Shows
CyberCode AcademyCourse 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 1: Kali Linux EssentialsIn this lesson, you’ll learn about:Kali Linux, a Unix-like operating system designed for penetration testing and security assessments, preloaded with hundreds of specialized tools.Deployment options, including full hard drive installation, portable live USB/CD for field testing, and virtualized environments such as VMware Workstation for safe lab setups.System maintenance best practices, using apt update and apt upgrade to keep tools, dependencies, and security patches current for optimal performance and stability.Information gathering tools, including network and port scanning with Nmap and OSINT and relationship mapping with Maltego....
2026-03-0620 min
CyberCode AcademyCourse 26 - Assessing and Mitigating Security Risks | Episode 4: A Guide to Mitigation and Security ControlsIn this lesson, you’ll learn about:Core mitigation strategies and layered security controls used to defend modern network infrastructures against evolving threats.Asset inventory and continuous discovery, including identifying authorized and unauthorized devices and software using DHCP and DNS logs.Secure configuration management, ensuring hardware, software, and virtual systems comply with defined security baselines using tools like Desired State Configuration (DSC).Vulnerability management practices, including automated scanning, prioritization, and timely remediation of identified weaknesses.Privileged access protection, securing administrative accounts against credential theft, brute-force attacks, and privilege escalation....
2026-03-0421 min
CyberCode AcademyCourse 26 - Assessing and Mitigating Security Risks | Episode 3: Foundations of Successful Incident Identification and Response ManagementIn this lesson, you’ll learn about:How to shift from reactive to proactive security by using intrusion detection tools and manually analyzing network logs to identify threats early.The importance of an Incident Response Plan (IRP), including clearly defined roles, responsibilities, and escalation paths to ensure proper and authorized incident handling.The structured incident handling lifecycle, covering incident identification, documentation, communication, containment, and forensic investigation while preserving critical evidence.Threat eradication and system recovery, including removing malicious components, reimaging compromised systems, applying patches, and restoring data securely from backups....
2026-03-0321 min
CyberCode AcademyCourse 26 - Assessing and Mitigating Security Risks | Episode 2: The Fundamentals of Organizational Risk ManagementIn this lesson, you’ll learn about:The Foundations of Organizational Risk ManagementWhy security must begin with understanding a system’s requirements, limitations, and operational environment before deploymentHow improper preparation can lead to security failures, operational risks, and legal consequencesThe Four Stages of the Risk Management ProcessFraming: Defining the organizational context, objectives, and risk toleranceAssessing: Identifying threats, vulnerabilities, and estimating their potential impactResponding: Developing and implementing strategies to mitigate or accept risksMonitoring: Continuously reviewing systems to ensu...
2026-03-0220 min
CyberCode AcademyCourse 26 - Assessing and Mitigating Security Risks | Episode 1: Threats, Mindsets, and VulnerabilitiesIn this lesson, you’ll learn about:The Modern Cybersecurity LandscapeHow cybersecurity has evolved from an IT-only concern into a shared responsibility for all usersWhy understanding the attacker’s mindset is essential for identifying and preventing threatsSocial Engineering and Human ExploitationHow attackers manipulate emotions like fear, curiosity, greed, and trustThe differences between phishing (mass attacks) and spear phishing (targeted attacks)How human behavior can bypass even strong technical defensesMalware, Ransomware, and Advanced ThreatsThe evolution from...
2026-03-0123 min
CyberCode AcademyCourse 25 - API Python Hacking | Episode 7: Building Windows Executables from Python Scripts with PyInstallerIn this lesson, you’ll learn about:Converting Python Scripts into ExecutablesInstalling and using PyInstaller to package Python code into standalone .exe filesUnderstanding how executables allow programs to run on systems without Python installedCompilation Process with PyInstallerUsing the command pip3 install pyinstaller to install the packaging toolRunning PyInstaller on a Python script to generate a Windows Portable Executable (PE) fileObserving how PyInstaller bundles dependencies automaticallyUnderstanding the Output StructureLocating the compiled executable inside the di...
2026-02-2816 min
CyberCode AcademyCourse 25 - API Python Hacking | Episode 6: Privilege Modification and User ImpersonationIn this lesson, you’ll learn about:Programmatic Privilege ModificationHow to use the AdjustTokenPrivileges API to enable or disable specific privilegesUnderstanding the TOKEN_PRIVILEGES structure and how privilege attributes are modifiedEnabling critical privileges like SeDebugPrivilege to allow advanced system accessPreparing for Token ManipulationIdentifying a target process or user through window handles or process IDs (PID)Elevating your script’s permissions to allow interaction with protected system processesUnderstanding why privilege elevation is required before duplicating tokensToke...
