Lesson 1: Advanced Network Traffic Analysis & Evasion
Deep Dive into TCP/IP: Header Manipulation and Obscure Flags
TCP Flags Beyond the Basics
TCP Options
IP Fragmentation
Exercise 1
Protocol Tunneling Techniques: Implementation Details
DNS Tunneling
ICMP Tunneling
HTTP/S Tunneling
Exercise 2
Advanced Packet Crafting with Scapy/Custom Tools
Introduction to Scapy
Packet Crafting Examples
Other Tools
Exercise 3
IDS/IPS Evasion Techniques
How IDS/IPS Work (Simplified)
Evasion Techniques Revisited
Exercise 4
Deep Packet Inspection (DPI) Bypassing Strategies
Exercise 5
Analyzing Encrypted Traffic Patterns (TLS Handshake Analysis, JA3/JA3S)
The TLS Handshake
JA3 Fingerprinting
JA3S Fingerprinting
Limitations of JA3/JA3S
Exercise 6
Network Flow Analysis (NetFlow/IPFIX) for Anomaly Detection
What is Flow Data?
Generation and Collection
Security Use Cases
Limitations
Exercise 7
Lesson Summary
Quiz 1
3 attempts allowed
Lesson 2: Modern Endpoint Detection & Response (EDR) Internals & Bypass
Understanding EDR Telemetry: The Data Sources
Kernel Callbacks and Filter Drivers
Event Tracing for Windows (ETW)
API Hooking (Userland vs. Kernel)
Exercise 8
Common EDR Detection Mechanisms (Illustrative Examples)
Process Injection Detection
Credential Access Detection (LSASS Dumping)
Lateral Movement Detection
Exercise 9
Techniques for Bypassing EDR Hooks (Userland Focus)
Direct Syscalls
Unhooking
Hardware Breakpoints
Bring Your Own Land (BYOL) / Vulnerable Driver Abuse
Exercise 10
Evading Behavioral Analysis
Process Hollowing & Variations
Reflective Loading
In-Memory Execution (.NET Example)
Parent Process ID (PPID) Spoofing
AMSI (Antimalware Scan Interface) Internals and Bypass
How AMSI Works
AMSI Bypassing Techniques
Exercise 11
Analyzing EDR Logs and Artifacts
Exercise 12
The Role of Memory Forensics
Exercise 13
Lesson Summary
Exercise 14
Quiz 2
3 attempts allowed
Lesson 3: Applied Offensive Techniques: Post-Exploitation Deep Dive
Advanced Credential Harvesting: Access Beyond the Initial Foothold
LSASS Dumping: Accessing Credential Material in Memory
Kerberos Attacks: Abusing the Authentication Protocol
Exercise 15
Living-off-the-Land (LotL): Using What’s Already There
Advanced LOLBAS Examples (Windows)
LOLBAS Obfuscation Recap
Exercise 16
Windows Lateral Movement Techniques: Spreading Through the Network
WMI for Remote Execution
WinRM / PowerShell Remoting
DCOM Object Abuse
SMB/RPC Based (PsExec Variants)
Exercise 17
Linux Lateral Movement
SSH Tunneling and Pivoting
Sudo Exploitation and Misconfigurations
Shared Library Hijacking
Exercise 18
Command and Control (C2) Framework Internals
Malleable C2 Profiles
Domain Fronting (Legacy Concept & Detection)
DNS C2 Channel Analysis
Exercise 19
Data Exfiltration Techniques: Getting the Goods Out
Covert Channels (Beyond Standard Tunneling)
Steganography
Protocol Abuse / Using Legitimate Services
Exercise 20
Lesson Summary
Exercise 21
Quiz 3
3 attempts allowed
Lesson 4: Cloud Security Architecture & Exploitation (Focus: AWS/Azure)
Introduction to Cloud Security Challenges
Exercise 22
IAM Deep Dive: The Cornerstone of Cloud Security
AWS IAM Policy Evaluation Logic
Azure RBAC Evaluation Logic
AWS AssumeRole Internals (STS)
Azure RBAC vs. Azure AD Roles
Federation Security (SAML, OAuth2/OIDC)
Exercise 23
VPC/VNet Security Internals: Network Controls in the Cloud
Security Groups (AWS) vs. Network Security Groups (NSGs - Azure)
Network Access Control Lists (NACLs - AWS) vs. NSG Flow Logs (Azure)
VPC Endpoints (AWS) vs. Private Endpoints (Azure)
Network Segmentation Strategies
Exercise 24
Serverless (Lambda/Functions) Security: New Execution Models, New Risks
