Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Red Team Operations · modules
Adversary simulation: initial access, C2, lateral movement, and defeating modern EDR.
Module 20 · Initial Access — Modern Techniques in 2026
The initial-access categories Phishing: targeted email with malicious link or attachment. Valid accounts: stolen / purchased credentials; password spray. Exposed services: VPN, RDP, web-app vulnerabilities. Supply chain: compromise a vendor; reach the target. Drive-by compromise: malicious website; user visits and is compromised. Removable media: USB drops, infected media. Modern phishing — beyond Office macros Microsoft […]
Module 19 · Living-off-the-Land Binaries (LOLBins) Mastery
Why LOLBins matter Binary is signed by Microsoft — passes signature checks. Binary is present on every Windows host — no payload to drop. Binary’s normal use is legitimate — context-aware detection required. Operators chain LOLBins to perform attacker workflows entirely with native tools. The LOLBAS project LOLBAS (lolbas-project.github.io) is the community-maintained catalogue of LOLBins, […]
Module 17 · Beyond Cobalt Strike — Sliver, Mythic, Brute Ratel, Havoc
The C2 landscape Framework Licence Notes Cobalt Strike Commercial (Fortra) Industry standard; highly detected Sliver Open-source (Bishop Fox) Go-based; mTLS / DNS / WireGuard transport Mythic Open-source Modular agent framework; multiple agents Brute Ratel Commercial Newer; modern evasion features Empire / Starkiller Open-source PowerShell-centric; widely detected Havoc Open-source Modern; community-active Why teams move beyond Cobalt […]
Module 18 · EDR Evasion in 2026
The EDR detection stack User-mode hooks: EDR hooks key API calls (CreateRemoteThread, NtMapViewOfSection, etc.) to inspect arguments. Kernel-mode callbacks: PsSetCreateProcessNotifyRoutine, PsSetCreateThreadNotifyRoutine notify EDR of process / thread events. ETW (Event Tracing for Windows): provides telemetry stream EDR consumes. AMSI: Antimalware Scan Interface; PowerShell / WSH content sent to AV for inspection. File-based scanning: classic signature […]
Module 16 · Adversary Emulation Plans — TTPs from Threat Intel to Engagement
Why emulate vs. just pentest Generic pentests find generic findings. Adversary emulation tests whether you can withstand the specific groups that target your industry / geography: APT29 / Cozy Bear for government / defence. FIN7 / FIN8 for retail / hospitality. APT41 for telecom and travel. Specific groups targeting Indian financial sector. The sources MITRE […]
Module 6 · Red Team — External Recon
Red team engagements start with weeks of recon before any technical action. Quality of recon determines success of later phases. Reconnaissance phases Organizational — leadership, departments, sites, M&A history Technical — domains, IP ranges, technology stack, SaaS used Personnel — names, roles, emails, social-media patterns Physical — office locations, vendor relationships Tools by phase Already […]
Module 7 · Red Team Payload Development
Defender perspective on red-team payload development. Modern AV/EDR catches commodity payloads; serious red teams build custom. Layers of evasion Loader — small program that decrypts/decompresses real payload Shellcode encoding — XOR, custom crypto, polymorphism API resolution at runtime — don’t import suspicious functions in IAT Sleep + jitter — long sleeps between actions to defeat […]
Module 8 · Persistence Techniques
MITRE ATT&CK lists 30+ persistence techniques. The 10 most-used cover 80% of real-world cases. Top techniques Run keys — HKCU/HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services — create new service or hijack existing Scheduled tasks — schtasks; survives reboot WMI event subscription — fires on conditions COM hijacking — replace InProcServer32 entries Office Test path — DLLs loaded by Office […]
Module 10 · Red Team in AD
The complete red-team AD chain. Modules 8-17 in AD track covered individual techniques; this is operator playbook. Path planning Initial access (phish, web exploit, valid creds) Local recon (BloodHound from compromised host) Identify shortest path to DA Choose technique per step (Kerberoast → DCSync, or RBCD → ticket forge) Execute with OPSEC (silent EDR-evasive techniques) […]
Module 11 · Red Team in Cloud
Cloud red teaming is different from AD. No NT hashes; tokens. No Kerberos; OAuth/STS. Different tools, different OPSEC. The cloud kill chain Initial credential acquisition (phishing dev for AWS keys, or compromise endpoint with cached cli credentials) Discovery — what services, what permissions Privilege escalation — IAM-misconfig paths (covered Cloud Module 8-9) Lateral movement — […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.