Academy / Practical Ethical Hacking & Defense
// practical track · defense-weighted
Practical Ethical Hacking & Defense
The full practical syllabus — every attack technique paired with detection and hardening. Every offensive technique is taught conceptually for authorized lab practice and paired with detection and hardening — no weaponized tooling.
Free preview — 25% unlocked
You're viewing 35 of 141 lessons. Log in to unlock the full 141-lesson track, labs, and progress tracking.
Module 1
Lab Setup & Linux Foundations
Build a safe, isolated practice range and the Linux fluency every analyst needs.
001
Concept
free What attackers can do (and why defense matters)
Orientation: the same techniques used to compromise an endpoint or webcam are what blue teams must detect and block. Frames the whole track around defense.
Hands-on lab
Steps
- List 3 things an attacker could do to an unpatched endpoint, then write the defensive control that stops each.
- Keep this as your running 'attack -> control' table through the track.
Commands & tools
# no tools yet — this is your threat-model worksheet
Expected: A short table mapping attacker actions to detections/controls.
Detect / defend: Mindset: every offensive capability has a telemetry source and a control.
002
Concept
free Course introduction & overview
How the track is organized: each offensive concept is paired with detection and hardening.
Hands-on lab
Steps
- Skim the module list and mark which map to your real environment.
- Pick one module to prioritise based on your current gaps.
Expected: A prioritised learning path for your context.
003
Concept
free What is hacking & why learn it (ethically)
Authorized testing vs. crime: scope, written permission, and rules of engagement are non-negotiable.
Hands-on lab
Steps
- Write a one-paragraph Rules of Engagement: scope, authorisation, timing, and out-of-bounds systems.
- Confirm you will only test the isolated lab you build here.
Commands & tools
# Authorisation template: WHO may test WHAT, WHEN, and WHAT is off-limits
Expected: A signed-style ROE you could reuse for authorised testing.
Detect / defend: Legal/ethical guardrail: no authorisation = no testing.
004
Concept
free Staying current
Tooling and CVEs change constantly; defenders track advisories and update detections continuously.
Hands-on lab
Steps
- Subscribe to CISA KEV and a vendor advisory feed.
- Note today's top KEV entry and which of your assets it would affect.
Commands & tools
# Track: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
# NeoShield already aggregates CISA KEV in the Threat Live feed
Expected: A repeatable habit of reviewing fresh advisories.
Detect / defend: Feed KEV into vulnerability prioritisation.
005
Setup
free Lab overview
An isolated, no-internet lab range is the only legal place to practice. Segment it from real networks.
Hands-on lab
Steps
- Draw your lab topology: host-only network, analyst VM, victim VM, no internet egress.
- Verify the segment cannot route to your real LAN.
Commands & tools
# VirtualBox: set adapters to 'Host-only' or 'Internal Network'
# Confirm no default gateway to the real network
Expected: An isolated range diagram with zero egress.
Detect / defend: Isolation is the control that makes practice legal and safe.
006
Setup
free Initial preparation
Snapshots, host-only networking, and disposable VMs so nothing escapes the lab.
Hands-on lab
Steps
- Snapshot every VM at a clean baseline.
- Practice reverting a VM to baseline so each lab starts clean.
Commands & tools
# VBoxManage snapshot <vm> take baseline
# VBoxManage snapshot <vm> restore baseline
Expected: One-command revert to a known-good state.
Detect / defend: Disposable VMs prevent cross-contamination of evidence.
007
Setup
free Installing Kali Linux as a VM (Windows)
Analyst toolbox setup. Keep it isolated; never point lab tools at networks you do not own.
Hands-on lab
Steps
- Install the analyst distro as a VM (host-only NIC).
- Update it, then snapshot.
Commands & tools
sudo apt update && sudo apt -y full-upgrade
# then snapshot the VM
Expected: A patched, isolated analyst workstation.
Detect / defend: Keep tooling patched like any other asset.
008
Setup
free Installing Kali Linux as a VM (macOS Intel/Silicon)
Same isolated-lab setup on Apple hardware.
Hands-on lab
Steps
- Repeat the VM build on macOS (Intel or Apple Silicon).
- Use an ARM image on Apple Silicon.
