Leanpub Header

Skip to main content

Cybersecurity Deconstructed

Advanced Techniques and Internals

The instructor has published 100% of this course.Last updated on 2025-09-24

Go beyond abstractions and master the core technical realities of modern cybersecurity. Deconstruct advanced network evasion and EDR bypass techniques, dissect sophisticated post-exploitation and cloud attack vectors, and analyze cryptographic failures and malware at their roots.

Minimum price

$129

$179

You pay

Author earns

$

Also available for 1 course credit with a Learner Membership

PDF
EPUB
About

About

About the Course

Go Beyond the Surface: Master Cybersecurity Internals

Are you tired of cybersecurity content that only covers the basics? With today’s advanced threats, including sophisticated APTs, complex cloud environments, and stealthy fileless malware, having a deep technical understanding is no longer optional. Cybersecurity Deconstructed takes you beyond the surface, breaking down the inner workings of modern attacks and defenses so you can understand what is really happening under the hood.

This course is designed to help you analyze and understand the core building blocks of cybersecurity. You’ll explore advanced TCP/IP techniques and evasion strategies, dive into EDR internals and bypass methods, and learn advanced post-exploitation concepts such as LSASS dumping, Kerberoasting, and lateral movement. You’ll also examine common AWS and Azure security mistakes, real-world cryptographic failures, memory forensics, and the fundamentals of reverse engineering.

Built for security professionals and advanced learners, including penetration testers, red teamers, incident responders, security engineers, and architects, this course assumes you already understand the fundamentals and are ready to go deeper. You won’t just learn what security tools do. You’ll learn how they work, why attacks succeed, and how defenses can be improved, bypassed, and strengthened. Develop the technical depth and practical knowledge needed to approach complex cybersecurity challenges with confidence and adaptability.

Instructor

About the Instructor

Steve T. Publications

Steve T. is a cybersecurity leader, researcher, and engineer with more than 20 years of experience across application security, infrastructure security, vulnerability management, software development, and secure engineering practices. Having built his career alongside the growth of the modern internet, he has worked through multiple generations of technology, evolving security threats, and changing development methodologies.

He is currently part of the advanced research organization at a leading cybersecurity company, where he focuses on emerging threats, security innovation, and the practical application of research. His work involves investigating new attack techniques, evaluating emerging technologies, conducting deep technical analysis, and helping organizations better understand and manage complex security risks.

In addition to his research responsibilities, Steve leads a team of senior engineers and subject matter experts who create technical books, training programs, and educational resources for security professionals. Through this work, he helps engineers, developers, architects, and security practitioners strengthen their skills and build more secure systems.

Steve's technical expertise spans software development, reverse engineering, web application security, penetration testing, security architecture, incident response, vulnerability research, operating system internals, and secure software development. His ability to analyze systems at both the source code and binary levels enables him to bridge the worlds of software engineering, security research, and practical defense.

Over the course of his career, Steve has worked with organizations across a wide range of industries, helping them identify, assess, and remediate security weaknesses in critical applications and infrastructure. He is recognized for combining deep technical expertise with a pragmatic approach to security, focusing on solutions that are effective, sustainable, and aligned with business goals.

Through his work in research, engineering, leadership, and education, Steve continues to contribute to the advancement of cybersecurity and the development of secure, resilient technology systems.

Material

Course Material

  • Lesson 1: Advanced Network Traffic Analysis & Evasion

  • Deep Dive into TCP/IP: Header Manipulation and Obscure Flags

  • TCP Flags Beyond the Basics

  • TCP Options

  • IP Fragmentation

  • Exercise 1

  • Protocol Tunneling Techniques: Implementation Details

  • DNS Tunneling

  • ICMP Tunneling

  • HTTP/S Tunneling

  • Exercise 2

  • Advanced Packet Crafting with Scapy/Custom Tools

  • Introduction to Scapy

  • Packet Crafting Examples

  • Other Tools

  • Exercise 3

  • IDS/IPS Evasion Techniques

  • How IDS/IPS Work (Simplified)

  • Evasion Techniques Revisited

  • Exercise 4

  • Deep Packet Inspection (DPI) Bypassing Strategies

  • Exercise 5

  • Analyzing Encrypted Traffic Patterns (TLS Handshake Analysis, JA3/JA3S)

  • The TLS Handshake

  • JA3 Fingerprinting

  • JA3S Fingerprinting

  • Limitations of JA3/JA3S

  • Exercise 6

  • Network Flow Analysis (NetFlow/IPFIX) for Anomaly Detection

  • What is Flow Data?