2026-02-2717 min
CyberCode AcademyCourse 25 - API Python Hacking | Episode 5: Managing and Verifying Process PrivilegesIn this lesson, you’ll learn about:Fundamentals of Windows Access TokensTokens define a process's privileges, such as shutting down the system or debugging memoryTokens are static: you can enable/disable existing privileges but cannot add new onesDifference between default tokens (limited rights, e.g., SeChangeNotify) and administrative tokens (powerful rights, e.g., SeDebugPrivilege)Programmatic Access to TokensUsing Python’s ctypes to interface with kernel32.dll and advapi32.dllObtaining a privileged handle with OpenProcessAccessing a process token via...
2026-02-2616 min
CyberCode AcademyCourse 25 - API Python Hacking | Episode 4: Structures, Process Spawning, and Undocumented CallsIn this lesson, you’ll learn about:Defining Windows Internal Structures in PythonRepresenting structures like PROCESS_INFORMATION and STARTUPINFO using ctypes.StructureMapping Windows data types (HANDLE, DWORD, LPWSTR) with the _fields_ attributeInstantiating structures for API calls to configure or retrieve process informationSpawning System ProcessesUsing CreateProcessW from kernel32.dllSetting application paths (e.g., cmd.exe) and command-line argumentsManaging creation flags like CREATE_NEW_CONSOLE (0x10)Passing structures by reference with ctypes.byref to receive pr...
2026-02-2521 min
CyberCode AcademyCourse 25 - API Python Hacking | Episode 3: From ctypes Basics to Building a Process KillerIn this lesson, you’ll learn about:Interfacing Python with Windows API using ctypesLoading core DLLs: user32.dll and kernel32.dllExecuting basic functions like MessageBoxWMapping C-style data types (e.g., LPCWSTR, DWORD) to Python equivalentsError Handling and PrivilegesUsing GetLastError to debug API failuresCommon errors such as "Access Denied" (error code 5)Understanding how token privileges and administrative rights affect process interactionsProcKiller Project WorkflowFind Window Handle: FindWindowARetrieve Process ID: Ge...
2026-02-2420 min
CyberCode AcademyCourse 25 - API Python Hacking | Episode 2: Foundations of Windows Internals and API MechanismsIn this lesson, you’ll learn about:Fundamentals of Windows Processes and ThreadsA process is a running program with its own virtual memory spaceThreads are units of execution inside processes, allocated CPU time to perform tasksAccess tokens manage privileges and access rights; privileges can be enabled, disabled, or removed but cannot be added to an existing tokenKey System Programming TerminologyHandles: Objects that act as pointers to memory locations or system resourcesStructures: Memory formats used to store and pass data du...
2026-02-2321 min
CyberCode AcademyCourse 25 - API Python Hacking | Episode 1: GitHub Portfolio Building and Environment SetupIn this lesson, you’ll learn about:Building a Professional PortfolioCreating a GitHub account and configuring it for public repositoriesInitializing repositories specifically for Python projectsUploading and organizing files to showcase practical work for employersSetting Up a Windows-Based Technical WorkspaceInstalling Python 3 and verifying it is correctly added to the system PATHInstalling Notepad++ for code editing and pinning it for quick accessPreparing essential analysis tools:Process Explorer (system monitoring)PsExec (remote execution and administrative ta...
2026-02-2218 min
CyberCode AcademyCourse 24 - Machine Learning for Red Team Hackers | Episode 6: Security Vulnerabilities in Machine LearningIn this lesson, you’ll learn about:The major security threat categories in machine learning: model stealing, inversion, poisoning, and backdoorsHow model stealing attacks replicate black-box models through API queryingWhy attackers may clone models to reduce costs, bypass licensing, or craft offline adversarial examplesThe concept of model inversion, where sensitive training data (e.g., faces or private attributes) can be partially reconstructed from learned weightsWhy deterministic model parameters can unintentionally leak informationHow data poisoning attacks manipulate training datasets to degrade accuracy or sh...
2026-02-2116 min
CyberCode AcademyCourse 24 - Machine Learning for Red Team Hackers | Episode 5: The Complete Guide to Deepfake CreationIn this lesson, you’ll learn about:What deepfakes are and how neural networks enable face, voice, and style transferThe standard face swap pipeline: extraction → preprocessing → training → predictionWhy conducting a local dry run helps validate datasets before scaling to expensive GPU environmentsThe importance of face alignment, sorting, and dataset cleaning to reduce false positivesHow lightweight models are used for parameter tuning before full-scale trainingThe role of GPU acceleration in deep learning workflowsWhy cloud platforms like Google Cloud are used for larg...
