Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
IoT & OT Security · modules
Connected devices and industrial control systems. Hardware, firmware, ICS protocols, safe OT testing.
Module 7 · OT Network Monitoring
Active scanning breaks OT — even an Nmap can crash a PLC. Passive monitoring is the norm. Tools Claroty CTD — top-tier; Indian energy sector adoption Nozomi Networks — competitor Dragos Platform — industrial-control-specific Open source — Zeek with industrial parsers Detection patterns Unauthorised PLC programming (write to coil/register) HMI talking to non-PLC destinations Firmware […]
Module 9 · IoT Firmware Analysis
IoT pentesting often starts with firmware. Extract, analyse, find vulns offline. Workflow # Identify firmware structure binwalk firmware.bin binwalk -e firmware.bin # extract everything # If squashfs / cpio extracted ls _firmware.bin.extracted/ # Look for /etc/passwd, /etc/shadow, /www/, hardcoded secrets # Static analysis on binaries ghidra (or radare2) # Emulate qemu-system-arm -kernel kernel.bin firmadyne / […]
Module 10 · Bluetooth & Zigbee Security
Wireless protocols for IoT have specific attack surfaces. BLE Pairing modes: Just Works (no auth), Passkey, OOB Many devices use Just Works (vulnerable to MITM during pairing) Tools: Ubertooth, BTLEjuice, Sniffle, ESP32-based Zigbee / Z-Wave Network keys; if leaked once during initial pairing, devices vulnerable forever Tools: KillerBee, Z-Wave Hacking Toolkit Common findings Smart locks […]
Module 11 · ICS Threat Actors
ICS attacks have public-policy gravity. Each provides defender learning. The big incidents Stuxnet (2010) — Iranian nuclear centrifuges; multi-stage; PLC manipulation BlackEnergy / Industroyer (2015-16) — Ukraine power grid; substations TRITON / TRISIS (2017) — Saudi petrochemical; targeted safety systems Colonial Pipeline (2021) — IT-side ransomware; OT shutdown precautionary Pipedream / Incontroller (2022) — modular […]
Module 12 · OT Incident Response
OT IR differs from IT IR. Safety supersedes investigation. Containment can mean physical action, not just network isolation. Differences Safety first; never an action that endangers people or environment Operations team has veto on technical decisions Evidence preservation often impossible (PLCs don’t log; HMI logs sparse) System restoration may require physical access Recovery from backup […]
Module 13 · IoT Supply Chain Risk
IoT devices ship with security debt. Default creds, no update mechanism, hardcoded keys. Supply chain compounds it. Issues Default credentials never changed (Mirai botnet exploited this) No firmware updates after sale (10-year-old vulns active) Hardcoded private keys discovered post-shipment Foreign-manufacture concerns (geopolitical) Recycled chips with unknown firmware Indian regulatory environment 2022 CERT-In Direction requires equipment […]
Module 14 · IoT Cloud Integration Security
Modern IoT goes cloud. Cloud security + IoT security overlap. Patterns Device identity — per-device X.509 cert (best); shared key (acceptable); password (avoid) MQTT over TLS — standard transport Device shadows — last-known state for offline devices OTA updates — signed firmware; A/B partition for rollback Cloud-specific AWS IoT Core — most mature; per-device certs; […]
Module 15 · IoT Penetration Testing Methodology
IoT pentesting spans more layers than typical web. Methodology to cover all of them. Phases Reconnaissance — manuals, FCC IDs, FCC database, related devices Hardware — open device, identify chips, find debug ports (UART, JTAG) Firmware extraction — flash dump, firmware update interception, OTA capture Firmware analysis — Module 9 above Wireless — Wi-Fi, BLE, […]
Module 8 · Purdue Model & ICS Architecture
Purdue Model = standard reference architecture for ICS networks. Six levels of segmentation. Levels Level 0 — physical process (sensors, actuators) Level 1 — basic control (PLCs, RTUs) Level 2 — area supervision (HMIs, historians) Level 3 — site operations (MES, plant historians) Level 3.5 — DMZ between OT and IT Level 4-5 — corporate […]
Module 6 · IoT Protocols — MQTT, CoAP, Modbus
IoT/OT runs on protocols designed for constrained devices, often without security as primary concern. The big four MQTT — pub/sub for IoT. Default no auth; if auth, often password in plaintext. TLS optional. CoAP — HTTP-like for constrained devices. UDP-based; DTLS optional. Modbus — industrial. No auth. No encryption. Designed 1979. BACnet — building automation. […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.