  • Generation and Collection

  • Security Use Cases

  • Limitations

  • Exercise 7

  • Lesson Summary

  • Quiz 1

    3 attempts allowed

  • Lesson 2: Modern Endpoint Detection & Response (EDR) Internals & Bypass

  • Understanding EDR Telemetry: The Data Sources

  • Kernel Callbacks and Filter Drivers

  • Event Tracing for Windows (ETW)

  • API Hooking (Userland vs. Kernel)

  • Exercise 8

  • Common EDR Detection Mechanisms (Illustrative Examples)

  • Process Injection Detection

  • Credential Access Detection (LSASS Dumping)

  • Lateral Movement Detection

  • Exercise 9

  • Techniques for Bypassing EDR Hooks (Userland Focus)

  • Direct Syscalls

  • Unhooking

  • Hardware Breakpoints

  • Bring Your Own Land (BYOL) / Vulnerable Driver Abuse

  • Exercise 10

  • Evading Behavioral Analysis

  • Process Hollowing & Variations

  • Reflective Loading

  • In-Memory Execution (.NET Example)

  • Parent Process ID (PPID) Spoofing

  • AMSI (Antimalware Scan Interface) Internals and Bypass

  • How AMSI Works

  • AMSI Bypassing Techniques

  • Exercise 11

  • Analyzing EDR Logs and Artifacts

  • Exercise 12

  • The Role of Memory Forensics

  • Exercise 13

  • Lesson Summary

  • Exercise 14

  • Quiz 2

    3 attempts allowed

  • Lesson 3: Applied Offensive Techniques: Post-Exploitation Deep Dive

  • Advanced Credential Harvesting: Access Beyond the Initial Foothold

  • LSASS Dumping: Accessing Credential Material in Memory

  • Kerberos Attacks: Abusing the Authentication Protocol

  • Exercise 15

  • Living-off-the-Land (LotL): Using What’s Already There

  • Advanced LOLBAS Examples (Windows)

  • LOLBAS Obfuscation Recap

  • Exercise 16

  • Windows Lateral Movement Techniques: Spreading Through the Network

  • WMI for Remote Execution

  • WinRM / PowerShell Remoting

  • DCOM Object Abuse

  • SMB/RPC Based (PsExec Variants)

  • Exercise 17

  • Linux Lateral Movement

  • SSH Tunneling and Pivoting

  • Sudo Exploitation and Misconfigurations

  • Shared Library Hijacking

  • Exercise 18

  • Command and Control (C2) Framework Internals

  • Malleable C2 Profiles

  • Domain Fronting (Legacy Concept & Detection)

  • DNS C2 Channel Analysis

  • Exercise 19

  • Data Exfiltration Techniques: Getting the Goods Out

  • Covert Channels (Beyond Standard Tunneling)

  • Steganography

  • Protocol Abuse / Using Legitimate Services

  • Exercise 20

  • Lesson Summary

  • Exercise 21

  • Quiz 3

    3 attempts allowed

  • Lesson 4: Cloud Security Architecture & Exploitation (Focus: AWS/Azure)

  • Introduction to Cloud Security Challenges

  • Exercise 22

  • IAM Deep Dive: The Cornerstone of Cloud Security

  • AWS IAM Policy Evaluation Logic

  • Azure RBAC Evaluation Logic

  • AWS AssumeRole Internals (STS)

  • Azure RBAC vs. Azure AD Roles

  • Federation Security (SAML, OAuth2/OIDC)

  • Exercise 23

  • VPC/VNet Security Internals: Network Controls in the Cloud

  • Security Groups (AWS) vs. Network Security Groups (NSGs - Azure)

  • Network Access Control Lists (NACLs - AWS) vs. NSG Flow Logs (Azure)

  • VPC Endpoints (AWS) vs. Private Endpoints (Azure)

  • Network Segmentation Strategies

  • Exercise 24

  • Serverless (Lambda/Functions) Security: New Execution Models, New Risks

  • Execution Environment Internals

  • Event Injection Vulnerabilities

  • Function Permissions Misconfigurations

  • Secrets Management

  • Exercise 25

  • Container Security in the Cloud (ECS/EKS, AKS)

  • Runtime Security

  • Image Scanning Internals & CI/CD Integration

  • Kubernetes RBAC Exploitation

  • Network Policies (Kubernetes)

  • Exercise 26

  • Cloud Storage Security Pitfalls (S3/Blob)

  • Access Control Mechanisms & Complexity

  • Pre-signed URLs (AWS S3)

  • Shared Access Signatures (SAS - Azure)

