Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Data Exfiltration Techniques
Data exfiltration is the goal of most non-ransomware attacks. Network defenders should know patterns. Common channels HTTPS to attacker domain — most common; blends with legit traffic HTTPS to cloud storage — Dropbox, Google Drive, AWS S3 (attacker bucket); user-agents look legitimate DNS tunneling — covered Module 9 Networking ICMP tunneling — niche but possible; […]
Red Team Reporting
The report is the deliverable. A great engagement with poor reporting fails to drive change. Three audiences Executives — what could happen; what was the impact; what investment justified Security team — TTPs used, detection gaps, recommended controls Engineering / IT — specific configurations to change, code to fix Structure Executive summary (1-2 pages) Engagement […]
Red-to-Purple Handoff
One-shot red team engagement: report → file in drawer. Purple-team handoff: report → workshop → detections built. The latter is what produces lasting improvement. The handoff workshop Red team walks through engagement chronologically For each step: blue team confirms what (if any) signal fired Where signal fired but ignored — investigate why Where no signal […]
Red Team Engagement Management
Red team is high-risk consulting. A bad engagement can crash production, leak data, breach contracts. Discipline matters. Rules of Engagement (ROE) Authorized targets and out-of-scope assets Authorized techniques and prohibited (e.g., DoS, social engineering of HR) Engagement window Stop conditions Deconfliction contacts (real production incidents vs red team) Get-out-of-jail letter Communication Trusted Agent (TA) on […]
The Pyramid of Pain
Covered briefly in Blue Team Module 6. This is the deeper dive. The pyramid Hash values — recompile, hash changes IPs — rotate infrastructure Domains — register new Network/host artefacts — User-Agent, registry keys Tools — Cobalt Strike, Mimikatz TTPs — tactics, techniques, procedures Top of pyramid = harder for attacker to change. Operational implication […]
MITRE ATT&CK in Practice
MITRE ATT&CK is the de-facto common language. Operationalising it requires discipline. The structure Tactics (14) — adversary goals (Initial Access, Execution, Persistence, etc.) Techniques (~200) — how the goal is achieved Sub-techniques — specific variants Procedures — actor-specific implementation ATT&CK Navigator Free tool for visualising layers. Use cases: Coverage map — which techniques have detections […]
STIX & TAXII Standards
STIX = data format. TAXII = transport. Together: machine-readable threat intel sharing. STIX object types Indicator (the “what to look for”) Threat Actor Campaign Intrusion Set Malware Tool Attack Pattern (= ATT&CK technique) Vulnerability (= CVE) Identity (= Victim) Relationship Why structured matters Vendor PDF report → manual extraction. Vendor STIX feed → automatic ingestion […]
Android Permission Model
Android 6.0+ introduced runtime permissions. Android 11+ added more restrictions. Mobile pentesters check permission patterns; defenders limit ask. The categories Normal — auto-granted (network, vibrate) Dangerous — runtime permission required (location, camera, contacts) Signature — only granted to apps signed with same cert as system Special — Settings opt-in (overlay, accessibility, device admin) What pentesters […]
Attribution Methodology
“Who did this?” is often the wrong question. Attribution is hard, slow, and often inconclusive. Defenders mostly need TTP-level intel, not actor identity. The Diamond Model Four vertices of an intrusion analysis: Adversary — who Capability — what tools, what TTPs Infrastructure — what domains, IPs, code-signing certs Victim — who/what was targeted Pivot between […]
Mobile Malware Analysis Workflow
Indian users are targeted by mobile banking trojans regularly. Defenders need to understand the patterns. Common Android malware patterns Accessibility service abuse — read screen, autofill credentials, dismiss prompts SMS interception — intercept OTPs from banks Overlay attacks — display fake login screen on top of legitimate banking app Notification listening — read notifications including […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.