CyberCode Academy
Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity.🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time.From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning.Study anywhere, anytime — and level up your skills with CyberCode Academy.🚀 Learn. Code. Secure.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy
Course 36 - Windows Forensics and Tools | Episode 14: A Guide to Steganography and OpenStego
In this lesson, you’ll learn about: steganography and how hidden data is embedded inside digital files without raising suspicion1. What Is Steganography?Steganography is the practice of hiding information inside other non-suspicious data such as images, audio, or video files.🔹 Key Idea
Unlike encryption, which hides the content of a message, steganography hides the existence of the message itself.2. Steganography vs Encryption🔹 EncryptionScrambles data into unreadable formClearly shows that secret communication exists🔹 SteganographyHides data inside another fileMakes the communication look completely normal<...
Course 36 - Windows Forensics and Tools | Episode 13: Decoding Registry Artifacts and Connection History
In this lesson, you’ll learn about: Windows USB forensics and how external device activity is tracked through the Windows Registry1. What Is Windows USB Forensics?USB forensics focuses on identifying and analyzing traces left by:
USB flash drivesExternal hard drivesDigital cameras and mobile storage devices🔹 Key Idea
Even after a device is unplugged or removed, Windows keeps permanent evidence of its connection.2. Why USB Devices Leave Forensic EvidenceWhen a USB device is connected, Windows automatically:
Logs device identityStores seria...
Course 36 - Windows Forensics and Tools | Episode 12: A Forensic Guide to Windows User Artifacts
In this lesson, you’ll learn about: Windows user artifacts and forensic activity tracking1. What Are Windows User Artifacts?System-generated traces of user behaviorCreated automatically by Windows and applications🔹 Key IdeaEven if a user deletes files, system artifacts often remain2. Evolution of User Profiles🔹 Older vs Modern WindowsWindows XP:Documents and SettingsWindows 7 / 10 / 11:C:\Users🔹 Why it changedImproved structureBetter separation of user dataEasier forensic navigation3. NTUSER.DAT...
Course 36 - Windows Forensics and Tools | Episode 11: Unlocking Hidden Metadata and Browser History
In this lesson, you’ll learn about: forensic authentication using metadata and browser artifacts1. What is Digital Forensic Authentication?A process of verifying user activity and file origin using hidden dataFocuses on:DocumentsImagesWeb browsing activity🔹 Key IdeaFiles contain more than visible content—they carry hidden identity traces2. File Metadata (Documents & Office Files)🔹 What metadata revealsAuthor nameCreation machineEditing historyLast modified timestamps🔹 Why it mattersHelps identif...
Course 36 - Windows Forensics and Tools | Episode 10: Decoding Metadata and File Internals
In this lesson, you’ll learn about: Windows Recycle Bin forensics and deleted file recovery1. Why the Recycle Bin Matters in ForensicsDeleting a file in Windows does not immediately erase itInstead, Windows:Moves it to a hidden system structureRenames itKeeps both metadata and data intact🔹 Key IdeaThe Recycle Bin is often a hidden evidence repository2. Core Forensic InsightDeleted files usually remain:On disk (physically intact)With modified references only👉 Result:<...
Course 36 - Windows Forensics and Tools | Episode 9: Uncovering Hidden Evidence
In this lesson, you’ll learn about: Windows System Restore Points in digital forensics1. What Are System Restore Points?A Windows feature that creates snapshots of system stateDesigned for recovery after:System failuresBad updatesSoftware issues🔹 Key IdeaThey act as a historical snapshot of system behavior2. Why They Matter in ForensicsRestore points preserve evidence that may be:DeletedWipedModified🔹 Forensic ValueHelps reconstruct:System changes<...
Course 36 - Windows Forensics and Tools | Episode 8: Efficiency, Evidence, and Forensics
In this lesson, you’ll learn about: Windows Prefetch and forensic execution tracking1. What is Windows Prefetch?A Windows performance feature designed to:Speed up application startupReduce disk access time🔹 Key IdeaIt becomes a forensic artifact that records program execution2. How Prefetch WorksWindows monitors the first seconds of an application launchIt records:Files accessedExecution behavior patterns👉 Result:A cached “startup map” is created for faster future runs3. Prefetch File Structu...
