Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
OSINT for Actor Profiling
For sectoral and regional threat awareness, OSINT is invaluable. Sources Public threat reports — Mandiant, CrowdStrike, Microsoft, Recorded Future VirusTotal Intelligence — sample relationships MalwareBazaar — malware samples URLhaus, ThreatFox — abuse.ch projects Twitter/X — security researchers post real-time Telegram — actor channels (be careful) Dark web monitoring — paid services (Recorded Future, Flashpoint, KELA) […]
Mobile Pentest Reporting
OWASP MASVS (Mobile Application Security Verification Standard) is the reporting baseline. MASTG (Testing Guide) is the methodology. MASVS verification levels L1 (Standard) — basic security; suitable for most apps L2 (Defense in Depth) — for apps handling sensitive data R (Resiliency) — additional resistance to client-side attacks; for high-value targets The categories tested Architecture, design, […]
IOC Hygiene
Buying IOC feeds is the easy part. Operationalising them without false positives is the hard part. IOC lifecycle Ingest from source Score (confidence, source reputation) Enrich (WHOIS, geolocation, ASN, related campaigns) Match against telemetry Decay — IOCs age out (IPs rotate, domains expire) Retire — remove from active matching after N days Quality signals Source […]
Frida & Objection — Runtime Mobile Analysis
Frida injects JavaScript into running mobile apps. Objection wraps Frida with ready-made tools. Together: bypass any client-side check. Common bypasses # SSL pinning bypass (so Burp can intercept) objection -g com.example.app explore android sslpinning disable # Jailbreak/root detection bypass ios jailbreak disable android root disable # Hook a specific method android hooking watch class_method com.example.MyClass.checkLicense […]
Android Keystore & Secure Storage
Android Keystore generates and stores cryptographic keys in hardware (TEE / StrongBox on supported devices). Apps that store secrets correctly use it; many don’t. The hierarchy SharedPreferences — plaintext file in app sandbox. NOT secure. EncryptedSharedPreferences — wraps with key from Keystore. Standard. Keystore-bound key — never leaves hardware. Highest security. Biometric-bound key — only […]
iOS Keychain & Data Protection
iOS Keychain is hardware-backed. Data Protection classes determine when items are accessible. Data Protection classes kSecAttrAccessibleWhenUnlocked — accessible only when device unlocked. Default for new items. kSecAttrAccessibleAfterFirstUnlock — after first unlock until reboot. For background tasks. kSecAttrAccessibleAlways — anytime. AVOID; deprecated. WhenPasscodeSet variants — only if user has passcode set; deletes if passcode removed. WhenUnlockedThisDeviceOnly […]
Deep Links & URL Schemes
Deep links let other apps invoke yours. Misimplemented, they become attack vectors: open phishing pages, leak tokens, hijack flows. Two patterns Custom URL schemes (myapp://login) — any app can register; squatter wins. Insecure. Universal Links (iOS) / App Links (Android) — domain-verified via well-known file. Only your app handles the URL. App Links setup Android: […]
Runtime Tampering Detection
Many apps add “tamper detection”: Frida hook detection, jailbreak/root detection, debugger detection. Attackers bypass them all (Module 7). Why bother? Why detection still has value Raises attacker effort Generates telemetry — when an account triggers tamper detection, treat as suspicious server-side Combined with server-side enforcement, raises bar significantly What to detect Frida-server processes / TCP […]
Mobile Static Analysis — APK & IPA
Mobile pentesting starts with the binary. APK and IPA files contain code, resources, configuration, often secrets. Android — APK analysis # Extract APK apktool d app.apk -o app-extracted # Decompile to Java jadx -d output app.apk # Run automated MobSF scan docker run -p 8000:8000 opensecurity/mobile-security-framework-mobsf # Upload APK; get full report iOS — IPA […]
EDR Evasion — Defender View
Modern EDRs (CrowdStrike, SentinelOne, Defender for Endpoint, Carbon Black) hook into kernel and user space. Attackers evolved evasion. Knowing the techniques helps defenders evaluate detection coverage. Common evasion techniques Process injection variants — APC injection, atom bombing, CTRL injection, NtMapViewOfSection. Each evades signature-based hooks. AMSI bypass — disable Microsoft’s anti-malware scan interface in-process. Many published […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.