Courses

A ground-up course on how computer networks work. Covers everything from what a packet is to how the internet routes traffic across continents. You'll learn TCP/IP, subnetting, DNS, routing, switching, and the protocols behind every networked application. Includes hands-on labs with Wireshark, Python socket programming, and real troubleshooting exercises. If terms like "subnet mask," "three-way handshake," or "default gateway" don't mean anything to you yet, start here. This course is the prerequisite for every security course on the platform. **Prerequisites:** None. Basic command-line comfort helps but isn't required. **Estimated time:** ~30 hours across 14 modules.

Learn to build offensive security tools the way professionals do. This course teaches the fundamentals of Windows-based payload development. You will learn Windows internals and how to use them to build your own malware. You'll understand how process injection works, write position-independent shellcode, implement basic persistence mechanisms, and set up command-and-control infrastructure. Everything is hands-on. By the end, you'll have built a working implant from scratch. **What you'll build:** - Custom shellcode loaders - Process injection techniques - Registry and scheduled task persistence - Basic C2 beacon communication **What you'll learn:** - Core Windows internals relevant for offensive operations, including process memory layout, threads, modules, and execution flow - How Windows APIs, syscalls, and user-mode vs kernel-mode boundaries affect payload execution - How shellcode works at a low level, including position-independent code, stack manipulation, and API resolution - Multiple process injection strategies and when to use each - How malware achieves persistence on Windows systems **Prerequisites:** C or C++ programming experience. Familiarity with Windows API is helpful but not required. **Note:** Content is intended for authorized penetration testing and security research only.

Get past firewalls. Own internal networks. This is traditional pentest methodology. We cover reconnaissance, scanning, exploitation, and post-exploitation, which is the full attack chain from external foothold to domain admin basically. You'll use real tools like Nmap, Metasploit, Impacket, BloodHound, among others. By the end, you'll know how to approach a network pentest professionally. **Heads up:** This assumes basic networking knowledge (TCP/IP, subnets, common ports). If you don't know what a three-way handshake is, start with networking fundamentals first.

If you want to break into web security, this is where you start. We'll tear apart web apps the way real attackers do. You'll learn to spot SQL injection by muscle memory, chain XSS into account takeovers, and understand why that "secure" authentication system probably isn't. By the end, you won't just know the OWASP Top 10 but you'll know *why* developers keep making the same mistakes, and how to exploit (and fix) them. **You'll need:** Basic HTML/JS knowledge. A browser. Curiosity about how things break. **You won't need:** Prior security experience. We start from scratch.