Academy Basic
Intermediate Academy modules — Basic tier required (₹499/month)
Module 4 · Cross-Account Trust Attacks
Overly broad Principal, confused deputy, External ID, Azure Lighthouse. MSSP compromise cascades.
AcademyModule 8 · Public Data Stores — The Classic
Public S3, open GCS, anonymous Azure Blob. Continues in 2026 despite a decade of awareness.
AcademyModule 2 · AD Enumeration — Seeing Everything
BloodHound, SharpHound, Impacket, CrackMapExec, PowerView. Any authenticated user sees the whole directory.
AcademyModule 3 · BloodHound — Graph Theory Meets AD
Edges, queries, custom Cypher. Why BloodHound changed offensive AD since 2017.
AcademyModule 4 · AD ACL Abuse — Twenty Years of Accumulated Trust
GenericAll, GenericWrite, WriteDacl, AddMember, ForceChangePassword. Delegation sprawl = privilege escalation.
AcademyModule 5 · Group Policy Preferences — The Gift That Keeps Giving
cPassword in SYSVOL still found in 2026. MS14-025 didn't remove legacy files. Plus SYSVOL credential hunting.
AcademyModule 5 · SSH, RDP, SMB, WinRM — The Lateral Movement Highway
Every enterprise's admin protocols are attackers' rails. Credential reuse + cached credentials = fast compromise.
AcademyModule 2 · Layer 2/3 Trust — ARP, DNS, LLMNR Poisoning
Responder, mitm6, NTLM relay. Protocols designed in 1990 still farming credentials in 2026.
AcademyModule 3 · Why Firewalls Miss Modern C2
HTTPS C2, DNS tunneling, DoH, domain fronting, living-off-the-cloud — attackers use permitted traffic for everything.
AcademyModule 4 · Why Kerberos Keeps Producing Attacks
Kerberoasting, AS-REP, Golden Tickets, Silver Tickets, delegation abuse. Not bugs — design features in a new threat model.