Execution Environment Internals
Event Injection Vulnerabilities
Function Permissions Misconfigurations
Secrets Management
Exercise 25
Container Security in the Cloud (ECS/EKS, AKS)
Runtime Security
Image Scanning Internals & CI/CD Integration
Kubernetes RBAC Exploitation
Network Policies (Kubernetes)
Exercise 26
Cloud Storage Security Pitfalls (S3/Blob)
Access Control Mechanisms & Complexity
Pre-signed URLs (AWS S3)
Shared Access Signatures (SAS - Azure)
Data Leakage Vectors
Exercise 27
Cloud Auditing and Logging: Visibility is Key
Core Logging Services
Log Analysis Strategies
Detecting Advanced Threats with Logs
Exercise 28
Lesson Summary
Exercise 29
Quiz 4
3 attempts allowed
Lesson 5: Practical Cryptography & Implementation Failures
TLS/SSL Deep Dive: Securing the Transport Layer
The TLS 1.2 Handshake (Simplified Walkthrough)
Certificate Validation Internals
Common Configuration Weaknesses
Exercise 30
Public Key Infrastructure (PKI) Internals
Certificate Authority Hierarchies
CRL/OCSP Mechanisms and Failures (Revisited)
Certificate Transparency (CT) Logs
Exercise 31
Common Cryptographic Implementation Bugs
Padding Oracles (CBC Mode)
Weak Random Number Generation
Timing Attacks (Conceptual Examples)
Exercise 32
Hashing Algorithms: Integrity and Beyond
Core Properties:
Practical Issues with MD5 and SHA-1
Length Extension Attacks
Exercise 33
Symmetric vs. Asymmetric Encryption: The Hybrid Approach
Key Management Challenges
Exercise 34
Introduction to Post-Quantum Cryptography Concepts (Brief Overview)
Exercise 35
Lesson Summary
Exercise 36
Quiz 5
3 attempts allowed
Lesson 6: Technical Incident Response & Memory Forensics
The Incident Response Lifecycle: Technical Actions
Exercise 37
Volatile Data Collection Techniques: Capturing Fleeting Evidence
Memory Acquisition (RAM Dump)
Other Volatile System State Capture
Exercise 38
Memory Analysis with Volatility Framework
Getting Started
Process Listing (pslist, pstree, psscan)
Network Connections (netscan, sockets, sockscan)
DLL Analysis (dlllist, ldrmodules)
Command History (cmdscan, consoles)
Registry Analysis (hivelist, printkey, dumpregistry)
Exercise 39
Identifying Malware in Memory
Code Injection Detection (malfind)
Hidden Processes/Drivers (psxview, driverscan, modscan)
Hook Detection (apihooks, ssdt, idt, gdt - Volatility 2 more common, some V3 ports exist)
Exercise 40
Filesystem Forensics Basics: Complementing Memory
MFT Analysis (NTFS)
Timestamps (MAC Times) & Timestomping
Deleted File Recovery Concepts (NTFS)
Exercise 41
Timeline Analysis Techniques: Weaving the Narrative
The Super Timeline Concept
Tools (Plaso/log2timeline)
Correlation and Analysis
Exercise 42
Lesson Summary
Exercise 43
Quiz 6
3 attempts allowed
Lesson 7: Reverse Engineering & Malware Analysis Fundamentals
Introduction: Static vs. Dynamic Analysis
Static Analysis Techniques: Examining the Code at Rest
Disassemblers and Decompilers (IDA Pro/Ghidra)
String Analysis
PE Header Analysis: Imports and Exports
Packer and Obfuscator Identification
Exercise 44
Dynamic Analysis Techniques: Observing the Malware in Action
Debuggers (x64dbg/WinDbg)
Sandboxing
Behavioral Monitoring Tools
Exercise 45
Common Malware Techniques
Persistence Mechanisms
Anti-Analysis Tricks
Command and Control (C2) Communication Patterns
Exercise 46
Introduction to Assembly Language (x86/x64)
Key Instructions (x86/x64 - Intel Syntax)
Stack Operations & Function Calls
Exercise 47
YARA Rule Creation: Pattern Matching for Detection
Purpose: Identify and classify malware samples, hunt for related samples in datasets, create custom detection rules for security tools (some EDRs/scanners support YARA).