Commands & tools
# UTM/VMware Fusion on macOS; host-only networking
Expected: A working analyst VM on Apple hardware.
009
Setup
free Installing Kali Linux as a VM (Linux)
Hypervisor setup on a Linux host.
Hands-on lab
Steps
- Build the analyst VM on a Linux host with KVM/VirtualBox.
- Confirm host-only networking.
Commands & tools
sudo apt install -y virtualbox # or qemu-kvm libvirt
Expected: A reproducible Linux-hosted lab.
010
Setup
free Kali basics
Navigating the analyst distro and keeping it patched.
Hands-on lab
Steps
- Tour the filesystem, package manager, and service manager.
- Find where logs live (/var/log).
Commands & tools
ls /var/log
systemctl list-units --type=service | head
Expected: Comfort locating services and logs.
Detect / defend: Logs are the analyst's primary evidence source.
011
Setup
free The terminal & Linux commands
Core shell fluency: files, processes, permissions, logs — the foundation for both offense and defense.
Hands-on lab
Steps
- Practice the core triage commands on the VM.
- Inspect a running process tree and open files.
Commands & tools
ps auxf | head
ss -tulpen
grep -i error /var/log/syslog | tail
Expected: Fluency reading processes, sockets, and logs.
Detect / defend: These same commands triage a compromised host.
Module 2
Network Testing — Pre-Connection & Wireless Recon
Understand wireless reconnaissance so you can detect rogue capture and deauth abuse.
012
Concept
free Introduction to network penetration testing
The phases: recon, gaining access, post-connection — each with a defensive counterpart.
Hands-on lab
Steps
- Map the three phases (recon, access, post-connection) to a defensive control each.
- Note which phase your monitoring covers today.
Expected: A phase->defense mapping.
Detect / defend: Coverage gaps appear where a phase has no telemetry.
013
Concept
free Network basics
How L2/L3 works; where trust is implicit and therefore abusable.
Hands-on lab
Steps
- Diagram an L2 segment: switch, hosts, gateway, ARP/MAC tables.
- Mark where trust is implicit (ARP, DHCP, DNS).
Commands & tools
ip neigh # local ARP/neighbour table
ip route # default gateway
Expected: Understanding of where L2 trust can be abused.
Detect / defend: Implicit-trust points are your monitoring priorities.
014
Concept
🔒 members Connecting a wireless adapter to Kali
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
015
Concept
🔒 members MAC address & changing it
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
016
Concept
🔒 members Wireless modes (managed vs monitor)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
017
Concept
🔒 members Packet sniffing basics
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
018
Concept
🔒 members WiFi bands (2.4/5 GHz)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
019
Concept
🔒 members Targeted packet sniffing
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
020
Attack→Defense
🔒 members Deauthentication attacks (concept) & detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
Module 3
Wireless Access: Encryption Weaknesses & Hardening
Why legacy wireless crypto fails, and how to configure WiFi for maximum security.
021
Concept
🔒 members Gaining access — introduction
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
022
Concept
🔒 members Why WEP is broken (theory)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
023
Concept
🔒 members WEP weaknesses in practice
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
024
Concept
🔒 members Fake authentication (concept)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
025
Concept
🔒 members ARP-request replay (concept)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
026
Concept
🔒 members WPA/WPA2 cracking — introduction
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
027
Concept
🔒 members WPA/WPA2 without a wordlist (PMKID concept)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
028
Concept
🔒 members Capturing the handshake (concept)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
029
Concept
🔒 members Wordlists & why length beats complexity
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
030
Concept
🔒 members Wordlist attack (concept)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
031
Defense
free Securing your network from attackers
Actionable hardening: WPA3, long passphrases, 802.1X/EAP, PMF, guest/IoT segmentation, firmware updates.
Hands-on lab
Steps
- Harden a lab AP/router: WPA3, long passphrase, PMF, guest VLAN.
- Verify WPS is disabled.
Commands & tools
# AP admin: WPA3-SAE on, WPS off, PMF required, guest SSID on its own VLAN
Expected: A hardened wireless config.
Detect / defend: WIDS monitors the hardened network for rogues.
032
Defense
free Configuring wireless settings for maximum security
Disable WPS, rotate keys, enforce PMF, separate VLANs/SSIDs, and monitor with a WIDS.
