CyberCode Academy

In this lesson, you’ll learn about:Building a Professional PortfolioCreating a GitHub account and configuring it for public repositoriesInitializing repositories specifically for Python projectsUploading and organizing files to showcase practical work for employersSetting Up a Windows-Based Technical WorkspaceInstalling Python 3 and verifying it is correctly added to the system PATHInstalling Notepad++ for code editing and pinning it for quick accessPreparing essential analysis tools:Process Explorer (system monitoring)PsExec (remote execution and administrative tasks)Dependency Walker (PE file structure and reverse engineering)Integrating Online and Local ResourcesCombining GitHub portfolio with local analysis tools for a fully functional workflowEnsuring readiness for practical scripting and system analysis exercisesKey OutcomeA professional online presence plus a configured virtual workspace ready for the course’s technical exercises.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:The major security threat categories in machine learning: model stealing, inversion, poisoning, and backdoorsHow model stealing attacks replicate black-box models through API queryingWhy attackers may clone models to reduce costs, bypass licensing, or craft offline adversarial examplesThe concept of model inversion, where sensitive training data (e.g., faces or private attributes) can be partially reconstructed from learned weightsWhy deterministic model parameters can unintentionally leak informationHow data poisoning attacks manipulate training datasets to degrade accuracy or shift decision boundariesThe difference between availability attacks (general performance drop) and targeted poisoning (specific misclassification goals)Why some architectures—such as CNN-based systems—can appear statistically robust yet remain strategically vulnerableHow backdoor (trojan) attacks embed hidden triggers during training or model updatesWhy backdoors are difficult to detect due to normal performance under standard conditionsDefensive & Mitigation Strategies This episode also highlights why ML systems must be secured across their lifecycle:Restrict and monitor API query rates to reduce model extraction riskApply differential privacy and regularization to limit inversion leakageValidate training datasets with integrity checks and anomaly detectionUse robust training techniques and adversarial testing to evaluate resiliencePerform model auditing and trigger scanning to detect backdoorsSecure the supply chain for datasets, pretrained models, and updatesYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:What deepfakes are and how neural networks enable face, voice, and style transferThe standard face swap pipeline: extraction → preprocessing → training → predictionWhy conducting a local dry run helps validate datasets before scaling to expensive GPU environmentsThe importance of face alignment, sorting, and dataset cleaning to reduce false positivesHow lightweight models are used for parameter tuning before full-scale trainingThe role of GPU acceleration in deep learning workflowsWhy cloud platforms like Google Cloud are used for large-scale model trainingThe importance of compatible drivers (e.g., NVIDIA drivers) in deep learning setupsHow frameworks such as TensorFlow power neural network trainingHow frame rendering and encoding tools like FFmpeg compile processed frames into videoHow training previews help visualize model convergence from noise to structured outputsEthical & Professional ConsiderationsAlways obtain explicit consent from anyone whose likeness is usedUnderstand laws regarding impersonation, fraud, and non-consensual synthetic mediaConsider watermarking or disclosure when creating synthetic contentBe aware that deepfake techniques are actively studied in media forensics and detection researchYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:The difference between white-box and black-box threat models in machine learning securityWhy gradient-based models are vulnerable to carefully crafted input perturbationsThe core intuition behind the Fast Gradient Sign Method (FGSM) as a sensitivity-analysis techniqueHow adversarial perturbations exploit a model’s local linearity and gradient structureThe purpose of adversarial ML frameworks like Foolbox in controlled research environmentsHow pretrained architectures such as ResNet are evaluated for robustnessWhy datasets like MNIST are commonly used for benchmarking security experimentsThe security risks of exposing prediction APIs in black-box servicesWhy production ML systems must assume adversarial interactionDefensive Takeaways for ML Engineers Rather than attacking models in the wild, security teams use adversarial research to:Measure model robustness before deploymentImplement adversarial training to improve resilienceApply input preprocessing defenses and anomaly detectionLimit prediction confidence exposure in public APIsMonitor query patterns to detect probing behaviorUse ensemble methods and hybrid ML + rule-based detection systemsWhy This Matters: Adversarial machine learning highlights that high accuracy ≠ high security.Models that perform well on clean data may fail under minimal, human-imperceptible perturbations. Robustness must be treated as a first-class engineering requirement, especially in:Autonomous systemsBiometric authenticationMalware detectionFinancial fraud systemsYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:What adversarial machine learning is and why ML-based malware classifiers are vulnerable to manipulationThe difference between feature-engineered models like Ember and end-to-end neural approaches like MalConvWhy handling real malware (e.g., Jigsaw ransomware) requires a properly isolated virtual machine labHow libraries