Jun 5, 2026
intermediateEvaluating RAG Pipelines with RAGAS and TruLens
Build an eval set and measure faithfulness, context precision, context recall, and answer relevancy with RAGAS and TruLens to know if changes actually help.
Read the tutorialTutorials
Technical guides and walkthroughs.
Hands-on tutorials covering system administration, security hardening, and infrastructure automation.
Topics
All tutorials · 80 AI · 34 Cryptography · 6 eBPF · 7 Embedded · 9 Exploitation · 20 Infrastructure · 12 Internals · 19 Linux · 30 Red Teaming · 7 Security · 18 Windows · 7 Adversarial ML · 1 Android · 5 APK · 1 Attack Surface · 1 Bug Bounty · 5 CET · 1 CFG · 1 Content Providers · 1 Dynamic Analysis · 1 Evaluation · 1 Exploit Development · 23 Flash Dumping · 1 Format String · 1 Frida · 1 GOT Overwrite · 1 Instrumentation · 1 Intents · 1 IPC · 1 JavaScript Bridge · 1 JTAG · 1 Lab Setup · 1 Mitigation Bypass · 1 Mitigations · 1 OpenWrt · 1 Shadow Stack · 1 SPI · 1 Stack Canary · 1 Static Analysis · 1 VPN · 1 WebView · 1 WireGuard · 1 XSS · 1
Learning Paths
Structured series that build skills progressively.
Linux Exploitation Fundamentals
A progressive path from CPU registers to remote exploitation, covering stack overflows, ROP chains, NX and ASLR bypasses on x86 and x64 Linux.
- 1
- 2
- 3
- 4 Linux Syscalls for Exploit Development intermediate
- 5 Basic Stack Buffer Overflow on x86 intermediate
- 6 Stack Buffer Overflow on x64 Linux intermediate
- 7 Return-to-libc Attack on x86 intermediate
- 8 Bypassing NX with ROP on x64 Linux advanced
- 9 ROP Gadget Hunting Toolkit intermediate
- 10
- 11 Bypassing ASLR on x64 Linux advanced
- 12
- 13 Format String Vulnerabilities on x86 intermediate
- 14
Windows Exploitation
Exploit development on Windows, from classic stack overflows through SEH hijacking and egghunter techniques to DEP and ASLR bypasses, culminating in kernel pool exploitation.
- 1 Windows Stack Buffer Overflow intermediate
- 2 Windows SEH Overflow Exploitation advanced
- 3 Windows Egghunter Exploitation advanced
- 4 Bypassing DEP with ROP on Windows advanced
- 5 Bypassing ASLR on Windows advanced
- 6
- 7
Embedded Systems & Firmware
Build an embedded security lab with Buildroot and QEMU, audit attack surfaces, reverse-engineer firmware, exploit UART consoles and ARM services, and implement secure boot.
- 1 Cross-Compiling with Buildroot and QEMU intermediate
- 2 Embedded Linux Attack Surface Analysis intermediate
- 3 Firmware RE with Binwalk and Ghidra advanced
- 4 UART and Serial Console Exploitation intermediate
- 5
- 6
- 7
ML for Security
Apply machine learning to security operations: from RAG pipelines and anomaly detection through malware classification, network intrusion detection, and phishing URL analysis with transformers.
- 1 Anomaly Detection on Linux Audit Logs intermediate
- 2
- 3
- 4 Network Intrusion Detection with Autoencoders intermediate
- 5
- 6
- 7
- 8 Encrypted Traffic Classification advanced
- 9
- 10
LLM Red Teaming
A progressive path from LLM fundamentals through prompt injection, jailbreaking, and agentic exploitation to structured red teaming methodology for production AI systems.
- 1
- 2
- 3 Jailbreaking: Bypassing LLM Alignment Controls intermediate
- 4 Indirect Prompt Injection Through Untrusted Data intermediate
- 5 Tool Use and Agentic Exploitation intermediate
- 6 System Prompt Extraction and Defense Hardening intermediate
Transformers & LLMs
Build core transformer components from scratch and work through the full LLM pipeline: from tokenization and attention through fine-tuning, alignment, and evaluation.