Hands-on lab
Steps
- Document the full secure-WiFi checklist and apply it.
- Confirm key rotation and firmware updates.
Commands & tools
# Checklist: WPA3, PMF, no WPS, VLAN segmentation, firmware current
Expected: A reusable secure-WiFi baseline.
Detect / defend: Drift from baseline = alert.
Module 4
Post-Connection & MITM: Detection and Prevention
On-path attacks (ARP/DNS spoofing, HTTPS downgrade, JS injection, rogue AP) and how to catch them.
033
Concept
free Introduction to post-connection attacks
Once on a segment, attackers map and intercept. Defense is segmentation + L2 controls + monitoring.
Hands-on lab
Steps
- List what an on-segment attacker can do (map, intercept).
- Map each to a control: segmentation, L2 security, monitoring.
Expected: An on-path threat model with controls.
Detect / defend: Segment + DAI + flow monitoring.
034
Setup
🔒 members Installing Windows as a VM (target)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
035
Setup
🔒 members Installing Windows VM on Apple Silicon
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
036
Concept
🔒 members Discovering devices on the network
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
037
Concept
🔒 members Enumerating device info, ports
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
038
Concept
🔒 members OS & service fingerprinting
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
039
Attack→Defense
🔒 members What is ARP poisoning
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
040
Attack→Defense
🔒 members Intercepting traffic (concept) & detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
041
Concept
🔒 members On-path tooling overview (conceptual)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
042
Attack→Defense
🔒 members ARP spoofing (concept) & detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
043
Attack→Defense
🔒 members Credential/visited-site exposure on shared segments
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
044
Concept
🔒 members Custom on-path scripts (concept)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
045
Attack→Defense
🔒 members HTTPS downgrade/strip (concept) & defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
046
Attack→Defense
🔒 members DNS spoofing (concept) & defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
047
Attack→Defense
🔒 members JavaScript injection on-path (concept) & defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
048
Concept
🔒 members GUI MITM frameworks (conceptual)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
049
Lab
free Wireshark with MITM — analyst view
Use Wireshark defensively to spot poisoning artifacts (duplicate-address, gratuitous ARP).
Hands-on lab
Steps
- Capture lab traffic and apply analyst display filters.
- Bookmark the poisoning-artifact filters.
Commands & tools
http.request
tls.handshake.extensions_server_name
arp.opcode == 2
Expected: A working analyst filter set.
Detect / defend: Filters surface poisoning + plaintext.
050
Lab
🔒 members Wireshark — sniffing & analysing data
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
051
Lab
🔒 members Wireshark — filters, tracing, dissecting
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
052
Lab
🔒 members Wireshark — finding exposed data in captures
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
053
Attack→Defense
🔒 members Rogue AP / honeypot (theory) & detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
054
Attack→Defense
🔒 members Rogue AP (concept, practical framing) & defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
055
Defense
free Detecting ARP poisoning
arpwatch/Suricata binding-change alerts; switch DAI logs. A poisoned gateway shows two MACs — high-confidence alert.
Hands-on lab
Steps
- Configure arpwatch alerting to your inbox/SIEM.
- Validate with a benign change.
Commands & tools
sudo arpwatch -i eth0 # forward syslog to SIEM
Expected: Operational ARP-poisoning detection.
Detect / defend: Gateway-MAC change = high-confidence alert.
056
Defense
free Detecting suspicious network activity
Baseline flows; alert on scans, beaconing, plaintext auth, and DNS anomalies (entropy/long labels).
Hands-on lab
Steps
- Baseline normal flows; create alerts for scans/beacons/DNS anomalies.
- Tune out known-good noise.
Commands & tools
# Zeek conn.log baseline; alert on periodic low-jitter beacons
# DNS: flag long/high-entropy labels (tunneling)
Expected: Tuned network-anomaly alerts.
Detect / defend: Beaconing + DNS-entropy detections.
057
Defense
free Preventing MITM — method 1 (L2 controls)
DHCP snooping + Dynamic ARP Inspection + 802.1X stop on-path attacks at the switch.
Hands-on lab
Steps
- Enable DHCP snooping + DAI + 802.1X on a lab switch (or document).
- Re-run the poisoning pcap test to confirm drop.
