Pricing

Premium

One free path. One subscription. No tiers, no add-ons, no per-seat math. The library grows; the price doesn’t.

Invest in the skill that makes every other skill visible.

FreePermanent

$0forever

One full attack path, end to end — so you can decide whether the explanation actually clicks for you.

  • What’s included
  • 23 lessons with interview answers, stakeholder explanations, and report-ready language
  • Quiz, flashcards, and brief for every free lesson
  • 5 guided learning tracks with structured progression
  • A full real-world attack path: end-to-end compromise walkthrough from recon to domain takeover
  • Progress tracking across lessons, tracks, and attack paths
Browse free lessons

No credit card

Premium

$15/ month

Everything in Free, plus the rest of the library — every Technique, every attack path, every interview answer.

  • Everything in Free, plus
  • All 44 lessons: AD techniques, professional skills, each with interview answers and study kits
  • Complete study kit for every lesson: quizzes, flashcards, and briefs
  • Every learning track with full structured progression
  • All 9 attack paths: full compromise walkthroughs for interviews and reports
  • New lessons and attack paths added regularly
Start Premium

Cancel any time

What you’ll be able to say

Proof of value, not a feature list.

An interview answer pulled from one Premium Technique lesson, in the exact treatment it ships in. This is what every Technique in the library produces — three audiences, three callouts, the words you can actually say out loud.

TTechnique · Active Directory

AS-REP Roasting

Interview answer

“AS-REP Roasting works on accounts that have Kerberos pre-authentication disabled. Normally a client has to prove they know the password before the KDC will issue a ticket — pre-auth is that proof. With it turned off, anyone on the network can ask for an AS-REP for that account, and the response contains a chunk encrypted with the user’s password hash. Crack offline, no failed logins on the domain controller.”

— from “AS-REP Roasting” · Premium · Active Directory track

Questions

The plain answers.

Do I need a lab subscription elsewhere?

Not from us. We teach the explanation, not the lab. For hands-on practice you can spin up your own home lab or use whichever training platform you already prefer — we sit alongside those, not on top of them.

Most lessons stand on their own without a lab. The ones that benefit from one say so up front.

Is this for beginners or experienced operators?

Both, but the center of gravity is the operator who can run the exploit and now needs to explain it. If you’ve never seen Active Directory before, the Foundational lessons assume that and build up. If you’ve been doing pentests for five years, the interview answer and report language blocks are still the part you didn’t get from the lab.

If we had to pick one reader: someone preparing for their second or third security interview.

What's actually free?

One complete attack path. That includes the Foundational and Essential Skills lessons it depends on, the Technique with all three callout blocks, and the full study kit (quiz, flashcards, brief).

Free is permanent. The path doesn’t expire, doesn’t trial out, doesn’t gate the third callout. It’s the same product Premium subscribers use, scoped to one path.

How do I cancel?

Account settings, one button. No email, no retention flow, no “are you sure?” three times. You keep access through the end of the billing period; the free path stays free regardless.

When are new lessons added?

On a calm cadence — usually one new Technique every two to three weeks, with the Foundational and Essential Skills lessons that support it. We don’t run a content calendar for the sake of one. We add a lesson when the three callouts are good enough to ship.

Do you offer refunds?

If Premium isn’t what you expected within the first 14 days, email us and we’ll refund the month, no questions. After that, cancel and you keep access through the period you paid for.

By subscribing, you agree to the Terms of Service and Privacy Policy.