2026-02-2013 min
CyberCode AcademyCourse 24 - Machine Learning for Red Team Hackers | Episode 4: Mastering White-Box and Black-Box AttacksIn this lesson, you’ll learn about:The difference between white-box and black-box threat models in machine learning securityWhy gradient-based models are vulnerable to carefully crafted input perturbationsThe core intuition behind the Fast Gradient Sign Method (FGSM) as a sensitivity-analysis techniqueHow adversarial perturbations exploit a model’s local linearity and gradient structureThe purpose of adversarial ML frameworks like Foolbox in controlled research environmentsHow pretrained architectures such as ResNet are evaluated for robustnessWhy datasets like MNIST are commonly used for benc...
2026-02-1915 min
CyberCode AcademyCourse 24 - Machine Learning for Red Team Hackers | Episode 3: Evading Machine Learning Malware ClassifiersIn this lesson, you’ll learn about:What adversarial machine learning is and why ML-based malware classifiers are vulnerable to manipulationThe difference between feature-engineered models like Ember and end-to-end neural approaches like MalConvWhy handling real malware (e.g., Jigsaw ransomware) requires a properly isolated virtual machine labHow libraries such as LIEF and pefile are used to safely parse and analyze Portable Executable (PE) structuresThe concept of model decision boundaries and detection thresholdsWhy “benign signal injection” works conceptually (model blind spots and over-reliance on sup...
2026-02-1816 min
CyberCode AcademyCourse 24 - Machine Learning for Red Team Hackers | Episode 2: Building and Implementing Evolutionary Testing ToolsIn this lesson, you’ll learn about:What fuzzing is and why it’s a powerful technique for discovering software vulnerabilitiesThe difference between basic randomized fuzzing and more advanced, coverage-guided approachesHow code coverage helps measure which parts of a program are exercised during testingWhy naive random input generation is inefficient for complex formats like PDFsThe concept of mutation-based fuzzing, including byte-level modifications such as insertion, deletion, swapping, and randomizationHow evolutionary fuzzing applies principles from genetic algorithms to improve input effectivenessThe...
2026-02-1716 min
CyberCode AcademyCourse 24 - Machine Learning for Red Team Hackers | Episode 1: Building an Automated CAPTCHA-Breaking BotIn this lesson, you’ll learn about:How CAPTCHA systems (like Really Simple CAPTCHA for WordPress) are designed to prevent automated abuseThe role of reconnaissance in identifying security mechanisms on web applications (for defensive testing with permission)How OpenCV is used in computer vision for:Grayscale conversionImage thresholdingNoise reduction and morphological operations (e.g., dilation)Contour detection and character segmentationThe fundamentals of building a Convolutional Neural Network (CNN) using frameworks like KerasWhy preprocessing (normalization, resizing, padding) is...
2026-02-1616 min
CyberCode AcademyCourse 23 - WiFi Hacking with Raspberry Pi | Episode 7: Building a Digital Ghost on Raspberry PiIn this lesson, you’ll learn about:What digital identity is and how IP and MAC addresses are used to track usersWhy masking an IP address is essential for protecting location and online activityHow the Tor network provides anonymity by routing traffic through multiple global nodesThe role of ProxyChains in forcing applications to operate through anonymizing networksWhat a MAC address represents and how it can be used for device-level identificationWhy MAC address randomization helps prevent physical and network-based trackingTh...
2026-02-1512 min
CyberCode AcademyCourse 23 - WiFi Hacking with Raspberry Pi | Episode 6: Fix These 5 Router Security LoopholesIn this lesson, you’ll learn about:Why default router settings are a major security risk and commonly targeted by attackersHow changing the administrative IP address reduces exposure to automated attacksThe importance of replacing default usernames and passwords with strong, unique credentialsWhy disabling WPS is critical to preventing brute-force and PIN-based attacksHow enabling modern encryption standards strengthens wireless network protectionThe role of built-in router firewalls in safeguarding connected devicesHow securing local and remote management settings closes common attack ve...
