Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Ethical Hacking Tools · modules
The tools every pen-tester uses daily. Nmap to Mimikatz with hands-on workflow.
Sliver C2 Operator Guide — Implants, Transports, OPSEC, and the Detection Patterns Blue Teams Should Hunt
Sliver is the open-source post-Cobalt-Strike C2 framework — accessible to Indian red teams without licensing barriers, and the most-abused C2 after CS itself. Architecture, implant generation, transport choices, OPSEC patterns, and the defender-side hunt queries that actually catch it.
Burp Suite Pro 2026 — Five Production Bambdas and Three Custom BChecks (Paste-Ready)
Burp Bambdas (per-request JavaScript) and BChecks (YAML scanner checks) are the highest-leverage features in Burp Pro 2026. Five paste-ready Bambdas (sensitive data, JWT alg-none, parameter pollution) and three BChecks (open redirect, IDOR, CORS) for your next engagement.
Caido for Web Pentest — A Modern Alternative to Burp Suite Pro (Hands-On Walkthrough)
Caido is the first credible challenger to Burp Suite Pro — Rust-built, web UI, multi-tester collaboration. Architecture comparison, workflow-by-workflow analysis of where Caido beats Burp and where Burp still wins, and a 4-week migration plan for Indian pentest teams.
Module 15 · Cobalt Strike — Defender Perspective
Cobalt Strike is the most-used commercial C2 framework — by red teams and by the most ransomware operators. Defenders must know its capabilities and detection signals. Capabilities Beacon — implant; supports HTTP, HTTPS, DNS, SMB pipe Malleable C2 — operator customises traffic profile (mimic Outlook, Slack, etc.) Pivoting — beacon-to-beacon over SMB Built-in tools — […]
Module 7 · sqlmap — Automated SQL Injection
Why this module. sqlmap automates 80% of SQLi work. Mastering it means going from “I think this is injectable” to “here’s the database dump” in 15 minutes. The base workflow # Detect sqlmap -u "https://target.com/page?id=1" --batch --level=3 --risk=2 # Confirm with banner sqlmap -u "https://target.com/page?id=1" --batch --banner # Enumerate sqlmap -u "https://target.com/page?id=1" --batch --dbs sqlmap […]
Module 8 · John & Hashcat — Cracking Workflow
Why this module. Cracked hashes power lateral movement. Knowing how to crack quickly turns a low-impact LSASS dump into a Domain Admin compromise. Identify the hash hashid 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0' # Output: NTLM Hashcat modes (the ones you need) Mode Hash 0 MD5 100 SHA1 1000 NTLM 5500 NetNTLMv1 5600 NetNTLMv2 1800 sha512crypt (Linux) 13100 Kerberos 5 […]
Module 9 · Impacket — The Swiss Army Knife
Python toolkit for SMB/MSRPC/Kerberos. Used in nearly every AD pentest. Top scripts secretsdump.py — dump SAM, LSA, NTDS psexec.py / smbexec.py / wmiexec.py — remote command execution GetUserSPNs.py — Kerberoasting GetNPUsers.py — AS-REP roasting ntlmrelayx.py — NTLM relay attacks ticketer.py — forge Kerberos tickets (Golden/Silver) addcomputer.py — create computer accounts (RBCD) rbcd.py — Resource-Based Constrained […]
Module 10 · CrackMapExec / NetExec
CrackMapExec (now NetExec / nxc) is the parallel-executor that makes Impacket scriptable across hundreds of hosts. Workflow # Enumerate SMB hosts nxc smb 10.0.0.0/24 # Test credentials across the subnet nxc smb 10.0.0.0/24 -u alice -p 'Password@2026' --continue-on-success # Pass-the-hash nxc smb 10.0.0.0/24 -u admin -H aad3b435b51404ee...:31d6cfe... # Once you have admin somewhere nxc smb […]
Module 11 · Responder & MITM6
Most internal pentests start with passive listening. Responder + MITM6 capture authentication attempts and convert them to crackable hashes. Responder — LLMNR/NBT-NS poisoning When Windows can’t resolve a name via DNS, it falls back to LLMNR/NBT-NS broadcasts. Responder answers them, claiming to be the target. Victim authenticates to Responder; NetNTLMv2 hashes captured. sudo responder -I […]
Module 12 · BloodHound — Operator Guide
Module 3 (AD track) and Module 174 covered BloodHound conceptually. This is the operator manual. Collection # SharpHound from Windows (any domain user) SharpHound.exe -c All # bloodhound-python from Linux bloodhound-python -u alice -p 'Pass' -d corp.local -ns 10.0.0.10 -c all # AzureHound for Entra ID azurehound list -o azure-data.json Cypher queries that matter # […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.