL bug exposed memory to attacker. Remediation involved rotating every cert. POODLE 2014 — SSL 3.0 padding-oracle. End of SSL 3.0. Logjam 2015 — DH key-exchange weakness. End […]
Module 14 · Crypto Compliance Mapping
Auditors ask “is your encryption FIPS 140-2/3 compliant?” Industry answers vary by sector. FIPS 140 levels Level 1 — software-only crypto module; algorithms tested Level 2 — physical tamper-evidence (HSM with seal) Level 3 — physical tamper-resistance (HSM strong enclosure) Level 4 — full environmental protection (HSM with auto-zeroize) Indian sectoral requirements Sector Requirement RBI […]
Module 2 · TLS in Practice
TLS 1.2/1.3, cipher suites, handshake, certificate validation, HSTS, CT, common misconfigurations, testing with testssl.sh.
Module 3 · PKI Architecture
CAs, cert types, ACME, lifecycle, revocation, internal PKI, service mesh PKI, code signing, lifetime trends.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.