Cybersecurity Deconstructed (The Course)
Course Info
This course includes 1 attempt.
Go Beyond the Surface: Master Cybersecurity Internals
Are you tired of cybersecurity explanations that barely scratch the surface? In a world of sophisticated APTs, complex cloud environments, and elusive fileless malware, a fundamental, deep technical understanding isn't just an advantage—it's a necessity. Cybersecurity Deconstructed plunges into the critical internals, moving beyond abstractions to reveal the underlying mechanics of modern attacks and defenses.
This course is your guide to deconstructing the core components of cybersecurity. You'll dissect advanced TCP/IP manipulation and evasion tactics, explore EDR internals and bypass techniques, master sophisticated post-exploitation methods (including LSASS dumping nuances, Kerberoasting, and lateral movement), navigate AWS/Azure security pitfalls, understand practical cryptographic failures, and learn the essentials of memory forensics and reverse engineering.
Written for practitioners and advanced learners—including penetration testers, red teamers, incident responders, security engineers, and architects—this course assumes you have the fundamentals down and are ready for a deep dive. You won't just learn what tools do; you'll understand how they work, why attacks succeed, and how defenses can be circumvented or hardened at a fundamental level. Equip yourself with the resilient, adaptable knowledge needed to tackle the most complex cybersecurity challenges.
Course Material
- Lesson 1: Advanced Network Traffic Analysis & Evasion
- Deep Dive into TCP/IP: Header Manipulation and Obscure Flags
- TCP Flags Beyond the Basics
- TCP Options
- IP Fragmentation
- Exercise 1
- Protocol Tunneling Techniques: Implementation Details
- DNS Tunneling
- ICMP Tunneling
- HTTP/S Tunneling
- Exercise 2
- Advanced Packet Crafting with Scapy/Custom Tools
- Introduction to Scapy
- Packet Crafting Examples
- Other Tools
- Exercise 3
- IDS/IPS Evasion Techniques
- How IDS/IPS Work (Simplified)
- Evasion Techniques Revisited
- Exercise 4
- Deep Packet Inspection (DPI) Bypassing Strategies
- Exercise 5
- Analyzing Encrypted Traffic Patterns (TLS Handshake Analysis, JA3/JA3S)
- The TLS Handshake
- JA3 Fingerprinting
- JA3S Fingerprinting
- Limitations of JA3/JA3S
- Exercise 6
- Network Flow Analysis (NetFlow/IPFIX) for Anomaly Detection
- What is Flow Data?
- Generation and Collection
- Security Use Cases
- Limitations
- Exercise 7
- Lesson Summary
- Quiz 11 attempt allowed
- Lesson 2: Modern Endpoint Detection & Response (EDR) Internals & Bypass
- Understanding EDR Telemetry: The Data Sources
- Kernel Callbacks and Filter Drivers
- Event Tracing for Windows (ETW)
- API Hooking (Userland vs. Kernel)
- Exercise 8
- Common EDR Detection Mechanisms (Illustrative Examples)
- Process Injection Detection
- Credential Access Detection (LSASS Dumping)
- Lateral Movement Detection
- Exercise 9
- Techniques for Bypassing EDR Hooks (Userland Focus)
- Direct Syscalls
- Unhooking
- Hardware Breakpoints
- Bring Your Own Land (BYOL) / Vulnerable Driver Abuse
- Exercise 10
- Evading Behavioral Analysis
- Process Hollowing & Variations
- Reflective Loading
- In-Memory Execution (.NET Example)
- Parent Process ID (PPID) Spoofing
- AMSI (Antimalware Scan Interface) Internals and Bypass
- How AMSI Works
- AMSI Bypassing Techniques
- Exercise 11
- Analyzing EDR Logs and Artifacts
- Exercise 12
- The Role of Memory Forensics