such as LIEF and pefile are used to safely parse and analyze Portable Executable (PE) structuresThe concept of model decision boundaries and detection thresholdsWhy “benign signal injection” works conceptually (model blind spots and over-reliance on superficial features)The security risk of overlay data and section manipulation in static analysis pipelinesThe difference between gradient boosting models and deep neural networks in robustness and feature sensitivityHow adversarial examples reveal weaknesses in ML-based security productsDefensive strategies for improving robustness against evasion attemptsDefensive Takeaways for Security Teams Instead of bypassing detection, professionals use these insights to:Strengthen feature engineering to reduce manipulation opportunitiesNormalize or strip non-executable overlay data before classificationIncorporate adversarial training to improve model resilienceCombine static and dynamic analysis to detect functionality, not just file structureMonitor for abnormal file padding and suspicious section anomaliesImplement ensemble detection strategies rather than relying on a single modelYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:What fuzzing is and why it’s a powerful technique for discovering software vulnerabilitiesThe difference between basic randomized fuzzing and more advanced, coverage-guided approachesHow code coverage helps measure which parts of a program are exercised during testingWhy naive random input generation is inefficient for complex formats like PDFsThe concept of mutation-based fuzzing, including byte-level modifications such as insertion, deletion, swapping, and randomizationHow evolutionary fuzzing applies principles from genetic algorithms to improve input effectivenessThe role of a fitness function in selecting high-value test casesHow recombination and mutation evolve a population of inputs to reach deeper code pathsHow professional tools like American Fuzzy Lop instrument compiled programs to detect unique crashes and segmentation faultsWhy fuzzing is critical for secure software development and proactive vulnerability discoveryYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:How CAPTCHA systems (like Really Simple CAPTCHA for WordPress) are designed to prevent automated abuseThe role of reconnaissance in identifying security mechanisms on web applications (for defensive testing with permission)How OpenCV is used in computer vision for:Grayscale conversionImage thresholdingNoise reduction and morphological operations (e.g., dilation)Contour detection and character segmentationThe fundamentals of building a Convolutional Neural Network (CNN) using frameworks like KerasWhy preprocessing (normalization, resizing, padding) is critical for image-based ML accuracyHow browser automation tools such as Selenium function in legitimate contexts (e.g., QA testing, regression testing, accessibility testing)Why CAPTCHA systems can be vulnerable to ML advances—and how modern defenses evolve in responseDefensive & Ethical Takeaway Instead of bypassing CAPTCHAs, security professionals use this knowledge to:Strengthen bot mitigation strategiesImplement more resilient human verification systemsDetect automated abuse patternsTransition toward modern solutions like behavioral analysis and risk-based authenticationYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:What digital identity is and how IP and MAC addresses are used to track usersWhy masking an IP address is essential for protecting location and online activityHow the Tor network provides anonymity by routing traffic through multiple global nodesThe role of ProxyChains in forcing applications to operate through anonymizing networksWhat a MAC address represents and how it can be used for device-level identificationWhy MAC address randomization helps prevent physical and network-based trackingThe limitations and risks of anonymity tools when used incorrectlyHow combining multiple techniques creates a layered anonymity strategyEthical and defensive use cases for anonymity in privacy protection and security researchYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:Why default router settings are a major security risk and commonly targeted by attackersHow changing the administrative IP address reduces exposure to automated attacksThe importance of replacing default usernames and passwords with strong, unique credentialsWhy disabling WPS is critical to preventing brute-force and PIN-based attacksHow enabling modern encryption standards strengthens wireless network protectionThe role of built-in router firewalls in safeguarding connected devicesHow securing local and remote management settings closes common attack vectorsPractical steps to harden a home network against unauthorized access and exploitationYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:Using a Raspberry Pi as a mobile platform for wireless penetration testingLeveraging Wifite, an automated tool for auditing Wi‑Fi networksExploiting WPS vulnerabilities through the Pixie Dust attack to quickly recover router credentialsPerforming dictionary attacks on WPA/WPA2 networks by capturing handshake packets and testing against common password listsUnderstanding the security implications of handshake interception and why strong, unique passwords are criticalRecognizing the importance of disabling outdated protocols like WPS to protect networks from automated attacksApplying these methods in a controlled, ethical penetration testing environment to evaluate wireless security defensesYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:How a Raspberry Pi can be configured as a portable wireless security labMethods for remotely accessing a headless Raspberry Pi using command-line and graphical interfacesThe concept of wireless interference and denial-of-service at a high level (without operational details)Differences between automated and manual approaches to wireless disruption from a conceptual standpointWhat monitor mode is and why it matters in wireless security researchHow de-authentication behavior works in Wi-Fi protocols and why it represents a security riskLegal and ethical considerations surrounding wireless jamming and de-auth testingDefensive implications: how these techniques inform network hardening and intrusion detectionWhy understanding attack mechanics helps administrators detect, prevent, and respond to wireless abuse.