Rule Structure
Key Components:
Writing Effective Rules:
Exercise 48
Lesson Summary
Exercise 49
Quiz 7
3 attempts allowed
Lesson 8: Conclusion & Further Learning
Key Takeaways:
Further Learning:
Exercise 50
Quiz 8
3 attempts allowed
Cybersecurity Deconstructed
Advanced Techniques and Internals
Cybersecurity Deconstructed
Advanced Techniques and Internals
Go beyond abstractions and master the core technical realities of modern cybersecurity. Deconstruct advanced network evasion and EDR bypass techniques, dissect sophisticated post-exploitation and cloud attack vectors, and analyze cryptographic failures and malware at their roots.
The instructor is letting you choose the price you pay for this course!
The instructor is letting you choose the price you pay for this course!
Go beyond abstractions and master the core technical realities of modern cybersecurity. Deconstruct advanced network evasion and EDR bypass techniques, dissect sophisticated post-exploitation and cloud attack vectors, and analyze cryptographic failures and malware at their roots.
About
About the Course
Go Beyond the Surface: Master Cybersecurity Internals
Are you tired of cybersecurity explanations that barely scratch the surface? In a world of sophisticated APTs, complex cloud environments, and elusive fileless malware, a fundamental, deep technical understanding isn't just an advantage—it's a necessity. Cybersecurity Deconstructed plunges into the critical internals, moving beyond abstractions to reveal the underlying mechanics of modern attacks and defenses.
This course is your guide to deconstructing the core components of cybersecurity. You'll dissect advanced TCP/IP manipulation and evasion tactics, explore EDR internals and bypass techniques, master sophisticated post-exploitation methods (including LSASS dumping nuances, Kerberoasting, and lateral movement), navigate AWS/Azure security pitfalls, understand practical cryptographic failures, and learn the essentials of memory forensics and reverse engineering.
Written for practitioners and advanced learners—including penetration testers, red teamers, incident responders, security engineers, and architects—this course assumes you have the fundamentals down and are ready for a deep dive. You won't just learn what tools do; you'll understand how they work, why attacks succeed, and how defenses can be circumvented or hardened at a fundamental level. Equip yourself with the resilient, adaptable knowledge needed to tackle the most complex cybersecurity challenges.
Price
Course Price
Minimum price
$129.00
$179.00
You pay
$179.00Author earns
$143.20Instructor
About the Instructor
Steve T.
Steve T. is a highly respected cybersecurity veteran whose 18-year career provides deep expertise across the threat landscape, from complex web application security to intricate low-level exploitation. His journey in Germany began with simpler web architectures, giving him firsthand perspective on the evolution of technology, attack methods, and defensive strategies. This historical context, combined with continuous hands-on engagement with cutting-edge challenges (including vulnerability analysis at both the application and system level), gives Steve a uniquely grounded viewpoint. Throughout his career, he has excelled in penetration testing, security architecture review, incident response, and secure development consulting across diverse industries, actively identifying and remediating vulnerabilities in high-stakes environments.
Material
Course Material
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Write and Publish on Leanpub
You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!
Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.
Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.