Modules

Understand what a penetration test involves, including testing techniques and methodologies every pentester should know. This module will teach you the various methodologies and testing techniques that every penetration tester should know. By the end of the module, you will be able to identify what framework best suits your pentest engagement and know what security policies are used to protect data from cyber threats; involving keeping data confidential, integral, and available.

Master exploiting authentication mechanisms through real-world scenarios, covering enumeration and brute force, session management, OAuth, MFA/2FA and JWT vulnerabilities. This module will focus on understanding and mitigating critical vulnerabilities in authentication systems. We will first learn enumeration and brute forcing authentication mechanisms, followed by exploring session management and various attacks that can be performed against insecure implementations. We will cover a range of topics, including JSON Web Tokens (JWT), OAuth vulnerabilities covering missing state parameters, token stealing and many more. Finally, we will explore the significance of MFA/2FA in adding layers of security and exploiting them. All the rooms are equipped with realistic scenarios to practically allow you to explore and address various vulnerabilities.

Cyber Security is a huge topic, and it can be challenging to know where to start. This path will give you a hands-on introduction to different areas within cyber, including Offensive Security; hacking your first application, Defensive Security; defending against a live cyber attack, Careers in Cyber Security.

OSINT (Open-Source Intelligence) in cybersecurity involves collecting and analyzing publicly available data to identify vulnerabilities, monitor threats, and enhance security. Sources include websites, social media, public records, and forums. It aids in vulnerability management, threat intelligence, and incident response.

Malware analysis is the process of studying and understanding malicious software (malware) to determine how it behaves, how it spreads, and how it can be detected, removed, or mitigated. There are two main types of malware analysis: -Static analysis: Analysing the code without running it. -Dynamic analysis: Observing the behaviour of the malware while it's running in a controlled environment.

Web vulnerabilities are weaknesses in websites that attackers exploit to gain unauthorized access, steal data, or disrupt services. Common vulnerabilities include Cross-Site Scripting (XSS), which allows attackers to inject malicious scripts, and SQL Injection, where database queries are manipulated to extract sensitive information. Local File Inclusion (LFI) exposes server files, while Insecure Direct Object References (IDOR) allow unauthorized access to user data by modifying URLs. Weak authentication or authorization controls lead to account takeover or unauthorized actions. File upload flaws can enable malicious code execution. These vulnerabilities emphasize the need for secure coding practices, regular testing, and robust defense mechanisms.

Python was developed by Guido van Rossum, a Dutch programmer, in the late 1980s. He started working on Python in December 1989 during his time at Centrum Wiskunde & Informatica (CWI) in the Netherlands and officially released it in 1991.

In the shadowy corners of the digital world lies the enigmatic Fortress of Code, a domain protected by layers of cryptic defenses. It is said that only the most skilled hackers can navigate its labyrinth and claim the "Master Flag," an artifact of immense power hidden deep within the system. The Fortress has issued a challenge: prove your worth by solving a series of puzzles that test the essential skills of a hacker.

Disk image file analysis is the process of examining a digital copy of a storage device (like a hard drive, SSD, USB drive, or CD/DVD) for forensic, troubleshooting, or recovery purposes. Disk image files are exact replicas of the entire contents of a storage medium, including all files, directories, and metadata, captured at a specific point in time. These files are commonly used in digital forensics, data recovery, and system deployment.

Forensic steganography cryptanalysis involves uncovering hidden data in digital media by analyzing statistical anomalies, structural irregularities, or altered patterns introduced by steganographic methods. Techniques include LSB analysis, detecting data hidden in the least significant bits, and frequency-domain analysis for transform-based steganography. Challenges arise from encrypted payloads or sophisticated algorithms aiming for high imperceptibility. Forensic experts also employ histogram analysis, noise detection, and comparative media studies to ensure a robust investigative approach.

Email header analysis is the process of examining the metadata in an email header to gain insights about the email's origin, route, and authenticity. Email headers contain detailed information about the email's journey from the sender to the recipient, including timestamps, server details, and authentication results. This analysis is often used in cybersecurity, troubleshooting email issues, or investigating potential email scams or phishing attempts.

Crack the Hash is a cybersecurity challenge where participants attempt to decrypt hashed values and recover the original data. It tests knowledge of hashing algorithms, brute-force techniques, and cryptographic analysis. Often featured in Capture The Flag (CTF) competitions, this challenge enhances skills in password security, hash identification, and decryption methods, helping cybersecurity professionals understand and counter real-world encryption and security vulnerabilities.