- Exercise 13
- Lesson Summary
- Exercise 14
- Quiz 21 attempt allowed
- Lesson 3: Applied Offensive Techniques: Post-Exploitation Deep Dive
- Advanced Credential Harvesting: Access Beyond the Initial Foothold
- LSASS Dumping: Accessing Credential Material in Memory
- Kerberos Attacks: Abusing the Authentication Protocol
- Exercise 15
- Living-off-the-Land (LotL): Using What’s Already There
- Advanced LOLBAS Examples (Windows)
- LOLBAS Obfuscation Recap
- Exercise 16
- Windows Lateral Movement Techniques: Spreading Through the Network
- WMI for Remote Execution
- WinRM / PowerShell Remoting
- DCOM Object Abuse
- SMB/RPC Based (PsExec Variants)
- Exercise 17
- Linux Lateral Movement
- SSH Tunneling and Pivoting
- Sudo Exploitation and Misconfigurations
- Shared Library Hijacking
- Exercise 18
- Command and Control (C2) Framework Internals
- Malleable C2 Profiles
- Domain Fronting (Legacy Concept & Detection)
- DNS C2 Channel Analysis
- Exercise 19
- Data Exfiltration Techniques: Getting the Goods Out
- Covert Channels (Beyond Standard Tunneling)
- Steganography
- Protocol Abuse / Using Legitimate Services
- Exercise 20
- Lesson Summary
- Exercise 21
- Quiz 31 attempt allowed
- Lesson 4: Cloud Security Architecture & Exploitation (Focus: AWS/Azure)
- Introduction to Cloud Security Challenges
- Exercise 22
- IAM Deep Dive: The Cornerstone of Cloud Security
- AWS IAM Policy Evaluation Logic
- Azure RBAC Evaluation Logic
- AWS AssumeRole Internals (STS)
- Azure RBAC vs. Azure AD Roles
- Federation Security (SAML, OAuth2/OIDC)
- Exercise 23
- VPC/VNet Security Internals: Network Controls in the Cloud
- Security Groups (AWS) vs. Network Security Groups (NSGs - Azure)
- Network Access Control Lists (NACLs - AWS) vs. NSG Flow Logs (Azure)
- VPC Endpoints (AWS) vs. Private Endpoints (Azure)
- Network Segmentation Strategies
- Exercise 24
- Serverless (Lambda/Functions) Security: New Execution Models, New Risks
- Execution Environment Internals
- Event Injection Vulnerabilities
- Function Permissions Misconfigurations
- Secrets Management
- Exercise 25
- Container Security in the Cloud (ECS/EKS, AKS)
- Runtime Security
- Image Scanning Internals & CI/CD Integration
- Kubernetes RBAC Exploitation
- Network Policies (Kubernetes)
- Exercise 26
- Cloud Storage Security Pitfalls (S3/Blob)
- Access Control Mechanisms & Complexity
- Pre-signed URLs (AWS S3)
- Shared Access Signatures (SAS - Azure)
- Data Leakage Vectors
- Exercise 27
- Cloud Auditing and Logging: Visibility is Key
- Core Logging Services
- Log Analysis Strategies
- Detecting Advanced Threats with Logs
- Exercise 28
- Lesson Summary
- Exercise 29
- Quiz 41 attempt allowed
- Lesson 5: Practical Cryptography & Implementation Failures
- TLS/SSL Deep Dive: Securing the Transport Layer
- The TLS 1.2 Handshake (Simplified Walkthrough)
- Certificate Validation Internals
- Common Configuration Weaknesses
- Exercise 30
- Public Key Infrastructure (PKI) Internals
- Certificate Authority Hierarchies
- CRL/OCSP Mechanisms and Failures (Revisited)
- Certificate Transparency (CT) Logs
- Exercise 31
- Common Cryptographic Implementation Bugs
- Padding Oracles (CBC Mode)
- Weak Random Number Generation
- Timing Attacks (Conceptual Examples)
- Exercise 32
- Hashing Algorithms: Integrity and Beyond
- Core Properties:
- Practical Issues with MD5 and SHA-1
- Length Extension Attacks
- Exercise 33
- Symmetric vs. Asymmetric Encryption: The Hybrid Approach
- Key Management Challenges
