Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Cryptography & PKI · modules
Modern crypto primitives, TLS, PKI architecture, secrets management at scale.
Module 5 · Symmetric Cryptography in Practice
Symmetric crypto is fast, ubiquitous, and routinely misused. Modes that matter AES-256-GCM — authenticated encryption with associated data; default choice ChaCha20-Poly1305 — alternative AEAD; faster on devices without AES-NI AES-CBC — legacy; no built-in auth (vulnerable to padding-oracle if MAC absent) AES-CTR — fast; needs separate MAC; nonce reuse catastrophic AES-ECB — never use; reveals […]
Module 6 · Asymmetric Cryptography
Asymmetric (public-key) crypto for digital signatures and key exchange. The choices RSA-2048 — minimum acceptable; phasing out for 4096 in regulated RSA-4096 — slow; use only when compatibility requires ECDSA P-256 — fast; smaller keys (256-bit ~ RSA-3072 strength) Ed25519 — modern; fast; safer-by-default than ECDSA X25519 — for ECDH key agreement When to use […]
Module 7 · PKI Fundamentals
PKI = the trust infrastructure for asymmetric crypto. Most engineers use it; few understand it. The components Certificate Authority (CA) — issues certs; private key very protected Certificate Signing Request (CSR) — what you submit to a CA X.509 certificate — public key + identity, signed by CA Certificate chain — your cert → intermediate […]
Module 8 · TLS Cipher Suite Selection
TLS 1.3 covered in Networking Module 10. This is the operational hardening view. The 2026 baseline TLS 1.2 + TLS 1.3 only Disable TLS 1.0, 1.1 entirely Forward-secret ciphers only (ECDHE-*) AEAD ciphers (GCM or ChaCha20-Poly1305) Strong elliptic curves (X25519, P-256, P-384) HSTS enabled Sample nginx config ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; ssl_ecdh_curve […]
Module 9 · Key Management at Scale
Crypto without good key management is decoration. Every breach has a “where did the keys live” question. The hierarchy of safety HSM (FIPS 140-3 Level 2-4) — most secure; keys never leave hardware Cloud KMS — managed; keys logically scoped; audit trails HashiCorp Vault — flexible; software-based; supports HSM backend Application-level keystore — least secure […]
Module 10 · Quantum-Safe Cryptography Readiness
Quantum computers will break RSA and elliptic curve crypto. NIST published post-quantum standards in 2024. Migration is a multi-year project. The NIST winners ML-KEM (Kyber) — key encapsulation; replaces RSA-KEM and ECDH ML-DSA (Dilithium) — digital signatures; replaces RSA-PSS, ECDSA SLH-DSA (SPHINCS+) — alternative signature; stateless hash-based FN-DSA (Falcon) — compact lattice signatures “Harvest now, […]
Module 11 · Secret Management Platforms
Module 7 (DevSecOps track) covered secret-leak prevention. This is the platform comparison. Comparison Platform Strengths Weaknesses HashiCorp Vault Open source; flexible; rich auth methods; dynamic secrets Operational complexity AWS Secrets Manager AWS-native; rotation built-in; KMS integration AWS-only; per-secret cost Azure Key Vault Azure-native Azure-only GCP Secret Manager GCP-native; simple GCP-only; fewer features Doppler Modern UX; […]
Module 12 · Hashing — Passwords & Integrity
“How do we hash passwords?” is the most-asked question. The answer evolved. 2026 password-hashing recommendations Argon2id — first choice; OWASP recommended bcrypt — second choice; widely supported scrypt — third; less library support PBKDF2 — only when FIPS 140 compliance forced NEVER — MD5, SHA-1, SHA-256/512 alone, plain hashing without salt Argon2id parameters (OWASP 2026) […]
Module 13 · TLS/PKI Incidents — What Happens When Crypto Breaks
Crypto breaks rarely; when it does, it’s catastrophic. Notable incidents DigiNotar 2011 — CA compromised; rogue certs for Google. Browser distrust = company death. Heartbleed 2014 — OpenSSL bug exposed memory to attacker. Remediation involved rotating every cert. POODLE 2014 — SSL 3.0 padding-oracle. End of SSL 3.0. Logjam 2015 — DH key-exchange weakness. End […]
Module 14 · Crypto Compliance Mapping
Auditors ask “is your encryption FIPS 140-2/3 compliant?” Industry answers vary by sector. FIPS 140 levels Level 1 — software-only crypto module; algorithms tested Level 2 — physical tamper-evidence (HSM with seal) Level 3 — physical tamper-resistance (HSM strong enclosure) Level 4 — full environmental protection (HSM with auto-zeroize) Indian sectoral requirements Sector Requirement RBI […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.