2026-02-1417 min
CyberCode AcademyCourse 23 - WiFi Hacking with Raspberry Pi | Episode 5: Cracking Wi-Fi Passwords With Raspberry PiIn this lesson, you’ll learn about:Using a Raspberry Pi as a mobile platform for wireless penetration testingLeveraging Wifite, an automated tool for auditing Wi‑Fi networksExploiting WPS vulnerabilities through the Pixie Dust attack to quickly recover router credentialsPerforming dictionary attacks on WPA/WPA2 networks by capturing handshake packets and testing against common password listsUnderstanding the security implications of handshake interception and why strong, unique passwords are criticalRecognizing the importance of disabling outdated protocols like WPS to protect networks from auto...
2026-02-1313 min
CyberCode AcademyCourse 23 - WiFi Hacking with Raspberry Pi | Episode 4: WiFi Jamming Techniques Using RaspberryIn this lesson, you’ll learn about:How a Raspberry Pi can be configured as a portable wireless security labMethods for remotely accessing a headless Raspberry Pi using command-line and graphical interfacesThe concept of wireless interference and denial-of-service at a high level (without operational details)Differences between automated and manual approaches to wireless disruption from a conceptual standpointWhat monitor mode is and why it matters in wireless security researchHow de-authentication behavior works in Wi-Fi protocols and why it represents a security risk...
2026-02-1211 min
CyberCode AcademyCourse 23 - WiFi Hacking with Raspberry Pi | Episode 3: Build a Portable Raspberry Pi CyberdeckIn this lesson, you’ll learn about:How to convert a standard Raspberry Pi into a portable penetration testing deviceThe required hardware components, including a touchscreen display, portable power source, and external wireless adapterWhy a specialized Wi‑Fi adapter with packet injection support is essential for advanced network attacksThe step-by-step assembly process for building a compact, mobile setupHow to flash a customized penetration-testing operating system onto a high-capacity SD cardThe role of pre-installed hacking and auditing tools in streamlining field operations
2026-02-1111 min
CyberCode AcademyCourse 23 - WiFi Hacking with Raspberry Pi | Episode 2: Building The Perfect Raspberry Pi Hacking KitIn this lesson, you’ll learn about:The purpose of this segment as a preparation and logistics guide for working with single-board computersWhere to acquire Raspberry Pi hardware, with emphasis on the official Raspberry Pi websiteThe advantages of purchasing bundled kits that include SD cards, power adapters, and essential peripheralsThe Raspberry Pi 3 as the minimum recommended model for following the courseCost-saving options through third-party online retailers and curated resource linksHow proper hardware preparation helps ensure a smooth transition into the technical ha...
2026-02-1011 min
CyberCode AcademyCourse 23 - WiFi Hacking with Raspberry Pi | Episode 1: Raspberry Pi Desktop And Hacking MachineIn this lesson, you’ll learn about:What a Raspberry Pi is and why it’s described as a low-cost, credit-card-sized single-board computerHow installing an operating system on a micro SD card turns the device into a fully functional computerThe types of operating systems supported, including Linux and WindowsCommon use cases such as DIY projects, robotics, and embedded systemsWhy the Raspberry Pi’s portability and low power consumption make it especially valuableHow this course specifically repurposes the Raspberry Pi into an advanc...
2026-02-0912 min
CyberCode AcademyCourse 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 5: Forensic Access and RAM Extraction with InceptionIn this lesson, you’ll learn about:The forensic purpose of Inception for accessing live, locked systems without powering them downWhy volatile memory preservation makes Inception valuable during on-scene triageHow the DMA exploit works via FireWire and Thunderbolt interfacesThe concept of planting a temporary RAM-based authentication bypass that disappears after rebootHow Inception is integrated into the Paladin forensic suiteThe practical setup process, including booting Paladin, escalating privileges with sudo -s, and running inceptThe importance of selecting the correct operating sy...
2026-02-0814 min
CyberCode AcademyCourse 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 4: RAM Capture via Magnet and FTK ImagerIn this lesson, you’ll learn about:A technical overview of memory acquisition using Magnet RAM Capture and FTK ImagerHow RAM footprint size affects evidence integrity during live memory collectionThe key features of Magnet RAM Capture, including custom output paths and memory image splittingWhy file segmentation is operationally important when handling large RAM capturesThe role of FTK Imager as a multifunctional triage and imaging toolFTK Imager’s additional capabilities, such as registry collection, hexadecimal viewing, and logical drive previewPerformance benc...