Commands & tools
ip dhcp snooping
ip arp inspection vlan 10
Expected: On-path attacks dropped at the switch.
Detect / defend: DAI drop logs to SIEM.
058
Defense
free Preventing MITM — method 2 (crypto + monitoring)
TLS-everywhere, HSTS preload, DNSSEC/DoH, and continuous binding/flow monitoring.
Hands-on lab
Steps
- Apply crypto+monitoring layer: TLS-everywhere, HSTS preload, DNSSEC.
- Verify continuous binding/flow monitoring.
Commands & tools
# HSTS preload submission; DNSSEC enable; Zeek+arpwatch running
Expected: Defence-in-depth against on-path attacks.
Detect / defend: Combined L2 + crypto + flow telemetry.
Module 5
Server-Side Attacks: Vulnerability Management & Detection
How exposed services get exploited and how to scan, patch, and detect at scale.
060
Setup
🔒 members Installing Metasploitable (vulnerable lab target)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
061
Concept
free Introduction to server-side attacks
Exposed services with missing patches/weak config are the entry point. Defense: patch + reduce attack surface + detect.
Hands-on lab
Steps
- Inventory the lab target's exposed services.
- Note which are unpatched/weakly configured.
Commands & tools
nmap -sV 10.10.10.60 # lab target
Expected: A service exposure list.
Detect / defend: Reduce surface; patch; detect exploitation.
062
Concept
🔒 members Information gathering & exploitation (concept)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
063
Concept
🔒 members Exploiting a known service vuln (lab concept)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
064
Concept
🔒 members Code-execution vulnerabilities (concept) & detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
065
Defense
🔒 members Vulnerability scanning — installing a scanner
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
066
Defense
🔒 members Scanning a server for vulnerabilities
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
067
Defense
🔒 members Analysing scan results & reporting
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
068
Defense
free Server-side defense summary
Patch fast, minimize exposed services, segment, and detect exploitation with EDR/IDS.
Hands-on lab
Steps
- Write your server-side defence checklist (patch, minimise, segment, detect).
- Apply one item to the lab.
Expected: A reusable server hardening checklist.
Detect / defend: EDR/IDS for exploitation + abnormal spawns.
Module 6
Client-Side & Malware Defense (Detection-Focused)
Backdoors, trojans, and AV-evasion — taught only as how to DETECT and PREVENT them.
069
Concept
free Introduction to client-side attacks
When servers are hardened, attackers target users. Defense: EDR, app allow-listing, user training, email/web filtering.
Hands-on lab
Steps
- List client-side vectors (docs, links, updates) and a control for each.
- Confirm EDR + allow-listing + filtering coverage.
Expected: A client-side control matrix.
Detect / defend: EDR + email/web filtering + training.
070
Concept
🔒 members Backdoors & payloads — what they are
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
071
Defense
🔒 members Detecting backdoor creation/use
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
072
Defense
🔒 members Spotting backdoor C2 connections
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
073
Defense
🔒 members Defending Windows endpoints against implants
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
074
Defense
🔒 members Why AV-evasion exists & layered defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
Module 7
Social Engineering & Phishing Defense
OSINT, trojaned files, email spoofing, and browser-hook scams — all framed as how to detect, filter, and train.
075
Concept
free Introduction to social engineering
People are a target. Defense: awareness training, verification culture, and technical controls (filtering, MFA).
Hands-on lab
Steps
- List the human attack vectors and a control for each.
- Plan a reporting channel for suspicious messages.
Expected: A people-control matrix + report button.
Detect / defend: Training + filtering + MFA/passkeys.
076
Concept
🔒 members OSINT tooling (Maltego) — defensive view
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
077
Concept
🔒 members Discovering an org's public footprint
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
078
Concept
🔒 members Mapping social connections (OSINT)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
079
Concept
🔒 members Email-based reconnaissance
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
080
Concept
🔒 members How attackers build a pretext (defensive)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
081
Defense
🔒 members Trojaned files (concept) & detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
082
Defense
🔒 members Disguised executables — detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
083
Defense
🔒 members Extension spoofing — defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
084
Defense
🔒 members Email spoofing — why SPF/DKIM/DMARC stop it
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
085
Defense
🔒 members Sender forgery — detection & rejection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
086
Defense
🔒 members Display-name impersonation — defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
087
Defense
🔒 members Other spoofing vectors — defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
088
Defense
🔒 members Browser-hook frameworks (BeEF) — defensive view
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
089
Defense
🔒 members How browser hooks are delivered (defense)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
090
Defense
🔒 members What a hooked browser exposes — detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
091
Defense
🔒 members Fake login prompts (credential phishing) — defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
092
Defense
🔒 members Fake update prompts — detection & prevention
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
093
Defense
free Detecting trojans manually
Static triage signals: signatures, strings, autoruns, unusual parents — analyst tradecraft (see Malware Analysis module).