Registry Forensics and the User Assist Key
In this lesson, you’ll learn about: Windows Registry artifacts and UserAssist forensics1. Why Registry Artifacts MatterThe Windows Registry stores hidden traces of user activityInvestigators use it to reconstruct:User behaviorApplication usageSystem timelines🔹 Key IdeaEvery click and execution leaves a forensic footprint2. Common Digital Footprints in Windows🔹 Types of artifactsInternet browsing historyEmail attachmentsSkype / communication logsRecently used files (MRU lists)Executed programs👉 Key Insight:
Course 36 - Windows Forensics and Tools | Episode 6: From System Hives to Forensic Analysis
In this lesson, you’ll learn about: Windows Registry structure and forensic analysis1. What is the Windows Registry?A centralized configuration database in WindowsStores system, user, and application settings🔹 Core IdeaThink of it as the brain of Windows configuration2. Registry StructureThe registry is organized in a strict hierarchy:🔹 ComponentsHivesKeysSubkeysValues🔹 AnalogyHive → main database fileKey → folderValue → actual data entry3. Main Root Keys🔹 Key Windows Registry Roots
Course 36 - Windows Forensics and Tools | Episode 5: Structure and Forensic Significance
In this lesson, you’ll learn about: Windows Security Identifiers (SIDs) and user tracking1. What is a Security Identifier (SID)?A SID (Security Identifier) is a unique value assigned to every:UserGroupSecurity principal (system accounts, services)🔹 Core IdeaIt acts like a permanent digital fingerprint in WindowsUsed internally instead of usernames👉 Key Property:A SID is never reused, even if the account is deleted2. Why SIDs ExistWindows needs a stable way to identify identiti...
Course 36 - Windows Forensics and Tools | Episode 4: From Acquisition to Volatility Analysis
In this lesson, you’ll learn about: memory forensics and RAM analysis1. Why Memory Forensics MattersRAM (volatile memory) is one of the most valuable forensic sourcesIt contains data that disappears after shutdown🔹 What RAM can revealRunning processesActive network connectionsCommand historyEncryption keysMalware behavior in real time👉 Key Idea:If disk is “history,” RAM is live truth2. Memory Acquisition (Capturing RAM)🔹 What is memory acquisition?Creating a snapshot of physical RAM for analysi...
Course 36 - Windows Forensics and Tools | Episode 3: Mastering dd.exe for Drives and Memory
In this lesson, you’ll learn about: forensic imaging using the DD utility1. What is DD (Data Dumper)?A low-level command-line tool used for bit-by-bit copyingCommonly used in digital forensics imaging🔹 Core FunctionCopies data from:Input → OutputWithout interpreting or modifying it👉 Key Idea:It creates an exact raw duplicate of data2. Basic DD Syntax🔹 Core Parametersif= → input sourceof= → output destinationbs= → block sizecount= → number of blocks🔹 Example Concept<...
Course 36 - Windows Forensics and Tools | Episode 2: Windows Forensic Imaging and Drive Nomenclature
In this lesson, you’ll learn about: Windows forensic imaging and data structure fundamentals1. What is Forensic Imaging?A bit-by-bit, sector-by-sector copy of a storage deviceCaptures everything, not just visible files🔹 What it IncludesActive files and foldersDeleted filesUnallocated spaceSlack space👉 Key Difference:Not a backup → it is an exact forensic replica2. Why Forensic Imaging MattersPreserves original evidencePrevents modification of:File timestampsMetadata👉 Legal Importa...
Course 36 - Windows Forensics and Tools | Episode 1: Debunking Myths and Mastering Methodology
In this lesson, you’ll learn about: digital forensics in Windows environments1. What is Digital Forensics?Also known as computer forensicsThe application of scientific methods to digital investigations🔹 Core ObjectivesIdentify digital evidencePreserve its integrityAnalyze findingsPresent results for legal use👉 Key Idea:Evidence must be accurate, repeatable, and legally admissible2. Why Focus on Windows?Majority of systems run WindowsWidely used in:Personal computingEnterprise environments🔹 Chal...
