Lesson 1: Advanced Network Traffic Analysis & Evasion
Deep Dive into TCP/IP: Header Manipulation and Obscure Flags
TCP Flags Beyond the Basics
TCP Options
IP Fragmentation
Exercise 1
Protocol Tunneling Techniques: Implementation Details
DNS Tunneling
ICMP Tunneling
HTTP/S Tunneling
Exercise 2
Advanced Packet Crafting with Scapy/Custom Tools
Introduction to Scapy
Packet Crafting Examples
Other Tools
Exercise 3
IDS/IPS Evasion Techniques
How IDS/IPS Work (Simplified)
Evasion Techniques Revisited
Exercise 4
Deep Packet Inspection (DPI) Bypassing Strategies
Exercise 5
Analyzing Encrypted Traffic Patterns (TLS Handshake Analysis, JA3/JA3S)
The TLS Handshake
JA3 Fingerprinting
JA3S Fingerprinting
Limitations of JA3/JA3S
Exercise 6
Network Flow Analysis (NetFlow/IPFIX) for Anomaly Detection
What is Flow Data?
Generation and Collection
Security Use Cases
Limitations
Exercise 7
Lesson Summary
Quiz 1
3 attempts allowed
Lesson 2: Modern Endpoint Detection & Response (EDR) Internals & Bypass
Understanding EDR Telemetry: The Data Sources
Kernel Callbacks and Filter Drivers
Event Tracing for Windows (ETW)
API Hooking (Userland vs. Kernel)
Exercise 8
Common EDR Detection Mechanisms (Illustrative Examples)
Process Injection Detection
Credential Access Detection (LSASS Dumping)
Lateral Movement Detection
Exercise 9
Techniques for Bypassing EDR Hooks (Userland Focus)
Direct Syscalls
Unhooking
Hardware Breakpoints
Bring Your Own Land (BYOL) / Vulnerable Driver Abuse
Exercise 10
Evading Behavioral Analysis
Process Hollowing & Variations
Reflective Loading
In-Memory Execution (.NET Example)
Parent Process ID (PPID) Spoofing
AMSI (Antimalware Scan Interface) Internals and Bypass
How AMSI Works
AMSI Bypassing Techniques
Exercise 11
Analyzing EDR Logs and Artifacts
Exercise 12
The Role of Memory Forensics
Exercise 13
Lesson Summary
Exercise 14
Quiz 2
3 attempts allowed
Lesson 3: Applied Offensive Techniques: Post-Exploitation Deep Dive
Advanced Credential Harvesting: Access Beyond the Initial Foothold
LSASS Dumping: Accessing Credential Material in Memory
Kerberos Attacks: Abusing the Authentication Protocol
Exercise 15
Living-off-the-Land (LotL): Using What’s Already There
Advanced LOLBAS Examples (Windows)
LOLBAS Obfuscation Recap
Exercise 16
Windows Lateral Movement Techniques: Spreading Through the Network
WMI for Remote Execution
WinRM / PowerShell Remoting
DCOM Object Abuse
SMB/RPC Based (PsExec Variants)
Exercise 17
Linux Lateral Movement
SSH Tunneling and Pivoting
Sudo Exploitation and Misconfigurations
Shared Library Hijacking
Exercise 18
Command and Control (C2) Framework Internals
Malleable C2 Profiles
Domain Fronting (Legacy Concept & Detection)
DNS C2 Channel Analysis
Exercise 19
Data Exfiltration Techniques: Getting the Goods Out
Covert Channels (Beyond Standard Tunneling)
Steganography
Protocol Abuse / Using Legitimate Services
Exercise 20
Lesson Summary
Exercise 21
Quiz 3
3 attempts allowed
Lesson 4: Cloud Security Architecture & Exploitation (Focus: AWS/Azure)
Introduction to Cloud Security Challenges
Exercise 22
IAM Deep Dive: The Cornerstone of Cloud Security
AWS IAM Policy Evaluation Logic
Azure RBAC Evaluation Logic
AWS AssumeRole Internals (STS)
Azure RBAC vs. Azure AD Roles
Federation Security (SAML, OAuth2/OIDC)
Exercise 23
VPC/VNet Security Internals: Network Controls in the Cloud
Security Groups (AWS) vs. Network Security Groups (NSGs - Azure)
Network Access Control Lists (NACLs - AWS) vs. NSG Flow Logs (Azure)
VPC Endpoints (AWS) vs. Private Endpoints (Azure)
Network Segmentation Strategies
Exercise 24
Serverless (Lambda/Functions) Security: New Execution Models, New Risks