- 1
- 2
- 3 BERT Fine-Tuning and Position Embeddings intermediate
- 4 LLM Decoding and Prompt Strategies intermediate
- 5 Efficient Fine-Tuning with LoRA and Quantization intermediate
- 6 Preference Tuning with DPO advanced
- 7 Chain-of-Thought and Reasoning Evaluation intermediate
- 8 Building a Tool-Calling Agent with RAG intermediate
Tuxscope: Linux Kernel Observability with eBPF
Learn how your Linux kernel works by watching it: ten cumulative labs that build a single eBPF-powered observability tool in Rust, from syscall tracing to container-level visibility.
- 1 Tuxscope Lab 1: Hello eBPF beginner
- 2 Tuxscope Lab 2: Syscall Tracing beginner
- 3 Tuxscope Lab 3: File I/O Observation intermediate
- 4 Tuxscope Lab 4: Network Monitoring intermediate
- 5 Tuxscope Lab 5: Tracing Process Lifecycle with eBPF intermediate
- 6
- 7
Android Bug Bounty: Zero to Zero-Day
A progressive path from lab setup to vulnerability discovery on Android, covering APK reversing, Frida instrumentation, IPC attack surfaces, WebView exploitation, native code bugs, and kernel-level research, with a focus on real-world bug bounty methodology.
- 1 Android Bug Bounty Lab Setup beginner
- 2
- 3 Dynamic Analysis with Frida intermediate
- 4
- 5 WebView and Hybrid App Vulnerabilities intermediate
Local RAG Pipeline
Extend a local RAG pipeline with a chat interface, PDF support, live CVE feeds, adversarial defense, and SOC integration, all running on your machine.
- 1 Build a Local RAG Pipeline with Ollama and ChromaDB intermediate
- 2 Add a Chat Interface to Your Local RAG Pipeline intermediate
- 3 Local RAG with PDF Documents intermediate
- 4 Connect Your RAG Pipeline to Live CVE Feeds intermediate
- 5
- 6 Run a Private AI Assistant in Your SOC intermediate
- 7 Evaluating RAG Pipelines with RAGAS and TruLens intermediate
Jun 4, 2026
intermediateRun a Private AI Assistant in Your SOC
Build a RAG pipeline over Wazuh alerts that helps analysts triage incidents without sending data to external services.
Read the tutorialJun 3, 2026
advancedBinary Function Similarity with Graph Neural Networks
Represent disassembled functions as control flow graphs, train a graph neural network for similarity embeddings, and apply it to patch diffing.
Read the tutorialJun 2, 2026
intermediateTuxscope Lab 7: Profiling Disk I/O Latency with eBPF HashMaps
Use eBPF HashMap state to trace the block layer and measure per-request I/O latency from issue to completion.
Read the tutorialJun 1, 2026
advancedBypassing GCC Stack Canaries on Linux
Defeat -fstack-protector by leaking canaries via format strings, brute-forcing them across forks, and overwriting __stack_chk_fail in the GOT.
Read the tutorialMay 27, 2026
intermediateA WireGuard Road-Warrior VPN on OpenWrt
Set up a full-tunnel WireGuard VPN on OpenWrt so your laptop and phone route securely home from anywhere, in its own firewall zone, with IPv6.
Read the tutorialMay 14, 2026
advancedThreat Intelligence Extraction with Named Entity Recognition
Fine-tune a BERT token classifier to extract IOCs, threat actors, and techniques from security reports, then wrap it in a structured extraction function.
Read the tutorialMay 13, 2026
intermediateBuilding a Tool-Calling Agent with RAG
Build a RAG pipeline with ChromaDB, implement a ReAct-style tool-calling agent, and measure retrieval with precision, recall, MRR, and nDCG.
Read the tutorialMay 12, 2026
intermediateRAG Poisoning: How Adversarial Documents Break Retrieval Pipelines
Understand how hidden instructions, topic hijacking, and authority impersonation attacks break RAG pipelines, and build defenses against them.