- Exercise 34
- Introduction to Post-Quantum Cryptography Concepts (Brief Overview)
- Exercise 35
- Lesson Summary
- Exercise 36
- Quiz 51 attempt allowed
- Lesson 6: Technical Incident Response & Memory Forensics
- The Incident Response Lifecycle: Technical Actions
- Exercise 37
- Volatile Data Collection Techniques: Capturing Fleeting Evidence
- Memory Acquisition (RAM Dump)
- Other Volatile System State Capture
- Exercise 38
- Memory Analysis with Volatility Framework
- Getting Started
- Process Listing (pslist, pstree, psscan)
- Network Connections (netscan, sockets, sockscan)
- DLL Analysis (dlllist, ldrmodules)
- Command History (cmdscan, consoles)
- Registry Analysis (hivelist, printkey, dumpregistry)
- Exercise 39
- Identifying Malware in Memory
- Code Injection Detection (malfind)
- Hidden Processes/Drivers (psxview, driverscan, modscan)
- Hook Detection (apihooks, ssdt, idt, gdt - Volatility 2 more common, some V3 ports exist)
- Exercise 40
- Filesystem Forensics Basics: Complementing Memory
- MFT Analysis (NTFS)
- Timestamps (MAC Times) & Timestomping
- Deleted File Recovery Concepts (NTFS)
- Exercise 41
- Timeline Analysis Techniques: Weaving the Narrative
- The Super Timeline Concept
- Tools (Plaso/log2timeline)
- Correlation and Analysis
- Exercise 42
- Lesson Summary
- Exercise 43
- Quiz 61 attempt allowed
- Lesson 7: Reverse Engineering & Malware Analysis Fundamentals
- Introduction: Static vs. Dynamic Analysis
- Static Analysis Techniques: Examining the Code at Rest
- Disassemblers and Decompilers (IDA Pro/Ghidra)
- String Analysis
- PE Header Analysis: Imports and Exports
- Packer and Obfuscator Identification
- Exercise 44
- Dynamic Analysis Techniques: Observing the Malware in Action
- Debuggers (x64dbg/WinDbg)
- Sandboxing
- Behavioral Monitoring Tools
- Exercise 45
- Common Malware Techniques
- Persistence Mechanisms
- Anti-Analysis Tricks
- Command and Control (C2) Communication Patterns
- Exercise 46
- Introduction to Assembly Language (x86/x64)
- Key Instructions (x86/x64 - Intel Syntax)
- Stack Operations & Function Calls
- Exercise 47
- YARA Rule Creation: Pattern Matching for Detection
- Purpose: Identify and classify malware samples, hunt for related samples in datasets, create custom detection rules for security tools (some EDRs/scanners support YARA).
- Rule Structure
- Key Components:
- Writing Effective Rules:
- Exercise 48
- Lesson Summary
- Exercise 49
- Quiz 71 attempt allowed
- Lesson 8: Conclusion & Further Learning
- Key Takeaways:
- Further Learning:
- Exercise 50
- Quiz 81 attempt allowed
Instructors
Steve T. is a highly respected cybersecurity veteran whose 18-year career provides deep expertise across the threat landscape, from complex web application security to intricate low-level exploitation. His journey in Australia began with simpler web architectures, giving him firsthand perspective on the evolution of technology, attack methods, and defensive strategies. This historical context, combined with continuous hands-on engagement with cutting-edge challenges (including vulnerability analysis at both the application and system level), gives Steve a uniquely grounded viewpoint. Throughout his career, he has excelled in penetration testing, security architecture review, incident response, and secure development consulting across diverse industries, actively identifying and remediating vulnerabilities in high-stakes environments.
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