Course 35 - Footprinting and Reconnaissance | Episode 8: From Target Reconnaissance to Phishing Execution
In this lesson, you’ll learn about: social engineering attacks and spear-phishing execution1. What is Social Engineering?A psychological attack techniqueTargets human behavior instead of systemsExploits trust, urgency, and curiosity👉 Goal:Trick the victim into revealing information or executing malicious actions2. Phase 1: Reconnaissance (Information Gathering)🔹 Target ProfilingCollect Personally Identifiable Information (PII):Job roleRelationship statusDaily habitsInterests (e.g., pets, hobbies)🔹 Data SourcesSocial media platforms (e.g., mock “mybook”)<...
Course 35 - Footprinting and Reconnaissance | Episode 7: Information Gathering and Domain Reconnaissance Lab
In this lesson, you’ll learn about: reconnaissance using Recon-ng1. What is Recon-ng?A full-featured web reconnaissance frameworkPre-installed on Kali LinuxDesigned to automate OSINT and domain reconnaissance🔹 Core ConceptWorks like a framework (similar to Metasploit)Uses modules to perform different recon tasks👉 Purpose:Build a structured database of target intelligence2. Tool OverviewRecon-ng🔹 Key CapabilitiesDomain intelligence gatheringContact harvestingSubdomain discoveryFile and directory enumeration👉 Adva...
Course 35 - Footprinting and Reconnaissance | Episode 6: Information Gathering with theHarvester in Kali Linux
In this lesson, you’ll learn about: information gathering using theHarvester1. What is theHarvester?
A reconnaissance tool used for Open Source Intelligence (OSINT)Built into Kali LinuxDesigned to collect publicly available data about a target🔹 Core Function
Gathers:Email addressesSubdomainsIP addressesHostnames👉 Purpose:
Build a digital footprint of the target before active testing2. Tool Overview
theHarvester🔹 Data Sources
Search engines:Google
Course 35 - Footprinting and Reconnaissance | Episode 5: Website Mirroring and Footprinting with HTTrack
In this lesson, you’ll learn about: website mirroring using HTTrack for footprinting1. What is Website Mirroring?The process of creating a local copy of a websiteUsed for:FootprintingReconnaissanceOffline analysis👉 Goal:Analyze the target without interacting with the live system repeatedly2. Tool OverviewHTTrack🔹 What HTTrack DoesDownloads:HTML pagesImagesScripts (JavaScript, CSS)👉 Result:A fully browsable offline version of the website3. Lab En...
Course 35 - Footprinting and Reconnaissance | Episode 4: Email and Domain Information Mapping
In this lesson, you’ll learn about: Maltego for visual footprinting and OSINT analysis1. What is Maltego?MaltegoA tool used for:Information gathering (OSINT)FootprintingVisual link analysis👉 Key idea:Instead of raw data → Maltego gives you a visual map of relationships2. Lab Setup (Kali Linux Environment)🔹 PlatformKali Linux🔹 Setup StepsInstall Maltego Community EditionRegister an accountLaunch and create a new graph👉 The graph is your workspace where:Ent...
Course 35 - Footprinting and Reconnaissance | Episode 3: Exploring Shodan and the Google Hacking Database
In this lesson, you’ll learn about: Shodan and Google Dorking (GHDB) in footprinting1. Shodan (Internet-Wide Device Discovery)🔹 What is Shodan?ShodanA search engine designed to find:Internet-connected devicesExposed services🔹 What You Can DiscoverIP addressesOpen portsOperating systemsDevice types (e.g., routers, cameras, servers)🔹 Example Use CaseSearching for:Cisco routersFiltering by:Geographic location👉 Why it matters:Helps identify:Exposed infras...
Course 35 - Footprinting and Reconnaissance | Episode 2: Gathering Intelligence with NSlookup and WHOIS
In this lesson, you’ll learn about: network footprinting using NSlookup and WHOIS1. What is Network Footprinting?The process of gathering technical information about a target domainFocuses on:DNS dataIP addressesDomain ownership👉 Goal:Build a clear profile of the target’s infrastructure2. Using NSlookup (DNS Intelligence)🔹 Tool OverviewNSlookupA command-line tool used to query:DNS (Domain Name System) records🔹 What You Can DiscoverDomain → IP address mappingDNS servers...
