All Episodes
Displaying 61 - 80 of 97 in total
Episode 60 — MFA Bypass Patterns (Conceptual)
This episode explains how multi-factor authentication can fail in practice through workflow weaknesses, misconfigurations, and human factors, and how to recognize thes...
Episode 61 — Kerberos Concepts for the Exam
This episode explains Kerberos in practical, scenario-friendly terms so you can recognize when ticket-based authentication and trust relationships drive the best answe...
Episode 62 — Token and Session Attacks
This episode teaches you to reason about sessions and tokens as portable trust, which is why many identity scenarios involve replay and session persistence rather than...
Episode 63 — Federation Basics: SAML and OIDC
This episode explains federated authentication so SSO scenarios become straightforward rather than confusing acronym puzzles. You’ll learn the core roles in federation...
Episode 64 — Auth Attack Mini-Scenarios
This episode uses short identity-focused scenarios to build speed and accuracy in selecting the best action when multiple authentication explanations seem plausible. Y...
Episode 65 — Local Privilege Escalation Patterns
This episode teaches you to recognize common local privilege escalation patterns that turn standard user access into elevated control on the same host, using scenario ...
Episode 66 — Credential Access Patterns
This episode explains how credentials are discovered and why credential access is often the turning point from limited access to broad compromise. You’ll learn common ...
Episode 67 — Living-off-the-Land Concepts
This episode teaches you to recognize living-off-the-land behavior as a risk pattern where legitimate built-in tools are used to achieve harmful outcomes with lower vi...
Episode 68 — Evasion and Operational Security
This episode explains evasion and operational security as disciplined choices that manage risk, detection, and stability, rather than as a goal of being sneaky for its...
Episode 69 — Host Attack Mini-Scenarios
This episode uses short host-focused scenarios to practice choosing the best next step after initial access, when decisions about enumeration, escalation, and credenti...
Episode 70 — Web Attack Surface: Inputs, Auth, Sessions
This episode builds a structured understanding of web attack surface by focusing on inputs, identity flows, session handling, and authorization boundaries, which toget...
Episode 71 — Injection Families (SQL/Command/Template)
This episode teaches injection as a single core idea, untrusted input becomes an unintended instruction, then breaks that idea into the most common families you must d...
Episode 72 — XSS Types and Outcomes
This episode explains cross-site scripting as executing attacker-controlled script in a user’s browser context, then teaches you to distinguish reflected, stored, and ...
Episode 73 — Access Control Failures: IDOR and AuthZ
This episode teaches you to recognize access control failures as authorization problems, not authentication problems, and to identify the IDOR pattern that repeatedly ...
Episode 74 — SSRF vs CSRF (And Why They Differ)
This episode clarifies two easily confused concepts by focusing on the key difference, who initiates the request and whose authority is being abused. You’ll learn SSRF...
Episode 75 — Deserialization and File Inclusion Concepts
This episode explains two high-impact weakness patterns that often appear as “strange behavior” clues in scenarios, unsafe deserialization and file inclusion, and teac...
Episode 76 — Web Attack Mini-Scenarios
This episode uses short web-focused scenarios to practice identifying the most likely weakness and choosing the safest next validation step when multiple explanations ...
Episode 77 — Cloud Attack Patterns: Identity First
This episode explains why cloud compromise often begins with permissions and trust relationships rather than with traditional network exploits, and how to recognize id...
Episode 78 — Cloud Attack Patterns: Storage and Metadata
This episode teaches two major cloud risk themes, exposed storage and metadata access, and how each can lead from data leakage to broader compromise. You’ll learn comm...
Episode 79 — Wireless Attack Patterns
This episode explains common wireless attack patterns as trust and configuration problems, helping you interpret scenario clues without needing hands-on tooling. You’l...