Read the tutorialMay 11, 2026
intermediateTuxscope Lab 6: Observing Memory with Page Fault Tracing
Trace page faults and OOM kills to understand how Linux implements virtual memory through demand paging.
Read the tutorialMay 9, 2026
advancedEncrypted Traffic Classification
Classify application types and detect malicious channels in TLS-encrypted traffic using only flow metadata, with a 1D CNN and a gradient boosting baseline.
Read the tutorialMay 8, 2026
intermediateSystem Prompt Extraction and Defense Hardening
Techniques for extracting hidden system prompts from LLM applications, and how to harden your prompts against extraction attacks.
Read the tutorialMay 7, 2026
intermediateFormat String Vulnerabilities on x86
Exploit printf-family functions when user input is the format argument: leak stack values, dump memory at arbitrary addresses, and write a byte into the GOT.
Read the tutorialMay 6, 2026
advancedSPI and JTAG Flash Dumping from Hardware
Identify SPI flash chips, dump them with a CH341A programmer or in-circuit SOIC clip, and use OpenOCD over JTAG to extract firmware with no removable chip.
Read the tutorialMay 5, 2026
intermediateWebView and Hybrid App Vulnerabilities
Exploit JavaScript bridges, file access misconfigurations, and cross-site scripting in Android WebViews, one of the most common bug classes in mobile apps.
Read the tutorialMay 2, 2026
advancedAdversarial Evasion of ML Security Classifiers
Attack the malware classifier from Part 3 with gradient-based adversarial perturbations, measure evasion rates, and build defenses with adversarial training.
Read the tutorialMay 1, 2026
advancedWindows CFG and Hardware-Enforced Stack Protection (CET)
How Control Flow Guard validates indirect call targets, why it cripples JOP on Windows 8.1+, and how Win11 hardware shadow stacks layer on via Intel CET.
Read the tutorialApr 29, 2026
advancedDNS Exfiltration Detection with Sequence Models
Build an LSTM that detects DNS tunneling and data exfiltration by analyzing sequences of DNS queries, and compare against a per-query feature baseline.
Read the tutorialApr 28, 2026
advancedSecure Boot and Firmware Integrity Verification
Implement a verified boot chain on embedded Linux with U-Boot FIT image signing, then attack it: downgrade attacks, unsigned image rejection, and bypasses.
Read the tutorialApr 27, 2026
intermediateTool Use and Agentic Exploitation
Attack LLM agents through confused deputy problems, tool argument injection, and data exfiltration via tool chains, with hands-on Ollama exercises.
Read the tutorialApr 21, 2026
intermediateConnect Your RAG Pipeline to Live CVE Feeds
Pull from the NVD API and OSV.dev, implement incremental ingestion, and add metadata filtering to your local RAG pipeline.
Read the tutorialApr 20, 2026
intermediateLocal RAG with PDF Documents
Parse PDFs, handle tables and layout-aware chunking, extract metadata, and feed structured content into your local RAG pipeline.
Read the tutorialApr 18, 2026
intermediateAdd a Chat Interface to Your Local RAG Pipeline
Wrap your local RAG pipeline in a Streamlit chat UI with conversation history, streaming responses, and source citations that show where every answer came from.
Read the tutorialApr 17, 2026
intermediateChain-of-Thought and Reasoning Evaluation
Compare direct and chain-of-thought prompting on math, implement self-consistency via majority voting, and evaluate code generation with Pass@K.
Read the tutorialApr 16, 2026
intermediateAttack Surface Mapping: Intents, Content Providers, and Deep Links
Enumerate an Android app's exposed components: exported activities, services, content providers, broadcast receivers, and deep link handlers.
Read the tutorialApr 13, 2026
advancedPhishing URL Detection with Fine-Tuned Transformers
Fine-tune a DistilBERT model to classify phishing vs legitimate URLs, compare against a TF-IDF baseline, and explore tokenization challenges with URL strings.
