Cybersecurity, learned like a practitioner.

24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.

24
Learning paths
398+
Live modules
0
You've completed
Free
Your tier
Browse the academy

Latest modules

Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.

538 results · Page 29/54
Ethical Hacking Tools Intermediate Free

John & Hashcat — Cracking Workflow

Why this module. Cracked hashes power lateral movement. Knowing how to crack quickly turns a low-impact LSASS dump into a Domain Admin compromise. Identify the hash hashid 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0' # Output: NTLM Hashcat modes (the ones you need) Mode Hash 0 MD5 100 SHA1 1000 NTLM 5500 NetNTLMv1 5600 NetNTLMv2 1800 sha512crypt (Linux) 13100 Kerberos 5 […]

Apr 27, 2026 25 min Open
Ethical Hacking Tools Advanced Free

Impacket — The Swiss Army Knife

Python toolkit for SMB/MSRPC/Kerberos. Used in nearly every AD pentest. Top scripts secretsdump.py — dump SAM, LSA, NTDS psexec.py / smbexec.py / wmiexec.py — remote command execution GetUserSPNs.py — Kerberoasting GetNPUsers.py — AS-REP roasting ntlmrelayx.py — NTLM relay attacks ticketer.py — forge Kerberos tickets (Golden/Silver) addcomputer.py — create computer accounts (RBCD) rbcd.py — Resource-Based Constrained […]

Apr 27, 2026 25 min Open
Ethical Hacking Tools Intermediate Free

CrackMapExec / NetExec

CrackMapExec (now NetExec / nxc) is the parallel-executor that makes Impacket scriptable across hundreds of hosts. Workflow # Enumerate SMB hosts nxc smb 10.0.0.0/24 # Test credentials across the subnet nxc smb 10.0.0.0/24 -u alice -p 'Password@2026' --continue-on-success # Pass-the-hash nxc smb 10.0.0.0/24 -u admin -H aad3b435b51404ee...:31d6cfe... # Once you have admin somewhere nxc smb […]

Apr 27, 2026 20 min Open
Ethical Hacking Tools Advanced Free

Responder & MITM6

Most internal pentests start with passive listening. Responder + MITM6 capture authentication attempts and convert them to crackable hashes. Responder — LLMNR/NBT-NS poisoning When Windows can’t resolve a name via DNS, it falls back to LLMNR/NBT-NS broadcasts. Responder answers them, claiming to be the target. Victim authenticates to Responder; NetNTLMv2 hashes captured. sudo responder -I […]

Apr 27, 2026 20 min Open
Ethical Hacking Tools Advanced Free

BloodHound — Operator Guide

Module 3 (AD track) and Module 174 covered BloodHound conceptually. This is the operator manual. Collection # SharpHound from Windows (any domain user) SharpHound.exe -c All # bloodhound-python from Linux bloodhound-python -u alice -p 'Pass' -d corp.local -ns 10.0.0.10 -c all # AzureHound for Entra ID azurehound list -o azure-data.json Cypher queries that matter # […]

Apr 27, 2026 25 min Open
Ethical Hacking Tools Beginner Free

OSINT & External Recon

Recon is the cheapest, highest-yield phase of any engagement. Tools that pay back the time investment. Subdomain enumeration # Passive (no traffic to target) subfinder -d target.com -all -silent amass enum -passive -d target.com crt.sh search ("%.target.com") # Active (more thorough) amass enum -active -d target.com ffuf -w subdomains.txt -u https://FUZZ.target.com Search engines for hackers […]

Apr 27, 2026 20 min Open
API Security Deep Dive Advanced Free

API Penetration Testing Methodology

Why this module. API pentesting is different from web app pentesting. Less UI, more state, more business logic. The OWASP API Top 10 maps the bug classes; this module is the methodology to find them. The phases Enumeration — find every endpoint. OpenAPI specs, browser inspection, app traffic captures, mobile app reverse engineering. Auth model […]

Apr 27, 2026 30 min Open
API Security Deep Dive Intermediate Free

API DDoS & Bot Mitigation

Why this module. APIs are bot magnets. Credential stuffing against /login, scraping of /products, account creation abuse, comment spam. Volumetric DDoS is solved at the edge; L7 abuse is a per-API battle. Bot patterns by endpoint /login — credential stuffing, brute force /signup — fake account creation for fraud / spam /api/search — scraping / […]

Apr 27, 2026 25 min Open
API Security Deep Dive Advanced Free

API Security in Microservices Mesh

Why this module. Most API-security advice covers north-south (internet to API). In microservices, east-west traffic (service to service) is 10x more volume and often less protected. Compromise one service, lateral movement to others. The trust model that fails “Internal services trust each other; auth happens at the edge.” Once an attacker is inside (via vuln […]

Apr 27, 2026 30 min Open
API Security Deep Dive Intermediate Free

API Versioning & Deprecation Security

Why this module. Old API versions are where security debt accumulates. v1 was insecure by 2019 standards; it’s still serving 5% of traffic in 2026 because retiring it requires customer coordination. Most teams underestimate the security cost of supporting old versions. Versioning patterns URL versioning — /v1/users vs /v2/users. Visible, easy to route. Most common. […]

Apr 27, 2026 20 min Open
02 / Why learn here

Practitioners who've
shipped the controls.

Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.

Why learn here

01

Practitioner-written.

Each lesson is authored by someone who has shipped the control or run the engagement in production.

02

Quiz after every module.

20+ questions with explanations. 70%+ to mark complete. Unlimited retries.

03

Progress tracked.

Completions, scores and streaks saved automatically. Resume exactly where you left off.

04

India-priced.

Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.

Pick a path, get to work.

Browse all 398 modules View skill map