2026-02-0711 min
CyberCode AcademyCourse 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 3: Comparing Belkasoft and Magnet ToolsIn this lesson, you’ll learn about:The role of RAM acquisition in digital forensics and why volatile memory is critical evidenceHow benchmarking RAM extraction tools helps investigators make defensible tactical decisionsA technical comparison between Belkasoft RAM Capturer and Magnet RAM CaptureThe trade-offs between system footprint and extraction speed during live memory captureHow both tools operate in kernel mode and why this matters for bypassing OS protectionsDifferences in output formats (.mem vs .dmp) and their forensic implicationsPractical factors fo...
2026-02-0611 min
CyberCode AcademyCourse 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 2: Benchmarking Tools and Using MoonSols DumpItIn this lesson, you’ll learn about:Why Benchmarking RAM Extraction Tools MattersHow benchmarking supports defensible tool selection in forensic investigations.Using measurable metrics to justify decisions during reports or court testimony.Understanding that different systems and environments can affect tool behavior.Key Benchmarking CriteriaRAM Footprint: Measuring how much memory the tool consumes while running and how much evidence it overwrites.Extraction Speed: Evaluating how fast a full memory dump can be completed, especially when using high-speed media like USB 3.0 drives.Ex...
2026-02-0511 min
CyberCode AcademyCourse 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 1: Value, Strategy, and Technical PreparationIn this lesson, you’ll learn about:Why RAM Is Critical Forensic EvidenceHow volatile memory captures data that never touches disk and is lost on shutdown.Recovering private browsing sessions, chat data, webmail content, and remnants of failed wiping attempts.Identifying in-memory malware, including rootkits, injected code, and hidden processes that evade disk-based scanners.Extracting encryption keys and credentials (e.g., BitLocker, TrueCrypt, cached passwords) that unlock otherwise inaccessible evidence.The “RAM Debate”: When to Capture vs. When to SkipUnderstanding how missing RAM eviden...
2026-02-0416 min
CyberCode AcademyCourse 21 - Digital Forensics: Windows Shellbags | Episode 5: Shellbags Forensics: Validating Network Drive ActivityIn this lesson, you’ll learn about:Validating Network Drive Activity with ShellbagsHow Windows Shellbags act as a silent witness for user interaction with network shares and mapped drives.Why UsrClass.dat is a critical artifact for proving access to remote resources, even when permissions are restricted.Recording Remote Folder AccessHow accessing a mapped network drive (e.g., Z:) generates Shellbag entries.Capturing exact remote folder paths (such as administrative or restricted directories) that a user navigated to.Demonstrating that Shellbags records navigation, no...
2026-02-0312 min
CyberCode AcademyCourse 21 - Digital Forensics: Windows Shellbags | Episode 4: Shellbag Forensics: Tracking USB Device History and Artifact ValidationIn this lesson, you’ll learn about:USB Forensics Using Shellbag ArtifactsHow Windows Shellbags can be leveraged to reconstruct user interaction with removable media.Why Shellbags are valuable for determining whether files were copied to or from USB devices, even when the media is no longer connected.Initial Evidence Generation and CollectionCreating controlled forensic artifacts by moving test files onto a FAT16-formatted USB drive.Exporting relevant registry hives (such as USRCLASS.DAT) using FTK Imager.Loading these hives into Shellbag Explorer for st...
2026-02-0212 min
CyberCode AcademyCourse 21 - Digital Forensics: Windows Shellbags | Episode 3: ShellBag Forensics: Practical Validation and Timestamp AnalysisIn this lesson, you’ll learn about:Practical ShellBag Forensics WorkflowHow ShellBags function as registry-based artifacts that record user folder interaction and view preferences.The full investigative cycle: evidence creation, acquisition, analysis, and validation.Registry Hive AcquisitionCreating controlled user activity (e.g., test folders) to deliberately generate ShellBag evidence.Exporting NTUSER.DAT from the root of the user profile and USRCLASS.DAT from the AppData directory using FTK Imager.Required system configuration steps, including enabling hidden files and protected operating system files, to ac...
2026-02-0113 min
CyberCode AcademyCourse 21 - Digital Forensics: Windows Shellbags | Episode 2: Forensic System Setup and Local Drive IntegrationIn this lesson, you’ll learn about:Preparing a Forensic WorkstationThe purpose of using a controlled forensic setup to safely extract and analyze system artifacts.Why working from an acquired drive or image is critical for maintaining evidentiary integrity.Essential Tools for Shellbag and Registry AnalysisShellbags Explorer: Used to parse and analyze shellbag artifacts associated with user folder navigation.FTK Imager (Lite): A portable, self-contained tool for accessing drives and exporting forensic artifacts without installing software on the target system.Loading a System Dr...
2026-01-3114 min