Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
IoT & OT Security · modules
Connected devices and industrial control systems. Hardware, firmware, ICS protocols, safe OT testing.
Module 8 · Purdue Model & ICS Architecture
Purdue Model = standard reference architecture for ICS networks. Six levels of segmentation. Levels Level 0 — physical process (sensors, actuators) Level 1 — basic control (PLCs, RTUs) Level 2 — area supervision (HMIs, historians) Level 3 — site operations (MES, plant historians) Level 3.5 — DMZ between OT and IT Level 4-5 — corporate […]
Module 6 · IoT Protocols — MQTT, CoAP, Modbus
IoT/OT runs on protocols designed for constrained devices, often without security as primary concern. The big four MQTT — pub/sub for IoT. Default no auth; if auth, often password in plaintext. TLS optional. CoAP — HTTP-like for constrained devices. UDP-based; DTLS optional. Modbus — industrial. No auth. No encryption. Designed 1979. BACnet — building automation. […]
Module 7 · OT Network Monitoring
Active scanning breaks OT — even an Nmap can crash a PLC. Passive monitoring is the norm. Tools Claroty CTD — top-tier; Indian energy sector adoption Nozomi Networks — competitor Dragos Platform — industrial-control-specific Open source — Zeek with industrial parsers Detection patterns Unauthorised PLC programming (write to coil/register) HMI talking to non-PLC destinations Firmware […]
Module 10 · Bluetooth & Zigbee Security
Wireless protocols for IoT have specific attack surfaces. BLE Pairing modes: Just Works (no auth), Passkey, OOB Many devices use Just Works (vulnerable to MITM during pairing) Tools: Ubertooth, BTLEjuice, Sniffle, ESP32-based Zigbee / Z-Wave Network keys; if leaked once during initial pairing, devices vulnerable forever Tools: KillerBee, Z-Wave Hacking Toolkit Common findings Smart locks […]
Module 13 · IoT Supply Chain Risk
IoT devices ship with security debt. Default creds, no update mechanism, hardcoded keys. Supply chain compounds it. Issues Default credentials never changed (Mirai botnet exploited this) No firmware updates after sale (10-year-old vulns active) Hardcoded private keys discovered post-shipment Foreign-manufacture concerns (geopolitical) Recycled chips with unknown firmware Indian regulatory environment 2022 CERT-In Direction requires equipment […]
Module 2 · IoT Device Security Testing
Hardware reconnaissance, UART/JTAG, firmware extraction with binwalk, BLE/Zigbee testing, cloud API audit.
Module 3 · Industrial Control Protocols
Modbus, DNP3, OPC-UA, S7Comm, EtherNet/IP, BACnet — protocol attack surfaces and defenses.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.