Academy

Train to our standard

Courses, refreshers and self-tests built from the way we actually work. Start with the fundamentals; more is on the way.

Security

Offensive Systems Security experimental Level I

Seeing memory and control flow, then bending them inside a sandbox that never touches your machine: a foundational, defensively framed offensive-systems course where exploitation is demonstrated and contained, not just described.

Security Architecture and Engineering experimental Level II

A system is a graph of trust boundaries, and you defend the graph: model an architecture, place and wire components against a brief, machine-check the security invariants, then survive an injected constraint you did not design for.

Silicon-rooted Security experimental Level III

Down from software abstraction to gates, datapaths and buses: add a security opcode to a RISC-V-class core, build a gateware cipher, protect the bus, root trust in hardware, model the attacks, and verify a security property in simulated silicon.

Systems Security experimental Level III

Defence in depth as engineering, not slogans: privilege, isolation, threat models, memory safety and exploit classes, with labs that attack and then harden a deliberately weak system.

Cryptography experimental Level III

The mathematics that makes secrecy provable: modular arithmetic, symmetric and public-key schemes, hashes and signatures, building each primitive from first principles.

Reverse Engineering experimental Level III

Taking software apart to understand it: disassembly, calling conventions, static and dynamic analysis and binary patching, practised on small targets in a browser sandbox.

Detect, Respond, Forensics experimental Level III

What to do when prevention fails. Telemetry and detection engineering, triage and containment, memory and disk forensics, and timeline reconstruction, practised on a breached system you must scope, evict and explain.

Cyber Threat Intelligence experimental Level III

The intelligence cycle applied to the cyber domain: threat actor profiling with the Diamond Model, the Cyber Kill Chain and MITRE ATT&CK, analytic tradecraft under uncertainty, sharing formats and platforms, and closing the loop from intelligence into detection engineering.

Web and Mobile Security experimental Level III

From a static document viewer to a scriptable, sandboxed, cellular-connected attack surface: browser process isolation, modern web runtimes, the WebRTC privacy leak, mobile OS security, telemetry, zero-click exploitation, and the baseband and SIM Toolkit layers beneath it all.

Cyber-Physical and OT Security experimental Level III

From the Purdue Model to the shop floor: SCADA, ICS and PLCs, a source-checked history of incidents, IEC 62443, and the case for physical segregation, closing the CyBOK Cyber-Physical Systems gap.

Secure Development at Scale experimental Level III

Security that survives a thousand applications: threat modelling, secure SDLC, supply-chain integrity and policy as code, mapped to the pipeline and graded against real review gates.

Formal Methods experimental Level IV

Specifying systems and proving them correct: model checking with SPIN and PROMELA and specification with TLA+, producing the kind of evidence a Common Criteria evaluation expects at the higher assurance levels.

Adversarial ML and GenAI Security experimental Level III

Attacking and defending the model, from the classifier era to the agentic one: evasion, poisoning, extraction, prompt injection and agentic risk, disciplined by a light AI governance and assurance thread.

Distributed Systems Security experimental Level IV

Consensus, Byzantine fault tolerance, clock and event-ordering attacks, and blockchain security, from Lamport's 1978 logical clocks through Paxos, Raft, and Practical Byzantine Fault Tolerance to Bitcoin and SUNDR, benchmarked against MIT's current 6.5840 and 6.852J, with Plan 9 and Inferno as a contrasting historical case study.

Scams and Social Engineering experimental Level II

The ontology, psychology and history of scams and social engineering, dissected through real incidents from RSA to MGM Resorts, with a portable framework and role-specific teaching guidance for boards, treasury, engineers and front-of-house staff.

Technical Countermeasures to Social Engineering experimental Level III

Technical countermeasures against social engineering and scam delivery: Bayesian and rule-based filtering, email authentication, AI-based detection and voice-channel anti-fraud controls, reported in board-legible governance terms.