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:How to convert a standard Raspberry Pi into a portable penetration testing deviceThe required hardware components, including a touchscreen display, portable power source, and external wireless adapterWhy a specialized Wi‑Fi adapter with packet injection support is essential for advanced network attacksThe step-by-step assembly process for building a compact, mobile setupHow to flash a customized penetration-testing operating system onto a high-capacity SD cardThe role of pre-installed hacking and auditing tools in streamlining field operationsHow this DIY build supports real-world wireless testing, cybersecurity labs, and offensive security projectsWhy portability and modular design are key advantages for on-the-go security researchYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:The purpose of this segment as a preparation and logistics guide for working with single-board computersWhere to acquire Raspberry Pi hardware, with emphasis on the official Raspberry Pi websiteThe advantages of purchasing bundled kits that include SD cards, power adapters, and essential peripheralsThe Raspberry Pi 3 as the minimum recommended model for following the courseCost-saving options through third-party online retailers and curated resource linksHow proper hardware preparation helps ensure a smooth transition into the technical hacking curriculumWhy having the correct equipment upfront is critical before moving into hands-on exploitation and lab workYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:What a Raspberry Pi is and why it’s described as a low-cost, credit-card-sized single-board computerHow installing an operating system on a micro SD card turns the device into a fully functional computerThe types of operating systems supported, including Linux and WindowsCommon use cases such as DIY projects, robotics, and embedded systemsWhy the Raspberry Pi’s portability and low power consumption make it especially valuableHow this course specifically repurposes the Raspberry Pi into an advanced hacking machineThe role of this lecture as a foundational overview preparing students for hands-on, technical applicationsYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:The forensic purpose of Inception for accessing live, locked systems without powering them downWhy volatile memory preservation makes Inception valuable during on-scene triageHow the DMA exploit works via FireWire and Thunderbolt interfacesThe concept of planting a temporary RAM-based authentication bypass that disappears after rebootHow Inception is integrated into the Paladin forensic suiteThe practical setup process, including booting Paladin, escalating privileges with sudo -s, and running inceptThe importance of selecting the correct operating system signature for a successful attackIndicators of successful execution, such as “patch verified”Legal and ethical considerations when using memory-writing exploits in forensic workWhy validation testing and thorough documentation are critical for courtroom defensibilityHow Inception enables subsequent RAM acquisition and live system analysisYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:A technical overview of memory acquisition using Magnet RAM Capture and FTK ImagerHow RAM footprint size affects evidence integrity during live memory collectionThe key features of Magnet RAM Capture, including custom output paths and memory image splittingWhy file segmentation is operationally important when handling large RAM capturesThe role of FTK Imager as a multifunctional triage and imaging toolFTK Imager’s additional capabilities, such as registry collection, hexadecimal viewing, and logical drive previewPerformance benchmarking results, including memory dump speed for large RAM sizesStrategic considerations for tool selection and justification in forensic investigationsA professional workflow approach combining lightweight tools first and heavier tools later based on investigative needsYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:The role of RAM acquisition in digital forensics and why volatile memory is critical evidenceHow benchmarking RAM extraction tools helps investigators make defensible tactical decisionsA technical comparison between Belkasoft RAM Capturer and Magnet RAM CaptureThe trade-offs between system footprint and extraction speed during live memory captureHow both tools operate in kernel mode and why this matters for bypassing OS protectionsDifferences in output formats (.mem vs .dmp) and their forensic implicationsPractical factors for tool selection, including execution method, performance on large RAM sizes, and operational impact on the target systemYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:Why Benchmarking RAM Extraction Tools MattersHow benchmarking supports defensible tool selection in forensic investigations.Using measurable metrics to justify decisions during reports or court testimony.Understanding that different systems and environments can affect tool behavior.Key Benchmarking CriteriaRAM Footprint: Measuring how much memory the tool consumes while running and how much evidence it