Cybersecurity is the practice of protecting systems, networks, and data from digital attacks. This is your starting point — learn the core concepts, understand how attacks work, and discover the skills that turn knowledge into a career.
Ethical hacking is the authorised practice of bypassing security controls to identify vulnerabilities before malicious actors do. Ethical hackers use the same tools and techniques as attackers — with written permission.
A penetration test simulates a real-world attack to evaluate how well an organisation's defences hold up against a skilled adversary — revealing weaknesses before a real attacker does.
Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks — the five phases of the ethical hacking lifecycle, as taught in CEH v13 and used by real-world attackers.
Reconnaissance is the first phase of any attack — gathering information about a target using passive (OSINT) and active techniques before launching any exploit. It is 70% of what attackers actually spend time on.
A vulnerability assessment systematically reviews systems for security weaknesses and assigns severity scores using frameworks like CVSS — helping teams prioritise what to patch first.
Social engineering exploits human psychology rather than technical vulnerabilities — tricking users into revealing credentials, clicking malicious links, or physically granting access to restricted areas.
A firewall monitors and controls incoming and outgoing network traffic based on security rules, acting as a barrier between trusted internal networks and untrusted external ones.
An Intrusion Detection System (IDS) monitors traffic and alerts on suspicious activity. An Intrusion Prevention System (IPS) takes it further — actively blocking detected threats in real time.
Port scanning probes a network host to discover open ports and running services — a fundamental technique used in both offensive reconnaissance with Nmap and defensive security auditing.
ARP poisoning corrupts a network's Address Resolution Protocol cache, letting an attacker redirect traffic between two hosts through themselves — a classic man-in-the-middle attack technique.
A Virtual Private Network creates an encrypted tunnel over a public network — protecting data in transit from eavesdropping, interception, and man-in-the-middle attacks.
Network sniffing captures and analyses packets travelling across a network. Attackers use it to steal plaintext credentials; defenders use tools like Wireshark to audit traffic and detect anomalies.
A SOC is a dedicated team — and often a physical facility — that monitors, detects, analyses, and responds to cybersecurity incidents 24/7. It is the nerve centre of an organisation's defence.
Security Information and Event Management (SIEM) platforms collect and correlate log data from across an enterprise to detect patterns that indicate a security incident — a core tool for any SOC analyst.
Threat hunting is the proactive, human-led search for threats that have evaded automated detection tools. Hunters look for indicators of compromise (IoCs) hidden inside normal-looking activity.
Incident response is the organised approach to preparing for, detecting, containing, eradicating, and recovering from a cybersecurity incident — following frameworks like NIST SP 800-61.
Log analysis examines system, application, and network logs to detect anomalies, reconstruct attack timelines, and support forensic investigations after a security incident.
Security Orchestration, Automation and Response (SOAR) platforms automate repetitive SOC tasks and orchestrate responses across multiple tools — reducing mean time to respond to incidents.
Ransomware encrypts a victim's files and demands payment for the decryption key. WannaCry, NotPetya, and the Colonial Pipeline DarkSide attack are three of the most devastating examples in history.
Phishing uses deceptive emails, messages, or fake websites to trick users into revealing credentials, downloading malware, or approving fraudulent transactions. It is the most common initial access vector in breaches.
A zero-day exploit takes advantage of a previously unknown vulnerability — one with no available patch at time of attack. Log4Shell (CVE-2021-44228, CVSS 10.0) is a famous example affecting 3 billion devices.
A Distributed Denial of Service attack overwhelms a target's servers with traffic from thousands of compromised devices (a botnet), causing outages for legitimate users and disrupting business operations.
A Trojan disguises itself as legitimate software to gain access to a system, where it can install backdoors, steal data, log keystrokes, or download additional malware without the user's knowledge.
A rootkit is a stealthy collection of tools that gains privileged access to a system and hides itself — and other malware — from operating system functions, antivirus tools, and security monitoring.
The OWASP Top 10 lists the ten most critical web application security risks — including injection attacks, broken authentication, insecure design, and server-side request forgery. Required reading for any web security professional.
SQL injection inserts malicious SQL code into input fields to manipulate a database, potentially exposing all records, bypassing authentication, or deleting data. It has been the most common web vulnerability for two decades.
XSS injects malicious scripts into web pages viewed by other users — enabling attackers to steal session tokens, redirect users to phishing pages, or deliver drive-by malware payloads through a trusted site.
Cloud security encompasses the policies, controls, and technologies that protect cloud infrastructure, applications, and data from unauthorised access, breaches, and misconfigurations across public, private, and hybrid environments.
APIs expose application logic and data to external consumers. Poorly secured APIs — lacking authentication, rate limiting, or input validation — are a leading cause of data breaches in modern cloud-native applications.
A WAF filters and monitors HTTP/HTTPS traffic between a web application and the internet — blocking exploits like SQL injection, XSS, and path traversal before they reach the application server.
A step-by-step guide to entering the industry: the skills to build first, the certifications that open doors (Security+, CEH, CCNA), the entry-level roles to target, and how to build a portfolio that gets you hired.
The Certified Ethical Hacker v13 is the world's most recognised ethical hacking certification, integrating AI tools across all 20 modules. It is DoD 8140 approved and accepted by employers in 140+ countries.
Security+ SY0-701 is the globally recognised baseline cybersecurity certification — covering threats, architecture, implementation, operations, and governance. It is the most popular entry-level cert for security roles worldwide.
Penetration testers simulate real-world attacks against organisations to find exploitable vulnerabilities before real attackers do — producing detailed reports that drive remediation. It is one of the best-paid roles in security.
A SOC analyst monitors security alerts, investigates incidents, and responds to threats in real time using SIEM platforms and threat intelligence tools. It is the most common entry-level role in defensive security.
CEH is vendor-certified, globally recognised, and taught through structured modules — ideal for career credentialing. OSCP is a fully hands-on exam respected in the industry for demonstrating real offensive skill. Both are valuable.