Read the tutorialApr 11, 2026
advancedExploiting an Embedded Service: Buffer Overflow on ARM
Cross-compile a vulnerable network daemon for ARM, exploit a stack buffer overflow with ARM-specific techniques, and build ARM ROP chains in a QEMU/GDB lab.
Read the tutorialApr 10, 2026
intermediateDynamic Analysis with Frida
Use Frida to hook Java and native methods at runtime, bypass SSL pinning, and observe Android app behavior live on a device or emulator.
Read the tutorialApr 10, 2026
intermediateTuxscope Lab 5: Tracing Process Lifecycle with eBPF
Trace fork, exec, and exit events in real time to understand how Linux creates, transforms, and destroys processes.
Read the tutorialApr 9, 2026
beginnerAPK Structure, Decompilation, and Static Analysis
Tear apart an Android APK, the manifest, DEX bytecode, resources, and native libraries, and learn to spot vulnerabilities without running the app.
Read the tutorialApr 9, 2026
beginnerAndroid Bug Bounty Lab Setup
Build an Android security testing environment with an emulator, rooted device, ADB, and the essential reverse engineering and dynamic analysis toolchain.
Read the tutorialApr 8, 2026
advancedWindows Kernel Pool Overflow Foundations with HEVD
Trigger and analyze a pool buffer overflow in a vulnerable Windows kernel driver, groom the kernel pool, and map the privilege-escalation stage that follows.
Read the tutorialApr 7, 2026
intermediateNetwork Intrusion Detection with Autoencoders
Build a PyTorch autoencoder trained only on normal network flows to detect intrusions as high-reconstruction-error outliers, and compare with Isolation Forest.
Read the tutorialMar 25, 2026
advancedMalware Classification with Neural Network Embeddings
Train a feedforward neural network in PyTorch to classify PE files from static features, and compare deep learning against tree-based methods for tabular data.
Read the tutorialMar 24, 2026
advancedBypassing ASLR on Windows
Defeat Windows ASLR with non-ASLR modules, partial pointer overwrites, and information leaks to build reliable exploits against randomized address spaces.
Read the tutorialMar 23, 2026
advancedPreference Tuning with DPO
Implement the third stage of LLM training: train a reward model on preference pairs, run DPO to align without reinforcement learning, and compare to best-of-N.
Read the tutorialMar 23, 2026
intermediateTuxscope Lab 4: Network Monitoring
Monitor TCP connections in real time by probing tcp_v4_connect and inet_csk_accept, capture source and destination IPs, ports, and connection direction.
Read the tutorialMar 20, 2026
intermediateIndirect Prompt Injection Through Untrusted Data
Explore how adversarial content in retrieved documents, emails, and web pages can hijack LLM behavior, from RAG poisoning to cross-plugin attacks.
Read the tutorialMar 20, 2026
intermediateTuxscope Lab 3: File I/O Observation
Probe the VFS layer with kprobes on vfs_read and vfs_write to observe per-process file I/O volume in real time.
Read the tutorialMar 19, 2026
intermediateEfficient Fine-Tuning with LoRA and Quantization
Fine-tune a language model with LoRA on a fraction of the parameters, compare FP32/FP16/INT8/NF4 inference, and weigh Flash Attention's memory-compute tradeoff.
Read the tutorialMar 18, 2026
advancedBypassing DEP with ROP on Windows
Build a ROP chain on Windows to bypass Data Execution Prevention, using mona.py to find gadgets and VirtualProtect to mark shellcode executable.
Read the tutorialMar 18, 2026
intermediateUART and Serial Console Exploitation
Identify and interact with UART interfaces on embedded devices using QEMU, extract boot logs, interrupt U-Boot for a root shell, and dump flash over serial.
Read the tutorialMar 17, 2026
beginnerTuxscope Lab 1: Hello eBPF
Build your first eBPF program in Rust, trace write syscalls and stream events from kernel space to userspace with PerfEventArray.
Read the tutorialMar 17, 2026
beginnerTuxscope Lab 2: Syscall Tracing
Trace all system calls in real time, capture syscall IDs from raw_syscalls/sys_enter, resolve them to names, and switch from PerfEventArray to RingBuf.