Hands-on lab
Steps
- Static-triage a benign sample: hash, strings, autoruns review.
- Note suspicious indicators.
Commands & tools
sha256sum sample.bin
strings -n 8 sample.bin | less
Expected: Manual trojan-triage signals.
Detect / defend: Unusual strings/imports/autoruns.
094
Defense
🔒 members Detecting trojans with a sandbox
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
095
Concept
🔒 members Beyond-the-LAN risk (defensive framing)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
096
Defense
🔒 members Internet-facing implant risk — detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
097
Defense
🔒 members Port-forwarding risk & hardening
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
098
Defense
🔒 members Remote social-engineering risk — defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
Module 8
Post-Exploitation: Persistence, Lateral Movement & Detection
What attackers do after access — and the telemetry that catches each step.
099
Concept
free Introduction to post-exploitation
After access: persist, escalate, move laterally, collect, exfiltrate — every step is detectable with the right telemetry.
Hands-on lab
Steps
- List the post-exploitation stages and the telemetry for each.
- Confirm you log command lines + network.
Commands & tools
# Ensure Sysmon command-line + EDR network logging on
Expected: A stage->telemetry coverage map.
Detect / defend: Each stage has a detection source.
100
Concept
🔒 members Remote-access agents (concept) & detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
101
Defense
🔒 members System commands abuse — detection
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
102
Defense
🔒 members Persistence techniques — detection (T1547/T1053)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
103
Defense
🔒 members Keylogging/screenshot spying — detection & prevention
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
104
Concept
🔒 members Pivoting — theory (defensive)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
105
Defense
🔒 members Lateral movement — detection & containment
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
Module 9
Web App Testing: Recon & Information Gathering
How attackers profile a web target — and how to shrink and monitor that surface.
106
Concept
free What is a website (request lifecycle)
Client/server/DB model — the basis for understanding web vulns and their fixes.
Hands-on lab
Steps
- Diagram the request lifecycle (client->server->DB).
- Mark where input becomes trusted (the bug source).
Expected: A lifecycle diagram with trust boundaries.
Detect / defend: Validate/encode at each boundary.
107
Concept
free How web attacks happen (overview)
Input trust failures are the root cause; the defense is validation, encoding, and least privilege.
Hands-on lab
Steps
- List the Top-10 root cause (input trust) with one example each.
- Map to validation/encoding/least-privilege.
Expected: Root-cause -> fix mapping.
Detect / defend: WAF + input validation.
108
Concept
🔒 members Whois lookups (recon)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
109
Concept
🔒 members Fingerprinting site technologies
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
110
Concept
🔒 members DNS information gathering
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
111
Concept
🔒 members Shared-hosting/neighbor discovery
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
112
Concept
🔒 members Subdomain discovery & attack-surface mgmt
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
113
Concept
🔒 members Finding sensitive files
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
114
Concept
🔒 members Analysing discovered files (defensive)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
Module 10
Web Vulnerabilities: Exploitation Concepts & Secure Fixes
File upload, RCE, LFI/RFI, SQL injection, and XSS — each with the real, definitive fix.
115
Attack→Defense
🔒 members File-upload vulnerabilities (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
116
Attack→Defense
🔒 members Code-execution vulnerabilities (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
117
Attack→Defense
🔒 members Local File Inclusion (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
118
Defense
🔒 members RFI & dangerous PHP settings
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
119
Attack→Defense
🔒 members Remote File Inclusion (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
120
Defense
free Preventing inclusion/upload/RCE bugs
Input allow-listing, output of files outside web root, safe APIs, least-privilege runtime, and WAF + process-spawn detection.