Course 35 - Footprinting and Reconnaissance | Episode 1: Methodology, OSINT Tools, and Lab Setup
In this lesson, you’ll learn about: footprinting, OSINT, and setting up a penetration testing lab1. Penetration Testing Methodology🔹 The First Rule: Legal ScopeBefore any testing:Define scope clearlyGet explicit permission👉 Why it matters:Protects you legallyDefines what systems you can testPrevents unauthorized access issues2. Footprinting & Reconnaissance🔹 DefinitionThe process of gathering information about a target before attacking🔹 Types of Footprinting🟢 Passive FootprintingNo direct interaction with the targetUses publicly available data
Course 34 - Cybersecurity Kill Chain | Episode 4: Command, Objectives, and Defense in Depth
In this lesson, you’ll learn about: Command & Control (C2), Actions on Objectives, and Defense in Depth1. Command & Control (C2) Phase🔹 Definition
The stage where an attacker establishes a communication channel with a compromised system🔹 Purpose
Send commands to the infected machineReceive exfiltrated dataMaintain persistent remote access🔹 Evasion Techniques
Attackers disguise communication as normal traffic👉 Example:
Using platforms like:TwitterWhy this works:Traffic appears legitimateBlends into normal us...
Course 34 - Cybersecurity Kill Chain | Episode 3: Delivery, Exploitation, and Installation
In this lesson, you’ll learn about: Delivery, Exploitation, and Installation in the Cyber Kill Chain1. Delivery Phase (Getting the Payload to the Target)🔹 DefinitionThe process of transferring the malicious payload to the victim🔹 Common Delivery Methods📡 Technical MethodsUsing exposed services:FTP uploadsWeb downloads💾 Physical MethodsInfected USB drives left in:OfficesPublic places🎭 Social Engineering (Most Effective)Tool:Social Engineering Toolkit (SET)Used for:Spear-phishing campaignsMass phishing e...
Course 34 - Cybersecurity Kill Chain | Episode 2: Active Reconnaissance and Weaponization Strategies
In this lesson, you’ll learn about: Active Reconnaissance and Weaponization in the Cyber Kill Chain1. Transition: From Recon to ActionAfter passive recon, attackers move to:Active Reconnaissance → direct interactionThen → Weaponization → building attack tools👉 This is the shift from:Collecting information → Preparing the attack2. Active Reconnaissance (Deep Target Profiling)🔹 DefinitionDirectly interacting with the target system to gather:Technical detailsHuman-related intelligence🔹 Technical TechniquesPort Scanning & FingerprintingTools:NmapZenmapDiscov...
Course 34 - Cybersecurity Kill Chain | Episode 1: Reconnaissance and Footprinting Fundamentals
In this lesson, you’ll learn about: reconnaissance in the Cyber Kill Chain1. What is Reconnaissance?Reconnaissance is the first phase of the Cyber Kill ChainIt focuses on:Gathering information about a target👉 Why it matters:It forms the foundation of the entire attackPoor recon = weak attackStrong recon = precise targeting2. Passive Reconnaissance (Footprinting)🔹 DefinitionCollecting information without directly interacting with the target👉 Low risk of detection🔹 Common Techniques🌐 Network Information GatheringTools like:whois → domain...
Course 33 - Static Analysis for Reverse Engineering | Episode 5: Register Fundamentals, Graphical Analysis, and the Easy Peasy Solution
In this lesson, you’ll learn about: cracking 64-bit software and understanding architectural differences1. Transition from 32-bit to 64-bit🔹 Register Naming Changes32-bit:EAX, EBX, ECX64-bit:RAX, RBX, RCX🔹 New RegistersAdditional registers introduced:R8 → R15👉 These give you:More space for data handlingMore efficient execution2. Key Difference: Parameter Passing🔹 32-bit SystemsArguments passed via:Stack🔹 64-bit SystemsArguments passed via:Registers (faster & cleaner)🔹 Common Calling...