Read the tutorialMar 16, 2026
intermediateJailbreaking: Bypassing LLM Alignment Controls
A taxonomy of jailbreak techniques: persona attacks, encoding tricks, few-shot poisoning, and multi-turn escalation, with a rubric for scoring bypasses.
Read the tutorialMar 16, 2026
intermediateLLM Decoding and Prompt Strategies
Compare greedy, beam search, top-k, and nucleus decoding on GPT-2, visualize MoE routing, and test zero-shot, few-shot, and chain-of-thought prompting.
Read the tutorialMar 10, 2026
intermediateBERT Fine-Tuning and Position Embeddings
Explore encoder-only transformers through BERT: inspect masked-LM predictions, fine-tune on sentiment, compare position embeddings, and benchmark distillation.
Read the tutorialMar 10, 2026
beginnerTokenization and Attention from Scratch
Build the four foundational transformer components from scratch in NumPy: tokenization, word embeddings, self-attention, and positional encoding.
Read the tutorialMar 10, 2026
beginnerTransformers & LLMs: Series Introduction and Environment Setup
An overview of the Transformers and LLMs series: what it covers, who it is for, how the companion code is structured, and how to set up your environment.
Read the tutorialMar 9, 2026
advancedMulti-Tenant GPU Isolation
Analyze GPU isolation (MIG, MPS, vGPU, time-slicing) from an offensive angle, mapping the attack surface of shared GPUs and what leaks across tenant boundaries.
Read the tutorialMar 6, 2026
beginnerPrompt Injection from First Principles
Build a vulnerable LLM chatbot with Ollama, exploit it with direct and indirect prompt injection, then layer defenses to see why it is fundamentally hard.
Read the tutorialMar 4, 2026
beginnerOllama: Run LLMs Locally
Install and manage local LLMs with Ollama: CLI usage, model management, Modelfiles, the REST API, tool-calling models, Open WebUI, and coding-tool integration.
Read the tutorialMar 2, 2026
beginnerLinux Exploitation Lab Setup
Build and run the vulnerable binaries used throughout the Linux Exploitation Fundamentals series, in Docker or natively.
Read the tutorialFeb 27, 2026
beginnerLLM Tokens, Context Windows, and the Attack Surface
How LLMs process text through tokenization, manage context windows, and where these mechanics create exploitable attack surface for red teamers.
Read the tutorialFeb 20, 2026
intermediateWebMCP Attack Surfaces
Build a web app that exposes tools to AI agents via WebMCP, then demonstrate tool poisoning, schema mismatch, response injection, and cross-tool exfiltration.
Read the tutorialJan 30, 2026
advancedContainer Escape: Namespace and Privilege Breakouts
Exploit four container escape techniques, privileged mounts, Docker socket abuse, namespace escapes, and cgroup release_agent, then harden against each one.
Read the tutorialJan 15, 2026
advancedTraining a ROP Gadget Classifier with XGBoost
Build a machine learning classifier that predicts whether a ROP gadget is useful for exploit chains, using features extracted from x64 disassembly and XGBoost.
Read the tutorialJan 9, 2026
intermediateEmbedded Linux Attack Surface Analysis
Build a stripped embedded Linux image with Buildroot, then audit open ports, syscalls, suid binaries, kernel modules, and writable paths, and harden it.
Read the tutorialJan 8, 2026
advancedFirmware RE with Binwalk and Ghidra
Extract firmware from an IoT update file, unpack the filesystem, identify interesting binaries, and reverse engineer them in Ghidra to find bugs.
Read the tutorialDec 18, 2025
intermediateCross-Compiling with Buildroot and QEMU
Set up an embedded Linux dev environment: build a custom ARM image with Buildroot, boot it in QEMU, and remotely debug binaries with GDB. No hardware required.
Read the tutorialDec 11, 2025
intermediateAnomaly Detection on Linux Audit Logs
Build a lightweight anomaly detection pipeline that flags suspicious Linux sessions using auditd logs, feature engineering, and scikit-learn; no GPU required.