Execution Environment Internals
Event Injection Vulnerabilities
Function Permissions Misconfigurations
Secrets Management
Exercise 25
Container Security in the Cloud (ECS/EKS, AKS)
Runtime Security
Image Scanning Internals & CI/CD Integration
Kubernetes RBAC Exploitation
Network Policies (Kubernetes)
Exercise 26
Cloud Storage Security Pitfalls (S3/Blob)
Access Control Mechanisms & Complexity
Pre-signed URLs (AWS S3)
Shared Access Signatures (SAS - Azure)
Data Leakage Vectors
Exercise 27
Cloud Auditing and Logging: Visibility is Key
Core Logging Services
Log Analysis Strategies
Detecting Advanced Threats with Logs
Exercise 28
Lesson Summary
Exercise 29
Quiz 4
3 attempts allowed
Lesson 5: Practical Cryptography & Implementation Failures
TLS/SSL Deep Dive: Securing the Transport Layer
The TLS 1.2 Handshake (Simplified Walkthrough)
Certificate Validation Internals
Common Configuration Weaknesses
Exercise 30
Public Key Infrastructure (PKI) Internals
Certificate Authority Hierarchies
CRL/OCSP Mechanisms and Failures (Revisited)
Certificate Transparency (CT) Logs
Exercise 31
Common Cryptographic Implementation Bugs
Padding Oracles (CBC Mode)
Weak Random Number Generation
Timing Attacks (Conceptual Examples)
Exercise 32
Hashing Algorithms: Integrity and Beyond
Core Properties:
Practical Issues with MD5 and SHA-1
Length Extension Attacks
Exercise 33
Symmetric vs. Asymmetric Encryption: The Hybrid Approach
Key Management Challenges
Exercise 34
Introduction to Post-Quantum Cryptography Concepts (Brief Overview)
Exercise 35
Lesson Summary
Exercise 36
Quiz 5
3 attempts allowed
Lesson 6: Technical Incident Response & Memory Forensics
The Incident Response Lifecycle: Technical Actions
Exercise 37
Volatile Data Collection Techniques: Capturing Fleeting Evidence
Memory Acquisition (RAM Dump)
Other Volatile System State Capture
Exercise 38
Memory Analysis with Volatility Framework
Getting Started
Process Listing (pslist, pstree, psscan)
Network Connections (netscan, sockets, sockscan)
DLL Analysis (dlllist, ldrmodules)
Command History (cmdscan, consoles)
Registry Analysis (hivelist, printkey, dumpregistry)
Exercise 39
Identifying Malware in Memory
Code Injection Detection (malfind)
Hidden Processes/Drivers (psxview, driverscan, modscan)
Hook Detection (apihooks, ssdt, idt, gdt - Volatility 2 more common, some V3 ports exist)
Exercise 40
Filesystem Forensics Basics: Complementing Memory
MFT Analysis (NTFS)
Timestamps (MAC Times) & Timestomping
Deleted File Recovery Concepts (NTFS)
Exercise 41
Timeline Analysis Techniques: Weaving the Narrative
The Super Timeline Concept
Tools (Plaso/log2timeline)
Correlation and Analysis
Exercise 42
Lesson Summary
Exercise 43
Quiz 6
3 attempts allowed
Lesson 7: Reverse Engineering & Malware Analysis Fundamentals
Introduction: Static vs. Dynamic Analysis
Static Analysis Techniques: Examining the Code at Rest
Disassemblers and Decompilers (IDA Pro/Ghidra)
String Analysis
PE Header Analysis: Imports and Exports
Packer and Obfuscator Identification
Exercise 44
Dynamic Analysis Techniques: Observing the Malware in Action
Debuggers (x64dbg/WinDbg)
Sandboxing
Behavioral Monitoring Tools
Exercise 45
Common Malware Techniques
Persistence Mechanisms
Anti-Analysis Tricks
Command and Control (C2) Communication Patterns
Exercise 46
Introduction to Assembly Language (x86/x64)
Key Instructions (x86/x64 - Intel Syntax)
Stack Operations & Function Calls
Exercise 47
YARA Rule Creation: Pattern Matching for Detection
Purpose: Identify and classify malware samples, hunt for related samples in datasets, create custom detection rules for security tools (some EDRs/scanners support YARA).
