Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Security Awareness Training
Annual click-through training is theatre. Modern awareness is continuous, simulated, measured. The programme Onboarding — security 101 within first week Quarterly refresh — short, role-specific Phishing simulation — monthly Just-in-time — real incident → relevant training Specialised tracks — engineers, finance, executives have role-specific content Tools KnowBe4 — most-used; large content library Cofense — phishing-focused […]
Strategic Threat Intelligence
Tactical TI is for SOC. Strategic TI is for executives. Different language, different cadence, different artefacts. Strategic questions Which threat actors target organisations like ours? What are their goals (extortion, espionage, disruption)? What’s their technical sophistication level? Are we more or less targeted than peers? What investments would meaningfully shift the risk? Strategic artefacts Threat […]
Red Team in Cloud
Cloud red teaming is different from AD. No NT hashes; tokens. No Kerberos; OAuth/STS. Different tools, different OPSEC. The cloud kill chain Initial credential acquisition (phishing dev for AWS keys, or compromise endpoint with cached cli credentials) Discovery — what services, what permissions Privilege escalation — IAM-misconfig paths (covered Cloud Module 8-9) Lateral movement — […]
Data Exfiltration Techniques
Data exfiltration is the goal of most non-ransomware attacks. Network defenders should know patterns. Common channels HTTPS to attacker domain — most common; blends with legit traffic HTTPS to cloud storage — Dropbox, Google Drive, AWS S3 (attacker bucket); user-agents look legitimate DNS tunneling — covered Module 9 Networking ICMP tunneling — niche but possible; […]
Red Team Reporting
The report is the deliverable. A great engagement with poor reporting fails to drive change. Three audiences Executives — what could happen; what was the impact; what investment justified Security team — TTPs used, detection gaps, recommended controls Engineering / IT — specific configurations to change, code to fix Structure Executive summary (1-2 pages) Engagement […]
Red-to-Purple Handoff
One-shot red team engagement: report → file in drawer. Purple-team handoff: report → workshop → detections built. The latter is what produces lasting improvement. The handoff workshop Red team walks through engagement chronologically For each step: blue team confirms what (if any) signal fired Where signal fired but ignored — investigate why Where no signal […]
Red Team Engagement Management
Red team is high-risk consulting. A bad engagement can crash production, leak data, breach contracts. Discipline matters. Rules of Engagement (ROE) Authorized targets and out-of-scope assets Authorized techniques and prohibited (e.g., DoS, social engineering of HR) Engagement window Stop conditions Deconfliction contacts (real production incidents vs red team) Get-out-of-jail letter Communication Trusted Agent (TA) on […]
The Pyramid of Pain
Covered briefly in Blue Team Module 6. This is the deeper dive. The pyramid Hash values — recompile, hash changes IPs — rotate infrastructure Domains — register new Network/host artefacts — User-Agent, registry keys Tools — Cobalt Strike, Mimikatz TTPs — tactics, techniques, procedures Top of pyramid = harder for attacker to change. Operational implication […]
MITRE ATT&CK in Practice
MITRE ATT&CK is the de-facto common language. Operationalising it requires discipline. The structure Tactics (14) — adversary goals (Initial Access, Execution, Persistence, etc.) Techniques (~200) — how the goal is achieved Sub-techniques — specific variants Procedures — actor-specific implementation ATT&CK Navigator Free tool for visualising layers. Use cases: Coverage map — which techniques have detections […]
STIX & TAXII Standards
STIX = data format. TAXII = transport. Together: machine-readable threat intel sharing. STIX object types Indicator (the “what to look for”) Threat Actor Campaign Intrusion Set Malware Tool Attack Pattern (= ATT&CK technique) Vulnerability (= CVE) Identity (= Victim) Relationship Why structured matters Vendor PDF report → manual extraction. Vendor STIX feed → automatic ingestion […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.