Read the tutorialDec 4, 2025
intermediateBuild a Local RAG Pipeline with Ollama and ChromaDB
A hands-on guide to building a retrieval-augmented generation pipeline that runs entirely on your machine, using security advisories as the knowledge base.
Read the tutorialNov 20, 2025
beginnerWriting Your First Wazuh Custom Decoder and Rule
A step-by-step guide to writing custom Wazuh decoders and rules, from reading a raw syslog line to triggering an alert.
Read the tutorialNov 13, 2025
intermediateRecovering from a Pop!_OS Kernel Panic on System76
Step-by-step recovery for a Pop!_OS kernel panic after an interrupted update.
Read the tutorialNov 6, 2025
advancedWindows Egghunter Exploitation
Use egghunter shellcode to locate and execute a larger payload when buffer space is limited.
Read the tutorialOct 30, 2025
advancedWindows SEH Overflow Exploitation
Exploit Structured Exception Handler (SEH) overflows on Windows, bypassing SafeSEH protections to achieve code execution.
Read the tutorialOct 23, 2025
intermediateWindows Stack Buffer Overflow
Exploit a classic stack buffer overflow on Windows, from crash discovery to shellcode execution using Immunity Debugger and mona.py.
Read the tutorialOct 16, 2025
advancedRemote Exploitation with Socket Reuse Shellcode
Exploit a remote x86 Linux service: leak addresses to bypass PIE, split shellcode across discontinuous buffers, and reuse the socket to evade firewall rules.
Read the tutorialOct 9, 2025
advancedBypassing ASLR on x64 Linux
Defeat Address Space Layout Randomization by leveraging fixed addresses in the binary when PIE is disabled.
Read the tutorialOct 2, 2025
advancedBypassing NX with mprotect ROP Chains
Use Return-Oriented Programming to call mprotect() and make stack memory executable, then jump to shellcode on x64 Linux.
Read the tutorialSep 25, 2025
advancedBypassing NX with ROP on x64 Linux
Use Return-Oriented Programming to bypass NX protection on 64-bit Linux, chaining gadgets to call system() with /bin/sh.
Read the tutorialSep 18, 2025
intermediateROP Gadget Hunting Toolkit
A practical reference for finding, filtering, and verifying ROP gadgets with ropper, ROPgadget, and GDB-PEDA, plus chaining strategies.
Read the tutorialSep 11, 2025
intermediateStack Buffer Overflow on x64 Linux
Exploit stack buffer overflows on 64-bit Linux systems, understanding the differences from x86 including register usage and address handling.
Read the tutorialSep 4, 2025
intermediateReturn-to-libc Attack on x86
Bypass NX protection by returning to libc functions instead of executing shellcode on the stack. Learn to leak addresses and chain function calls.
Read the tutorialAug 28, 2025
beginnerRedirecting Execution to Hidden Functions
Learn how to exploit a basic stack buffer overflow to redirect execution to a hidden function in a SUID binary and gain elevated privileges.
Read the tutorialAug 21, 2025
intermediateBasic Stack Buffer Overflow on x86
A comprehensive guide to exploiting stack buffer overflows on 32-bit Linux systems, from vulnerability discovery to shellcode execution.
Read the tutorialAug 14, 2025
intermediateLinux Syscalls for Exploit Development
How Linux syscalls work at the instruction level, int 0x80 vs syscall, register setup, and the key syscalls used in shellcode and ROP chains.
Read the tutorialAug 8, 2025
beginnerThe Stack: Memory Layout and Function Frames
How the stack works in x86 and x64 Linux: memory layout, push/pop mechanics, function prologues and epilogues, and why overflows overwrite the return address.
Read the tutorialAug 7, 2025
beginnerx86 and x64 Registers and Calling Conventions
A practical guide to CPU registers, partial register access, flags, and how function arguments are passed on x86 and x64 Linux.
Read the tutorialJan 15, 2024
advancedArch Linux Installation Guide
A comprehensive guide to installing Arch Linux with full disk encryption, secure boot, and hardened security configuration.
Read the tutorial
No tutorials match the selected topic.