Rule Structure
Key Components:
Writing Effective Rules:
Exercise 48
Lesson Summary
Exercise 49
Quiz 7
3 attempts allowed
Lesson 8: Conclusion & Further Learning
Key Takeaways:
Further Learning:
Exercise 50
Quiz 8
3 attempts allowed
Cybersecurity Deconstructed
Advanced Techniques and Internals
Go beyond abstractions and master the core technical realities of modern cybersecurity. Deconstruct advanced network evasion and EDR bypass techniques, dissect sophisticated post-exploitation and cloud attack vectors, and analyze cryptographic failures and malware at their roots.
Minimum price
$129
$179
You pay
Author earns
About
About the Course
Go Beyond the Surface: Master Cybersecurity Internals
Are you tired of cybersecurity explanations that barely scratch the surface? In a world of sophisticated APTs, complex cloud environments, and elusive fileless malware, a fundamental, deep technical understanding isn't just an advantage—it's a necessity. Cybersecurity Deconstructed plunges into the critical internals, moving beyond abstractions to reveal the underlying mechanics of modern attacks and defenses.
This course is your guide to deconstructing the core components of cybersecurity. You'll dissect advanced TCP/IP manipulation and evasion tactics, explore EDR internals and bypass techniques, master sophisticated post-exploitation methods (including LSASS dumping nuances, Kerberoasting, and lateral movement), navigate AWS/Azure security pitfalls, understand practical cryptographic failures, and learn the essentials of memory forensics and reverse engineering.
Written for practitioners and advanced learners—including penetration testers, red teamers, incident responders, security engineers, and architects—this course assumes you have the fundamentals down and are ready for a deep dive. You won't just learn what tools do; you'll understand how they work, why attacks succeed, and how defenses can be circumvented or hardened at a fundamental level. Equip yourself with the resilient, adaptable knowledge needed to tackle the most complex cybersecurity challenges.
Instructor
About the Instructor
Steve T. is a cybersecurity professional and technology leader with more than 20 years of experience in application security, infrastructure security, vulnerability management, software development, and secure engineering practices. Having started his career during the early growth of the internet and modern web applications, he has worked through multiple generations of technology, security challenges, and software development methodologies.
Today, Steve is part of the advanced research organization at a leading cybersecurity company, where he focuses on emerging threats, security innovation, and the practical application of research to real-world environments. His work includes analyzing new attack techniques, evaluating emerging technologies, conducting deep technical investigations, and helping organizations better understand and manage complex security risks.
In addition to his research work, Steve leads a team of senior engineers and subject matter experts who develop technical books, training materials, and educational content for security professionals. Under his leadership, the team produces in-depth resources that help engineers, developers, architects, and security practitioners build stronger technical skills and improve security outcomes.
Steve's expertise spans software development, reverse engineering, web application security, penetration testing, security architecture reviews, incident response, vulnerability research, operating system internals, and secure software development. He has extensive experience analyzing complex systems at both the source code and binary levels, allowing him to bridge the gap between software engineering, security research, and real-world defensive practices.
Throughout his career, Steve has worked with organizations across a variety of industries, helping them identify, assess, and remediate security weaknesses in critical applications and infrastructure. He is known for combining deep technical expertise with a practical approach to problem solving, focusing on security solutions that are effective, sustainable, and aligned with business objectives.
Through research, engineering, technical leadership, and education, Steve continues to contribute to the advancement of cybersecurity and the development of secure, resilient technology systems.
Material
Course Material
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Write and Publish on Leanpub
You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!
Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.
Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.