Course 33 - Static Analysis for Reverse Engineering | Episode 4: Static Analysis and Software Patching in x64dbg
In this lesson, you’ll learn about: applying static analysis and patching to modify software behavior1. Core ConceptThis episode demonstrates how to use x64dbg with the xAnalyzer plugin to:Analyze program logic without constant executionIdentify and modify key instructionsAlter how a program enforces trial limitations2. Locating Critical LogicSearch for meaningful strings like:"trial period remaining"This helps you:Jump directly to the function responsible for:License checksExpiration logic3. Visualizing Program Flow...
Course 33 - Static Analysis for Reverse Engineering | Episode 3: Graphical Reverse Engineering with x64dbg
In this lesson, you’ll learn about: graphical static analysis and Control Flow Graphs (CFGs)Review AnswerWhen analyzing a Control Flow Graph (CFG) in x64dbg with the xAnalyzer plugin:🔹 What Green and Red Arrows RepresentGreen arrowsRepresent the successful condition (TRUE branch)The path taken when a comparison or condition is metRed arrowsRepresent the failed condition (FALSE branch)The path taken when the condition is not met🔹 How They Help in Reverse EngineeringAfter a comparison instruction (like CMP):The program...
Course 33 - Static Analysis for Reverse Engineering | Episode 2: Tool Setup, xAnalyzer Integration, and Database Maintenance
In this lesson, you’ll learn about: setting up a reverse engineering lab and enhancing x64dbg with plugins1. Essential Tools for Your LabTo build a solid analysis environment, you need:🔹 Core Toolsx64dbgMain debugger for static & dynamic analysisDetect It Easy (DIE)Identifies:PackersCompilersFile signatures🔹 Best PracticeOrganize tools in:Dedicated folders (e.g., C:\RE_Lab\Tools)👉 Keeps workflow clean and efficient2. Enhancing x64dbg with xAnalyzer PluginPlugin:xAnaly...
Course 33 - Static Analysis for Reverse Engineering | Episode 1: Static Analysis and Graphical Visualization in x64dbg
In this lesson, you’ll learn about: static vs dynamic analysis and visual debugging with x64dbg1. Static vs Dynamic Analysis🔹 Static Analysis
Analyze program without executing itFocus on:Code structureAssembly instructionsLogic flow🔹 Dynamic Analysis
Execute the programObserve:Runtime behaviorMemory changesReal-time execution👉 Both are essential for reverse engineering2. Using x64dbg
A powerful debugger that supports:Static analysisDynamic analysis🔹 Key...
Course 32 - Checkpoint CCSA R80 | Episode 12: Managing Processes, Web Ports, and System Backups
In this lesson, you’ll learn about: Check Point R80 services, WebUI access control, and system backup management1. Core Check Point ProcessesIn Check Point R80, the management server depends on several critical background services.🔹 Key DaemonsCPMMain management serviceHandles SmartConsole operationsFWMManages communication with SmartConsoleDirectly affects administrator connectivityCPDGeneric system daemonSupports multiple internal services🔹 Process Monitoring Toolcpwd_admin list👉 Shows all running Check Point processes🔹 Critical InsightIf FWM stops...
Course 32 - Checkpoint CCSA R80 | Episode 11: Managing and Troubleshooting Check Point Gaia via the Command Line Interface
In this lesson, you’ll learn about: Gaia CLI administration, troubleshooting, and system recovery in Check Point R801. CLI Access and NavigationIn Check Point Gaia, administrators manage gateways via CLI🔹 Access MethodsConsole (physical access)SSH remote accessSmartConsole integration🔹 Productivity ShortcutsTab → auto-complete commandsEnter → executeSpace → paginate outputQ → quit long outputs🔹 Network ConfigurationView and modify:IP addressesMTU settings🔹 Critical Stepsave configEnsures c...
Course 32 - Checkpoint CCSA R80 | Episode 10: VPN Implementation, Tunnel Management, and Advanced Security Monitoring
In this lesson, you’ll learn about: VPN management, real-time monitoring, and event correlation in Check Point R801. IPsec Site-to-Site VPN (Full Implementation)In Check Point R80, VPNs secure communication between networks over the internet🔹 Core ComponentsEnable IPsec on gatewaysDefine:VPN Communities (Star / Mesh)VPN Domains (protected networks)🔹 Advanced ControlLink SelectionChoose which interface/IP is used for VPN peering👉 Useful for:Multi-ISP setupsRedundancy and routing control2. VPN Tunnel Management...
