Academy Pro
Medium and Hard Academy modules — Pro tier required
Module 7 · Trusts — Legacy Merger Paths
Trust types, SIDHistory attacks, cross-forest paths. Mergers leave trust relationships with security debt.
AcademyModule 8 · Kerberos Delegation Abuse
Unconstrained, constrained, RBCD. S4U2Self + S4U2Proxy, MachineAccountQuota, PetitPotam coercion.
AcademyModule 9 · Hybrid AD — On-Prem Meets Cloud
Entra Connect crown jewel, Golden SAML, Azure AD attacks, AZUREADSSOACC$ legacy, PRT theft.
AcademyModule 10 · AD Detection — What Good Looks Like
Event IDs, Sigma rules, Defender for Identity, Sentinel KQL queries. From generic SIEM to mature AD detection.
AcademyModule 6 · VPN Appliances — The Crown Jewel
Ivanti, Fortinet, Citrix, Palo Alto — every year a critical CVE. Patching speed vs attacker speed.
AcademyModule 7 · BGP, DNS, CAs — Internet-Scale Trust Failures
BGP hijack + DNS poisoning + TLS cert abuse = traffic interception at scale. Real breaches, real tools.
AcademyModule 8 · OT / ICS at the Network Layer
Stuxnet, Industroyer, Triton, Oldsmar. Why PLCs reachable from IT is catastrophic and common.
AcademyModule 9 · Wireless — The Perimeter That Moves
Evil Twin, KRACK, PMKID, rogue 802.1X, BLE. $40 of hardware extends the perimeter past the building.
AcademyModule 10 · Why Network Detection Underperforms
Encrypted traffic, volume overload, alert fatigue. Why attacker dwell time is weeks to months on average.
AcademyModule 6 · Why XSS Persists — Context Is Everything
Framework defaults cover one HTML context. Every other context — URL, CSS, JSON-in-script — is fresh attack surface.