  • Data Leakage Vectors

  • Exercise 27

  • Cloud Auditing and Logging: Visibility is Key

  • Core Logging Services

  • Log Analysis Strategies

  • Detecting Advanced Threats with Logs

  • Exercise 28

  • Lesson Summary

  • Exercise 29

  • Quiz 4

    3 attempts allowed

  • Lesson 5: Practical Cryptography & Implementation Failures

  • TLS/SSL Deep Dive: Securing the Transport Layer

  • The TLS 1.2 Handshake (Simplified Walkthrough)

  • Certificate Validation Internals

  • Common Configuration Weaknesses

  • Exercise 30

  • Public Key Infrastructure (PKI) Internals

  • Certificate Authority Hierarchies

  • CRL/OCSP Mechanisms and Failures (Revisited)

  • Certificate Transparency (CT) Logs

  • Exercise 31

  • Common Cryptographic Implementation Bugs

  • Padding Oracles (CBC Mode)

  • Weak Random Number Generation

  • Timing Attacks (Conceptual Examples)

  • Exercise 32

  • Hashing Algorithms: Integrity and Beyond

  • Core Properties:

  • Practical Issues with MD5 and SHA-1

  • Length Extension Attacks

  • Exercise 33

  • Symmetric vs. Asymmetric Encryption: The Hybrid Approach

  • Key Management Challenges

  • Exercise 34

  • Introduction to Post-Quantum Cryptography Concepts (Brief Overview)

  • Exercise 35

  • Lesson Summary

  • Exercise 36

  • Quiz 5

    3 attempts allowed

  • Lesson 6: Technical Incident Response & Memory Forensics

  • The Incident Response Lifecycle: Technical Actions

  • Exercise 37

  • Volatile Data Collection Techniques: Capturing Fleeting Evidence

  • Memory Acquisition (RAM Dump)

  • Other Volatile System State Capture

  • Exercise 38

  • Memory Analysis with Volatility Framework

  • Getting Started

  • Process Listing (pslist, pstree, psscan)

  • Network Connections (netscan, sockets, sockscan)

  • DLL Analysis (dlllist, ldrmodules)

  • Command History (cmdscan, consoles)

  • Registry Analysis (hivelist, printkey, dumpregistry)

  • Exercise 39

  • Identifying Malware in Memory

  • Code Injection Detection (malfind)

  • Hidden Processes/Drivers (psxview, driverscan, modscan)

  • Hook Detection (apihooks, ssdt, idt, gdt - Volatility 2 more common, some V3 ports exist)

  • Exercise 40

  • Filesystem Forensics Basics: Complementing Memory

  • MFT Analysis (NTFS)

  • Timestamps (MAC Times) & Timestomping

  • Deleted File Recovery Concepts (NTFS)

  • Exercise 41

  • Timeline Analysis Techniques: Weaving the Narrative

  • The Super Timeline Concept

  • Tools (Plaso/log2timeline)

  • Correlation and Analysis

  • Exercise 42

  • Lesson Summary

  • Exercise 43

  • Quiz 6

    3 attempts allowed

  • Lesson 7: Reverse Engineering & Malware Analysis Fundamentals

  • Introduction: Static vs. Dynamic Analysis

  • Static Analysis Techniques: Examining the Code at Rest

  • Disassemblers and Decompilers (IDA Pro/Ghidra)

  • String Analysis

  • PE Header Analysis: Imports and Exports

  • Packer and Obfuscator Identification

  • Exercise 44

  • Dynamic Analysis Techniques: Observing the Malware in Action

  • Debuggers (x64dbg/WinDbg)

  • Sandboxing

  • Behavioral Monitoring Tools

  • Exercise 45

  • Common Malware Techniques

  • Persistence Mechanisms

  • Anti-Analysis Tricks

  • Command and Control (C2) Communication Patterns

  • Exercise 46

  • Introduction to Assembly Language (x86/x64)

  • Key Instructions (x86/x64 - Intel Syntax)

  • Stack Operations & Function Calls

  • Exercise 47

  • YARA Rule Creation: Pattern Matching for Detection

  • Purpose: Identify and classify malware samples, hunt for related samples in datasets, create custom detection rules for security tools (some EDRs/scanners support YARA).

  • Rule Structure

  • Key Components:

  • Writing Effective Rules:

  • Exercise 48

  • Lesson Summary

  • Exercise 49

  • Quiz 7

    3 attempts allowed

  • Lesson 8: Conclusion & Further Learning

  • Key Takeaways:

  • Further Learning:

  • Exercise 50

  • Quiz 8

    3 attempts allowed

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub