Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Adversarial Examples — FGSM, PGD, Transfer Attacks (Image and Text)
A 0.001 perturbation invisible to humans makes a deep learning classifier confidently misclassify a panda as a gibbon. This 2014 demonstration started the adversarial ML field. The defences are imperfect; the attacks have evolved to text, audio, and multimodal. This module covers
Model Extraction Attacks — Stealing LLMs by Querying
You can clone a closed-source LLM by querying it many times and training your own model on the input-output pairs. Researchers showed it works against GPT-3.5 with $50K of API credits. Defences include watermarking (statistical fingerprints in outputs), query rate limits, and con
Cloud Audit Trail Forensics
Cloud audit logs are richer than on-prem. Every API call. Identity, source, resource, action. With CloudTrail Lake or BigQuery, queryable for years. Forensic discipline: log to a separate logging account. Object Lock on the bucket. Cross-region replication. Otherwise: attacker disables logging early in attack. The mindset: cloud audit logs deserve their own account, their own […]
Cost as Security Signal
Cost anomaly: 10x normal compute spend overnight. Could be: new feature launched. Could be: crypto mining instance spun up by attacker. The cost-anomaly alert is a security signal in disguise. AWS Cost Anomaly Detection, Azure Cost Anomaly, GCP recommendations all available. The mindset: integrate billing alerts with security ops. Unusual cost = investigate, don’t just […]
The Network Forensics Mindset
Network logs are evidentiary in regulator inquiries and lawsuits. They have weight when properly preserved. The discipline: timestamps in UTC, defined retention, chain of custody, immutable archive. Without these, “we have logs” doesn’t answer “can the regulator rely on them?” The mindset: every log is a future court exhibit. Build retention and integrity for that […]
IAM Policies Are Contracts
An IAM policy is a contract. Effect: Allow on Action: * is a blank-cheque clause. Resource: * with NotAction negation is a “everything except” clause. Attackers read policies as contracts. Find the over-broad clauses. Exploit. The mindset: review IAM policies like legal contracts. What’s allowed? What’s explicitly denied? What’s implicitly allowed?
The Implicit Trust of AD
Active Directory assumes a cooperative environment. Members trust each other. Domain controllers trust members. Trusts between domains assumed friendly. Every “feature” — Kerberos delegation, ACL inheritance, group nesting — is a cooperation primitive. Each is exploitable when the cooperation assumption fails. The mindset: AD’s features are its attack surface. Each was designed for ease, not […]
Cloud Logs Have Detection Gaps
CloudTrail records management plane by default. Data plane (S3 reads) requires explicit data events. Most teams skip it for cost. Result: attacker reads sensitive S3 buckets; no log entry. Defender has no evidence post-breach. The mindset: enabling all logs is expensive. Enabling none is more expensive. Tier by sensitivity.
Service Accounts Outlive Their Purpose
Service accounts get created. They stay forever. The original requester left in 2019. The service was decommissioned in 2021. The account remains, with the same permissions, the same password. Audit reveals: 30-50% of high-priv service accounts have no current owner. 20%+ haven’t had password change in 5+ years. The mindset: service accounts need lifecycle. Ownership, […]
The Tenant-of-One Assumption
Multi-tenant cloud: same physical hardware, different tenants. Side channels exist. Cross-tenant attacks researched (Spectre/Meltdown class). Most are theoretical or patched. Some succeed. The assumption “I’m the only tenant on this VM” is wrong; the assumption “tenant boundary is impervious” is sometimes wrong. The mindset: high-stakes workloads → confidential computing or single-tenant variants where available.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.