Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Cyber Threat Intelligence · modules
OSINT, ATT&CK, Pyramid of Pain, and intel-driven hunting — actionable CTI, not feed subscriptions.
Module 15 · Strategic Threat Intelligence
Tactical TI is for SOC. Strategic TI is for executives. Different language, different cadence, different artefacts. Strategic questions Which threat actors target organisations like ours? What are their goals (extortion, espionage, disruption)? What’s their technical sophistication level? Are we more or less targeted than peers? What investments would meaningfully shift the risk? Strategic artefacts Threat […]
Module 7 · MITRE ATT&CK in Practice
MITRE ATT&CK is the de-facto common language. Operationalising it requires discipline. The structure Tactics (14) — adversary goals (Initial Access, Execution, Persistence, etc.) Techniques (~200) — how the goal is achieved Sub-techniques — specific variants Procedures — actor-specific implementation ATT&CK Navigator Free tool for visualising layers. Use cases: Coverage map — which techniques have detections […]
Module 8 · STIX & TAXII Standards
STIX = data format. TAXII = transport. Together: machine-readable threat intel sharing. STIX object types Indicator (the “what to look for”) Threat Actor Campaign Intrusion Set Malware Tool Attack Pattern (= ATT&CK technique) Vulnerability (= CVE) Identity (= Victim) Relationship Why structured matters Vendor PDF report → manual extraction. Vendor STIX feed → automatic ingestion […]
Module 10 · OSINT for Actor Profiling
For sectoral and regional threat awareness, OSINT is invaluable. Sources Public threat reports — Mandiant, CrowdStrike, Microsoft, Recorded Future VirusTotal Intelligence — sample relationships MalwareBazaar — malware samples URLhaus, ThreatFox — abuse.ch projects Twitter/X — security researchers post real-time Telegram — actor channels (be careful) Dark web monitoring — paid services (Recorded Future, Flashpoint, KELA) […]
Module 11 · IOC Hygiene
Buying IOC feeds is the easy part. Operationalising them without false positives is the hard part. IOC lifecycle Ingest from source Score (confidence, source reputation) Enrich (WHOIS, geolocation, ASN, related campaigns) Match against telemetry Decay — IOCs age out (IPs rotate, domains expire) Retire — remove from active matching after N days Quality signals Source […]
Module 12 · Deception Technology
Deception is high-fidelity threat detection: legitimate users don’t touch decoys, so any touch = malicious. Three patterns Honeypots — fake systems (servers, databases). Real protocol; fake content. T-Pot, Cowrie. Honeytokens — fake credentials, fake API keys. Trigger alert on use. Canary tokens — Thinkst Canary; lightweight tokens that fire on access. Practical deployment Honey AD […]
Module 14 · Continuous Threat Intel Workflow
Most Indian organisations don’t have dedicated CTI teams. But you can run a 1-person / 0.5-FTE program effectively. The cadence Daily (15-30 min) — skim Twitter/X security feed; check threat-feed updates; review SIEM enrichments Weekly (2 hours) — read 2-3 vendor reports; update threat-actor watchlist; brief SOC on changes Monthly (half day) — assessment review, […]
Module 2 · OSINT Collection for CTI
Search operators, Shodan, Censys, subdomain enumeration, GitHub dorking, dark-web research, tradecraft OpSec.
Module 3 · Pyramid of Pain & IOC Lifecycle
Bianco's Pyramid of Pain, IOC lifecycle, 90-day rule, TTP-focused detection priorities.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.