Every topic below is a doorway, not a syllabus. Open one and explore it with a personal Socratic tutor in a real browser terminal — as far as your curiosity goes. It complements what you already learn; it does not replace it.
Navigate the Linux filesystem, manage processes, permissions, and shell scripting essentials.
Master grep, regular expressions, and text pattern matching for log analysis and data extraction.
TCP/IP, DNS, HTTP, packet analysis, and understanding network communication.
Python scripting for penetration testing, automation, exploit development, and tool building.
Master the art of working effectively with AI agents — clear communication, constraint specification, output evaluation, iteration strategy, and delegation judgment. The durable skill that bridges human intent and machine execution.
Understanding blockchain foundational pillars
Phishing analysis, pretexting, baiting, and defensive communication. Recognize and resist human-layer attacks.
Open source intelligence gathering, social engineering reconnaissance, and digital footprint analysis.
SQL injection, XSS, CSRF, authentication bypass, and web application vulnerabilities.
Linux and Windows privilege escalation techniques, SUID, kernel exploits, and misconfigurations.
WiFi protocols, WPA/WPA2 cracking, Bluetooth attacks, and wireless network defense.
AWS, Azure, GCP security misconfigurations, IAM, S3 bucket exploits, and cloud forensics.
Binary analysis, disassembly, debugging, and understanding compiled code.
Coaching to prepare for the CEH certification exam.
APIs are where the data actually lives, and they fail differently than web pages. This topic covers the OWASP API Security Top 10 — broken object-level authorization (BOLA/IDOR), broken authentication, mass assignment, excessive data exposure — plus the shadow and zombie APIs nobody documented, and how to test for these flaws systematically.
Large language models and the agentic systems built on them introduce an attack surface most security training never mentions: prompt injection, tool/agent abuse, data exfiltration through context, excessive agency, and model/data poisoning. This topic teaches the OWASP LLM Top 10 and how to threat-model an AI feature the way an attacker would — treating the model as an untrusted interpreter wired to real tools and real data.
Symmetric/asymmetric encryption, hashing, PKI, and breaking weak cryptographic implementations.
File carving, memory analysis, disk imaging, metadata extraction, and evidence handling.
Static and dynamic malware analysis, sandboxing, behavioral analysis, and indicator extraction.
Hidden data in images, audio, and files. Detection, extraction, and encoding techniques.
Forensics built for hard drives breaks when the "disk" is an API call and the compromised host vanished an hour ago. This topic teaches investigation of ephemeral, cloud-native infrastructure — containers, serverless functions, and the cloud control plane — and how to scope, contain, and preserve evidence when there is no physical disk to image.
Detection, containment, eradication, and recovery procedures for security incidents.
The code you ship is mostly code you didn't write. Dependency confusion, typosquatted packages, compromised maintainers, and unsigned build artifacts are now primary attack paths into otherwise hardened organizations. This topic covers SBOMs, artifact signing (Sigstore/cosign), build provenance (SLSA), dependency risk, and why CI/CD must be treated as production infrastructure.
Modern blue teams don't just watch a SIEM — they author, test, and version detections as code. This topic covers mapping adversary behavior to MITRE ATT&CK, writing and tuning detection rules (Sigma and friends), reasoning about false-positive rates and detection coverage, and running purple-team loops that prove a detection actually fires against real attacker technique.
Machine identities — service accounts, API keys, OAuth tokens, CI/CD credentials, and workload identities — now outnumber human accounts by an order of magnitude, and a forgotten or over-permissioned secret is the pivot point in most modern breaches. This topic covers how non-human identities (NHIs) are created, scoped, stored, rotated, and revoked, and why secret hygiene — not the firewall — is the real perimeter.