Course 32 - Checkpoint CCSA R80 | Episode 9: Advanced Threat Prevention and Secure Site-to-Site Connectivity
In this lesson, you’ll learn about: layered security, anti-spoofing, and VPNs in Check Point R801. Layered Security with Policy PackagesIn Check Point R80, security is built in layers, not just a single rulebase🔹 Two Main Layers✅ Access ControlControls:Who can access whatUses:URL FilteringApplication Control✅ Threat PreventionProtects against:MalwareExploitsZero-day attacks🔹 Key BladesIPS (Intrusion Prevention System)Anti-VirusThreat Emulation (sandboxing)<...
Course 32 - Checkpoint CCSA R80 | Episode 8: HTTPS Inspection, URL Filtering, and Identity Awareness
In this lesson, you’ll learn about: HTTPS inspection, advanced filtering, and identity-based security in Check Point R801. HTTPS Inspection (Deep Traffic Visibility)In Check Point R80, HTTPS traffic is encrypted → normally invisible to firewalls🔹 The ProblemMalware or attacks can hide inside:SSL/TLS encrypted traffic🔹 The Solution: HTTPS InspectionGateway acts as a proxy:Intercepts HTTPS trafficDecrypts it in memoryInspects contentRe-encrypts and forwards🔹 Key RequirementsEnable inspection policyInstall and t...
Course 32 - Checkpoint CCSA R80 | Episode 7: NAT, Gateway Redundancy, and Software Blades
In this lesson, you’ll learn about: advanced NAT, redundancy (ClusterXL), and Software Blades in Check Point R801. Advanced NAT ImplementationIn Check Point R80, you can combine manual + automatic NAT🔹 Real ScenarioManual Destination NATPublic IP → Internal web server (port 80)Automatic Hide NATInternal server → Internet (outbound traffic)🔹 Key InsightSame server can use:Static NAT (incoming)Hide NAT (outgoing)🔹 Troubleshooting TipEnsure NAT rules are applied to:Correct policy targets (gateways)
Course 32 - Checkpoint CCSA R80 | Episode 6: Mastering NAT Types, Priority Hierarchies, and Manual Rules
In this lesson, you’ll learn about: advanced NAT design, rule priority, and manual translation in Check Point R801. NAT Fundamentals in Check Point R80In Check Point R80, NAT controls how private and public networks communicate🔹 Hide NAT (Source NAT)Many internal devices → one public IPTypically uses:Gateway’s external IP🔹 Use CasesInternet browsingOutbound traffic🔹 Static NAT (Destination NAT)One public IP ↔ one internal server🔹 Use CasesHosting:Web serversMail s...
Course 32 - Checkpoint CCSA R80 | Episode 5: Policy Management, Troubleshooting, and NAT Foundations
In this lesson, you’ll learn about: policy packages, troubleshooting, implied rules, and NAT in Check Point R801. Policy Packages for Scalable Management
In Check Point R80, policy packages allow you to organize rules per gateway🔹 Why Use Policy Packages
Avoid one large, complex policyAssign specific rule sets to each firewall🔹 Example
Firewall 1 → Internal traffic rulesFirewall 2 → DMZ or external access rules🔹 Key Action
Clone an existing policyAssign it to a specific gateway👉 Improves...
Course 32 - Checkpoint CCSA R80 | Episode 4: Layers, Timing, and Collaborative Firewall Management
In this lesson, you’ll learn about: advanced policy optimization, rule structuring, and collaborative management in Check Point R801. Time-Based Security PoliciesIn Check Point R80, rules can depend on time conditions🔹 How It WorksCreate time objects (e.g., 12 PM → 12 AM)Attach them to firewall rules🔹 Example Use CasesAllow admin access only during work hoursBlock risky services at night👉 Adds an extra layer of contextual security2. Organizing Policies with Section Titles🔹 PurposeImprove readability and structure🔹 Example Sections
