Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Windows Hardening — GPO Baseline
Microsoft publishes Security Baselines for Windows Server and Windows 10/11. Adoption rate in Indian enterprises: low. The Microsoft Security Baseline Free GPO templates from Microsoft. Includes 200+ settings tuned for security. Apply via Group Policy or Intune. High-impact specific settings Credential Guard on Windows 10/11/Server 2019+ Application Control (WDAC) / AppLocker BitLocker with TPM + […]
EDR Evasion — Defender View
Modern EDRs (CrowdStrike, SentinelOne, Defender for Endpoint, Carbon Black) hook into kernel and user space. Attackers evolved evasion. Knowing the techniques helps defenders evaluate detection coverage. Common evasion techniques Process injection variants — APC injection, atom bombing, CTRL injection, NtMapViewOfSection. Each evades signature-based hooks. AMSI bypass — disable Microsoft’s anti-malware scan interface in-process. Many published […]
macOS Security in Enterprise
macOS isn’t niche anymore. Most Indian SaaS startups have 30-50% Macs. Security model differs from Windows. Native protections Gatekeeper — only signed/notarised apps run by default XProtect — Apple’s anti-malware System Integrity Protection (SIP) — even root can’t modify protected paths FileVault — full-disk encryption App Sandbox + Hardened Runtime — for App Store apps […]
Disaster Recovery — RTO, RPO, Tabletop
Backups are the last line. They are also the prime target — modern ransomware encrypts backups before triggering payload. DR design must assume backups are attacker-accessible. RTO and RPO defined RTO (Recovery Time Objective) — how long you can be down RPO (Recovery Point Objective) — how much data you can lose Per-system RTO/RPO. Critical: […]
Vulnerability Management Programme
Module 13 (DevSecOps) covered triage. This module is the program around it. Programme components Asset inventory — what to scan; tagged with owner, criticality Scanning cadence — Tenable / Qualys / Rapid7 weekly for infrastructure; daily for cloud (CSPM) Triage process — EPSS + KEV + reachability Patch SLAs — by criticality and exposure Exception […]
Zero Trust Architecture
Zero trust is a posture, not a product. Module 16 (Cloud track) covered ZTNA specifically. This module is the architectural view. The seven pillars (NIST) User/identity Device Network/environment Application/workload Data Visibility/analytics Automation/orchestration Core principles Never trust; always verify Assume breach Least privilege Continuous verification Phased rollout (24-36 months realistic) Identity — strong IdP, MFA, conditional […]
Asset Inventory at Scale
Asset inventory is the unsexy foundation of every other security control. Without it, vuln management, IR, audit response all fail. What “asset” means in 2026 Physical and virtual servers Endpoints (laptops, desktops) Mobile devices Cloud accounts, projects, subscriptions Cloud resources (instances, storage, databases, functions) Containers and Kubernetes workloads Internet-exposed services (per Module 6, API track) […]
Business Continuity Planning
BCP > DR. Disaster Recovery is the IT subset of Business Continuity. BCP includes processes, people, vendors, communications. Business Impact Analysis (BIA) Per business process: how long can it be down? What’s the financial / reputational / regulatory impact? Who depends on it? BCP components Crisis management team — named individuals, alternates, comms plan Critical […]
EvilGinx — Modern Phishing
For defensive understanding only. Don’t deploy without clear authorisation. EvilGinx is the proof that “MFA stops phishing” was true in 2018, false by 2024. How proxy phishing works Attacker hosts EvilGinx with a phishlet for the target service (Microsoft, Google, etc.). EvilGinx is a transparent reverse proxy: requests come in, get forwarded to legitimate service, […]
sqlmap — Automated SQL Injection
Why this module. sqlmap automates 80% of SQLi work. Mastering it means going from “I think this is injectable” to “here’s the database dump” in 15 minutes. The base workflow # Detect sqlmap -u "https://target.com/page?id=1" --batch --level=3 --risk=2 # Confirm with banner sqlmap -u "https://target.com/page?id=1" --batch --banner # Enumerate sqlmap -u "https://target.com/page?id=1" --batch --dbs sqlmap […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.