Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Attacker Mindset — Network · modules
Segmentation, Layer 2 trust, C2 evasion, Kerberos, VPN, BGP, OT, wireless — why each class of network attack persists.
Module 15 · Connection Lifecycles and Where They Leak
Connections have states: SYN_SENT, ESTABLISHED, FIN_WAIT, TIME_WAIT, CLOSE_WAIT. Each has duration; each leaks information. SYN scans use the half-open state. CLOSE_WAIT exhaustion is a DoS. TIME_WAIT-buildup limits concurrency. Connection-level information leaks: working set of source ports reveals scan patterns. RTT distribution reveals geographic location. Header field defaults reveal OS. The mindset: connection-state telemetry is forensic […]
Module 16 · Networks Fail Differently
Networks fail in five ways: complete outage, partial outage, latency increase, packet loss, partial reachability. Each masks security signals. “Latency spike for one user” might be QoS issue or might be MITM. “Partial reachability between subnets” might be misconfig or attacker-installed firewall rule. Defender must rule out malicious cause. The mindset: every “network issue” should […]
Module 17 · DNS Is Half of Every Attack
Almost no internet attack avoids DNS. C2 beacons resolve domains. Phishing links resolve domains. Exfiltration via DNS tunneling. Malware periodically refreshes domain blocks. DNS visibility = visibility into the kill chain. Yet most SOCs underuse DNS logs. The mindset: every DNS query is a behavioural signal. Detection coverage starts here.
Module 18 · Encrypted But Visible
“It’s TLS; we can’t see anything.” False. TLS reveals SNI (the host being visited). JA3 fingerprints the client. Packet sizes and timing leak content type. Connection counts reveal user behaviour. Encrypted DNS (DoH/DoT) hides query content but reveals user uses encrypted DNS. That itself is a signal. The mindset: encryption hides content, not behaviour. Detection […]
Module 19 · Reading Topology Like an Attacker
Defenders read topology as “what we built.” Attackers read it as “what paths exist.” Every line is a path. Every box is a target. The questions an attacker asks: shortest path from any DMZ host to any DC? what asset has the largest blast radius? where do trust boundaries live and where are they soft? […]
Module 20 · The Network Forensics Mindset
Network logs are evidentiary in regulator inquiries and lawsuits. They have weight when properly preserved. The discipline: timestamps in UTC, defined retention, chain of custody, immutable archive. Without these, “we have logs” doesn’t answer “can the regulator rely on them?” The mindset: every log is a future court exhibit. Build retention and integrity for that […]
Module 11 · Every Protocol Has Trust Assumptions
Every protocol — DHCP, ARP, DNS, BGP, NTP, IP, TCP — was designed for an environment with assumed cooperation. Attackers violate those assumptions. DHCP: trust whoever responds first. ARP: trust whoever claims an IP. DNS: trust whoever answers a query. BGP: trust whoever announces a route. Each assumption is a poisoning attack vector when the […]
Module 12 · Layer 3 vs Layer 7 Mindsets
Network team thinks in subnets, ACLs, firewalls — Layer 3. App team thinks in HTTP semantics, auth, business logic — Layer 7. Attackers exploit the gap. Network ACL allows port 443 from 10.0.0.0/8 to web tier. Web tier app trusts client IP from header. Internal subnet of compromised laptop hits web tier with forged X-Forwarded-For. […]
Module 13 · NAT Doesn’t Mean Safe
NAT was an addressing patch. It happens to drop unsolicited inbound packets. Many treat it as a firewall. It isn’t. NAT doesn’t inspect outbound. Compromised host phones home freely. NAT doesn’t protect peer-to-peer; UPnP / hole-punching exists. NAT doesn’t protect against same-segment attacks. The mindset: every “NAT protects us” claim should be replaced with “outbound […]
Module 14 · Cleartext Is Forever
An adversary records your encrypted traffic today. Stores it. Years later, quantum computer breaks the key exchange. Decrypts. This isn’t hypothetical. Nation-state adversaries have been recording for years. Long-lifespan secrets — IP, state secrets, banking credentials — are exposed even when transmitted over modern TLS today. The mindset: data with multi-decade sensitivity needs post-quantum protection […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.