Hands-on lab
Steps
- Write the unified fix checklist (validate, store-out-of-root, safe APIs, least privilege).
- Add WAF + process-spawn detection.
Commands & tools
# Checklist applied to the lab app
Expected: A reusable secure-coding checklist.
Detect / defend: WAF + EDR spawn alerts.
121
Concept
🔒 members What is SQL (and where injection arises)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
122
Attack→Defense
🔒 members Why SQL injection is dangerous
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
123
Attack→Defense
🔒 members SQL injection in POST (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
124
Attack→Defense
🔒 members Auth-bypass via SQLi (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
125
Attack→Defense
🔒 members SQL injection in GET (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
126
Concept
🔒 members How attackers read DB metadata (defensive)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
127
Concept
🔒 members Enumerating tables (defensive framing)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
128
Concept
🔒 members Sensitive-data exposure via SQLi (impact)
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
129
Concept
🔒 members File read/write via SQLi (impact) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
130
Defense
🔒 members Automated SQLi tools — authorized testing only
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
131
Defense
free The right way to prevent SQL injection
Parameterized queries/ORM, input validation, least-privilege DB users, error suppression, and WAF monitoring.
Hands-on lab
Steps
- Apply the full SQLi-prevention checklist to the lab app.
- Verify with a re-scan.
Commands & tools
# Parameterised queries/ORM, validation, least-privilege, error suppression
Expected: SQLi eliminated end-to-end.
Detect / defend: WAF + query-error monitoring.
132
Concept
🔒 members Introduction to XSS
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
133
Attack→Defense
🔒 members Reflected XSS (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
134
Attack→Defense
🔒 members Stored XSS (concept) & fix
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
135
Defense
🔒 members XSS impact (browser hooking) — defense
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
136
Defense
free Preventing XSS
Contextual output encoding, input validation, a strict CSP, Trusted Types, and HttpOnly/SameSite cookies.
Hands-on lab
Steps
- Apply the XSS-prevention checklist (encode, validate, CSP, Trusted Types).
- Verify with a scan.
Commands & tools
# Trusted Types + contextual encoding + strict CSP
Expected: XSS eliminated end-to-end.
Detect / defend: CSP + WAF.
137
Defense
🔒 members Automated web vulnerability scanning
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
138
Defense
🔒 members Analysing scan results
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
Module 11
Reporting, Hardening & Next Steps
Turn findings into fixes: write the report and apply the four pillars of app security.
139
Concept
free Web testing — wrap-up
Every web vuln traces to input trust + privilege; fixes are validation, encoding, least privilege, and monitoring.
Hands-on lab
Steps
- Summarise that web vulns trace to input trust + privilege.
- List the four fix pillars.
Expected: A crisp mental model for web defence.
Detect / defend: Validation + encoding + least privilege + monitoring.
140
Reporting
🔒 members Writing a pentest report
Unlock this lesson by logging in — full explanation, hands-on lab, commands, and detection included.
141
Defense
free Four ways to secure websites & apps
Validate/encode all input-output, enforce least privilege, patch + manage dependencies, and add WAF + monitoring/logging.
Hands-on lab
Steps
- Apply the four pillars to the lab app and confirm each.
- Add WAF + logging/monitoring.
Commands & tools
# 1 validate/encode 2 least privilege 3 patch/deps 4 WAF+monitoring
Expected: A hardened app meeting all four pillars.
Detect / defend: Monitoring/logging in place.
142
Concept
free What's next (continuous defense)
Keep learning: detection engineering, threat hunting, and the NeoShield Academy advanced modules.
Hands-on lab
Steps
- Plan your next steps: pick an advanced Academy module and a detection to build.
- Schedule a re-test cadence.
Commands & tools
# Continue: Threat Hunting, DFIR, Malware Analysis (advanced modules)
Expected: A continuous-defense plan.
Detect / defend: Detection engineering + periodic re-test.
🔒 Unlock the full track
You're on the 25% free preview (35 of 141 lessons). Log in to read every lesson's detection & hardening detail, the per-module key-defense breakdowns, and to save your progress.
Log in / Sign up for full access
Practice only in an isolated lab against intentionally-vulnerable targets you own. Related: advanced Academy modules · security blog.
