Skip to main content

Modules

Modules are made up of bite-sized labs.

Attacking LLMs

In this module, we cover practical attacks against systems that use large language models, including prompt injection, unsafe output handling, and model poisoning . You will learn how crafted inputs and careless handling of model output can expose secrets or trigger unauthorised actions, and how poisoned training data can cause persistent failures. Each topic includes hands-on exercises and realistic scenarios that show how small issues can be linked into larger attack paths. By the end, participants can build concise proof of concept attacks and suggest clear, practical mitigations.

Command Line

Understanding command-line interfaces (CLI) is essential, as many security tools and tasks require their configuration and usage through them. CLIs are imperative for scripting and automation and can prove very helpful in carrying out penetration testing and incident analysis. This module will teach us how to use the command line and PowerShell in Windows and Bash in Linux.

Container Security

Containerisation technologies such as Docker are popular for developing and deploying applications. In this module, you will learn how Docker works, some common vulnerabilities and various measures that can be taken to secure your container from attack.

Host Evasions

This module provides the essential knowledge and fundamental techniques to bypass various host-based security solutions, including AV products, UAC and AppLocker, Logging, Runtime Detection, and AMSI. You will also learn the Living-Off-the-Land technique and how to leverage the Windows Sysinternals tool to perform various Red Team purposes.

Memory Analysis

In this module, we'll learn how to investigate volatile memory to uncover signs of suspicious behaviour, hidden programs, user activity, and potential security threats. We will explore how memory stores valuable information about running programs, system usage, and network interactions that often disappear after shutdown. Through guided practice and real scenarios, we'll develop the skills to identify unusual patterns, trace actions taken on a system, and connect the dots to understand what happened. Each step combines clear explanations with practical exercises using the Volatility Framework to build confidence and prepare us for real investigation work.

Microsoft Defender XDR

Microsoft Defender XDR is built to correlate threat signals across endpoints, identities, email, and cloud apps. This module walks you through the attacker kill chain step-by-step, helping you understand how different stages of an attack surface in Defender tools. Across the module, you'll investigate alerts and signals related to Initial Access, Privilege Escalation, Lateral Movement, and more. By working through real-world scenarios, you'll develop hands-on experience with Microsoft Defender for Endpoint and Identity, building the skills needed to detect, investigate, and respond to complex threats using XDR.

Starters

This module offers a collection of fun, standalone CTF-style challenges designed to help learners build practical hacking skills. These are not part of a linear learning path but serve as valuable, varied practice for foundational techniques across different domains.