Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Attacker Mindset — Cloud · modules
Shared responsibility reality, IAM sprawl, metadata endpoints, K8s + serverless + supply chain, data exposure, cloud-specific detection.
Module 19 · Cloud Audit Trail Forensics
Cloud audit logs are richer than on-prem. Every API call. Identity, source, resource, action. With CloudTrail Lake or BigQuery, queryable for years. Forensic discipline: log to a separate logging account. Object Lock on the bucket. Cross-region replication. Otherwise: attacker disables logging early in attack. The mindset: cloud audit logs deserve their own account, their own […]
Module 20 · Cost as Security Signal
Cost anomaly: 10x normal compute spend overnight. Could be: new feature launched. Could be: crypto mining instance spun up by attacker. The cost-anomaly alert is a security signal in disguise. AWS Cost Anomaly Detection, Azure Cost Anomaly, GCP recommendations all available. The mindset: integrate billing alerts with security ops. Unusual cost = investigate, don’t just […]
Module 12 · Every Cloud Service Has an IAM Trap
AWS has 300+ services. Each has actions. Combinations create privilege escalation. iam:PassRole + ec2:RunInstances + the right role = root access. “Innocent” permissions combine into catastrophic ones. Tools like Cloudsplaining map them. The mindset: never grant broad permissions. Grant specific actions on specific resources. Audit combinations periodically.
Module 13 · Region Isolation Is a Trust Decision
AWS regions are physically separate data centres. But your IAM is global. A user with ec2:* permission has it in every region. Attackers spin up instances in regions you don’t monitor. Crypto mining in ap-east-1 while you watch us-east-1. The mindset: enabled regions = monitored regions. Org policy: SCP that denies actions in unused regions.
Module 14 · Console vs API Visibility Gap
AWS console shows curated views. Some resources only visible via API. Some metadata not in console. Attackers operate via API. They see what console hides. Defender visibility gap. The mindset: audit via Config Rules / Cloud Asset Inventory, not console clicks. The console is for humans; the API is for completeness.
Module 15 · Account Boundaries Are Negotiable
“Account boundaries protect us.” They do — until you create cross-account roles. Or federate identity. Or assume a role for a SaaS vendor. Each is a hole in the boundary. Each requires explicit authorisation. Most enterprises grant; few audit. The mindset: account boundary = sum of cross-account access. Inventory + audit quarterly.
Module 16 · IAM Policies Are Contracts
An IAM policy is a contract. Effect: Allow on Action: * is a blank-cheque clause. Resource: * with NotAction negation is a “everything except” clause. Attackers read policies as contracts. Find the over-broad clauses. Exploit. The mindset: review IAM policies like legal contracts. What’s allowed? What’s explicitly denied? What’s implicitly allowed?
Module 17 · Cloud Logs Have Detection Gaps
CloudTrail records management plane by default. Data plane (S3 reads) requires explicit data events. Most teams skip it for cost. Result: attacker reads sensitive S3 buckets; no log entry. Defender has no evidence post-breach. The mindset: enabling all logs is expensive. Enabling none is more expensive. Tier by sensitivity.
Module 18 · The Tenant-of-One Assumption
Multi-tenant cloud: same physical hardware, different tenants. Side channels exist. Cross-tenant attacks researched (Spectre/Meltdown class). Most are theoretical or patched. Some succeed. The assumption “I’m the only tenant on this VM” is wrong; the assumption “tenant boundary is impervious” is sometimes wrong. The mindset: high-stakes workloads → confidential computing or single-tenant variants where available.
Module 11 · The Shared-Responsibility Asymmetry
AWS shared-responsibility model: AWS handles “security of the cloud.” You handle “security in the cloud.” Clear chart. What’s missing: the gap. You assume AWS handles X. AWS assumes you handle X. X is unhandled. Examples: instance metadata visible to anyone on the VM. AWS made it work; you must restrict it. The mindset: read both […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.