// Explore any of these with a tutor

Pick a thread. You steer.

Every topic below is a doorway, not a syllabus. Open one and explore it with a personal Socratic tutor in a real browser terminal — as far as your curiosity goes. It complements what you already learn; it does not replace it.

Offense

Social Engineering

Phishing analysis, pretexting, baiting, and defensive communication. Recognize and resist human-layer attacks.

OSINT

Open source intelligence gathering, social engineering reconnaissance, and digital footprint analysis.

Web Exploitation

SQL injection, XSS, CSRF, authentication bypass, and web application vulnerabilities.

Privilege Escalation

Linux and Windows privilege escalation techniques, SUID, kernel exploits, and misconfigurations.

Wireless Security

WiFi protocols, WPA/WPA2 cracking, Bluetooth attacks, and wireless network defense.

Cloud Security

AWS, Azure, GCP security misconfigurations, IAM, S3 bucket exploits, and cloud forensics.

Reverse Engineering

Binary analysis, disassembly, debugging, and understanding compiled code.

Certified Ethical Hacker Preparation

Coaching to prepare for the CEH certification exam.

API Security

APIs are where the data actually lives, and they fail differently than web pages. This topic covers the OWASP API Security Top 10 — broken object-level authorization (BOLA/IDOR), broken authentication, mass assignment, excessive data exposure — plus the shadow and zombie APIs nobody documented, and how to test for these flaws systematically.

AI & LLM Security

Large language models and the agentic systems built on them introduce an attack surface most security training never mentions: prompt injection, tool/agent abuse, data exfiltration through context, excessive agency, and model/data poisoning. This topic teaches the OWASP LLM Top 10 and how to threat-model an AI feature the way an attacker would — treating the model as an untrusted interpreter wired to real tools and real data.