overwrites.Extraction Speed: Evaluating how fast a full memory dump can be completed, especially when using high-speed media like USB 3.0 drives.Execution Context: Distinguishing between kernel-mode and user-mode tools, with kernel-mode execution preferred for bypassing OS-level protections such as anti-debugging and anti-dumping mechanisms.MoonSols DumpIt: Technical EvaluationWhy DumpIt is favored for live response and incident handling.Its portable design, allowing execution directly from removable media without installation.An exceptionally small memory footprint (under 1 MB), minimizing evidentiary impact.Proven efficiency, capable of dumping large memory sizes (e.g., ~9 GB) in a matter of minutes.Automatic output as a raw memory image, simplifying downstream analysis and tool compatibility.Live Benchmarking and VerificationObserving DumpIt in real time using Task Manager to confirm actual memory usage.Correlating observed performance with documented benchmarks.Recognizing the significance of the final success confirmation and proper storage of the raw memory image for triage and analysis.By the end of this episode, you’ll be able to benchmark RAM acquisition tools systematically, understand why DumpIt is often chosen as a primary option, and confidently explain your tool selection based on measurable, repeatable criteria rather than preference alone.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:Why RAM Is Critical Forensic EvidenceHow volatile memory captures data that never touches disk and is lost on shutdown.Recovering private browsing sessions, chat data, webmail content, and remnants of failed wiping attempts.Identifying in-memory malware, including rootkits, injected code, and hidden processes that evade disk-based scanners.Extracting encryption keys and credentials (e.g., BitLocker, TrueCrypt, cached passwords) that unlock otherwise inaccessible evidence.The “RAM Debate”: When to Capture vs. When to SkipUnderstanding how missing RAM evidence can be argued as exculpatory in court.Evaluating the forensic footprint: every capture tool overwrites some memory.Making defensible decisions to omit RAM collection when:The suspect has confessed.Disk artifacts already answer the investigative questions.Live triage indicates the system was likely uninvolved.Learning how to justify your decision either way in reports and testimony.RAM Footprint and Evidentiary IntegrityWhat a RAM footprint is and why courts care about it.Minimizing contamination by selecting lightweight, trusted tools.Documenting tool choice, execution order, and system state to maintain credibility.Hardware Preparation for Live Memory CaptureWhy USB 3.0 magnetic hard drives are preferred over flash drives:Faster acquisition times.Higher capacity for large memory dumps.Reduced risk of incomplete captures.Planning storage capacity based on installed system RAM.Tool Redundancy and Operational ReadinessWhy investigators should maintain 2–4 validated RAM tools.Handling failures caused by OS updates, drivers, or endpoint security controls.Understanding that redundancy is a professional requirement, not overkill.Recommended Free RAM Capture ToolsDumpIt – simple, fast, minimal user interaction.Belkasoft Live RAM Capturer – reliable and widely court-tested.Magnet RAM Capture – integrates cleanly with Magnet analysis workflows.FTK Imager – versatile option when already deployed on-scene.By the end of this episode, you’ll understand not just how to extract RAM, but when, why, and how to defend your decision under scrutiny—turning volatile memory into some of the most powerful evidence in a live forensic investigation.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy

In this lesson, you’ll learn about:Validating Network Drive Activity with ShellbagsHow Windows Shellbags act as a silent witness for user interaction with network shares and mapped drives.Why UsrClass.dat is a critical artifact for proving access to remote resources, even when permissions are restricted.Recording Remote Folder AccessHow accessing a mapped network drive (e.g., Z:) generates Shellbag entries.Capturing exact remote folder paths (such as administrative or restricted directories) that a user navigated to.Demonstrating that Shellbags records navigation, not just file creation or modification.Timestamp Behavior in Network ShellbagsUnderstanding how remote MAC times are copied and stored locally:Last Accessed Time: Often reflects the precise moment the user viewed or entered the network folder.Last Written Time: May indicate when the network drive was first connected or when folder view settings were changed.Created Time: Represents the state of the folder metadata at the moment it was first recorded in Shellbags.Recognizing that all timestamps must be interpreted in UTC and converted to local time for reporting.Event Reconstruction and AttributionReconstructing timelines that show who accessed which network location and when.Correlating Shellbag entries with other evidence to confirm intentional user interaction rather than background system activity.Differentiating between mere drive connection and active navigation into specific subfolders.Investigative and Evidentiary ValueUsing Shellbag evidence to prove file awareness and knowledge, not just theoretical access.Supporting cases involving unauthorized access, insider threat activity, or data exfiltration.Reinforcing why Shellbags are especially powerful when files no longer exist or access logs are unavailable.By the end of this episode, you’ll be able to confidently analyze Shellbag artifacts related to network drives, interpret their timestamps accurately, and use them to demonstrate user knowledge and interaction with remote file systems in a forensic investigation.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy