CyberEd Academy · Instructor-led catalog

Taught by the researchers who find the bugs.

AI security, hardware exploitation, offensive operations, cloud and infrastructure pentesting, reverse engineering, strategic leadership. Pulled from the Nullcon Goa 2026 and Hardwear.io USA 2026 trainer networks.

Nullcon
Nullcon Goa 2026
Software · AI · Offense · Cloud
17 trainings
SoftwareFoundational
Nullcon

AI Security: Terminating The Terminator

Nikhil Joshi

A 3-day course covering both the fundamentals of how AI systems are built and the security vulnerabilities they introduce. Part 1 builds intuition on ML algorithms (CNN, LLMs, RAG, Agentic AI); Part 2 dives into adversarial attacks, model stealing, data poisoning, prompt injection, jailbreaks, and attacks against agentic AI and MCPs.

AI SecurityLLMAdversarial ML+2
3d
On-Site
$2,500
SoftwareIntermediate
Nullcon

Advanced Hands-On AI Security Workshop

Jitendra Chauhan & Jayant Sharma

A 3-day advanced offensive and defensive AI security workshop covering automated red teaming, OWASP Top 10 LLM risks, AI agent attack surfaces, and defensive architectures. Day 1 focuses on jailbreaking and automated model evaluation; Day 2 covers OWASP LLM app testing and data poisoning; Day 3 targets AI agents and adversarial testing with a hackathon.

AI Red TeamingOWASP LLMGarak+2
3d
On-Site
$2,800
HardwareFoundational
Nullcon

Building Secure Firmware: Best Practices and Labs

Riddhi Shree

A hands-on 3-day journey into embedded and IoT firmware security covering secure coding fundamentals, vulnerability discovery, and incident response. Participants gain skills to identify and mitigate common firmware risks, implement secure update mechanisms, and harden devices using real lab exercises.

FirmwareEmbedded SecurityIoT+2
3d
On-Site
$2,500
SoftwareIntermediate
Nullcon

Hacking Modern Web & Desktop Apps: Master the Future of Attack Vectors

Abraham Aranguren, Anirudh Anand & Ashwin Shenoi

A comprehensive 3-day practical course covering penetration testing of modern web applications (Node.js/JavaScript frameworks) and Electron desktop apps. Students learn to identify attack surfaces, exploit vulnerability patterns at runtime and source-code level, bypass protections, and use CTF challenges to sharpen skills. Includes lifetime access to training portal.

Web SecurityDesktop AppsElectron+2
3d
On-Site
$2,800
SoftwareIntermediate
Nullcon

A Hands-On Guide to Hardening Kubernetes & Cloud-Native Infrastructure

Chandrapal Badshah

A defensive-focused 3-day hands-on training on securing Kubernetes and cloud-native infrastructure by studying real attack patterns and building multi-layered defenses. Participants implement RBAC, network policies, policy engines (OPA/Kyverno), supply chain security (SLSA), and runtime detection via eBPF (Tetragon). Each participant receives a dedicated Kubernetes cluster.

KubernetesCloud SecurityDevSecOps+2
3d
On-Site
$2,500
SoftwareAdvanced
Nullcon

Advanced Infrastructure Security Assessment

Prashant Mahajan & Sebastian Neef

An advanced 3-day infrastructure penetration testing course covering manual exploit development, Active Directory attacks, and modern evasion techniques in enterprise environments. Participants exploit hardened web apps, bypass network isolation, perform AD reconnaissance and lateral movement (Pass-the-Hash, Kerberoasting, DCSync), and attack hybrid cloud (Entra ID).

Infrastructure SecurityActive DirectoryPenetration Testing+2
3d
On-Site
$3,200
SoftwareAdvanced
Nullcon

AdversaryOps: Engineering Red Team Tradecraft

Manish Gupta & Yash Bharadwaj

A 3-day advanced red team tradecraft course covering APT TTPs, OPSEC-safe infrastructure, custom offensive tooling development, and EDR/host/network control bypasses. Students build resilient phishing infrastructure, develop offensive C# tooling, bypass AMSI/CLM/ASR rules, and conduct stealthy operations. Includes 30-day access to a simulated HealthCare Cyber Range.

Red TeamAPTEDR Evasion+3
3d
On-Site
$3,200
SoftwareAdvanced
Nullcon

Application Security Tool Stack: How to Discover Vulnerabilities in Software

Markus Vervier & JJ

A 3-day advanced application security research course teaching static and dynamic analysis techniques for discovering vulnerabilities in large software projects. Day 1 covers fuzzing with AFL++ and libfuzzer; Day 2 covers static analysis (Clang, CPPCHECK, COCCINELLE); Day 3 covers CodeQL, semantic grep, and combining techniques.

Application SecurityFuzzingStatic Analysis+3
3d
On-Site
$3,000
SoftwareIntermediate
Nullcon

Cloud Red Team Tactics for Attacking and Defending Azure

Vishal Raj

A 3-day hands-on Azure red teaming and pentesting course covering the full attack lifecycle against Azure and Entra ID environments including hybrid identity scenarios. Participants execute attacks in live multi-tenant labs across recon, initial access, enumeration, privilege escalation, lateral movement, persistence, and data mining.

Cloud SecurityAzureEntra ID+2
3d
On-Site
$2,500
IndustryIntermediate
Nullcon

Cyber Threat Intelligence Bootcamp: Hands-on Labs & Real-World Scenarios

Rahul Binjve & Darshit Ashara

A 3-day hands-on CTI course progressing from intelligence lifecycle fundamentals through OSINT collection, Python-based automation, malware and darknet analysis, to operationalizing CTI in SOC/SIEM workflows. Covers CTI frameworks (MITRE ATT&CK, Kill Chain, Diamond Model), automation (MISP, TAXII), and threat hunting (YARA/Sigma).

Threat IntelligenceCTIOSINT+3
3d
On-Site
$2,500
SoftwareAdvanced
Nullcon

EDR Evasion and Advanced Phishing Bootcamp

Abizer Naseem & Prathamesh Patil

A 3-day bootcamp combining advanced malware execution concepts with deep phishing and deception infrastructure tradecraft. Day 1 covers Windows internals, shellcode execution, MOTW, ClickOnce abuse, and a live BYOVD EDR bypass demo. Days 2-3 focus on Evilginx, domain reputation engineering, custom phishlet engineering, BITB attacks, and APT toolkit analysis.

EDR EvasionPhishingRed Team+3
3d
On-Site
$2,800
SoftwareIntermediate
Nullcon

Hacking Android Applications

Ali Jujara

A 3-day Android application penetration testing course going beyond OWASP Top 10 to cover hands-on reverse engineering, Frida-based dynamic analysis, and bypass of real-world security controls. Day 1 covers Android internals and setup; Day 2 covers reverse engineering with JadX/Smali, root and SSL pinning bypasses; Day 3 covers OWASP MASTG/MASVS challenges.

AndroidMobile SecurityReverse Engineering+2
3d
On-Site
$2,500
HardwareIntermediate
Nullcon

Practical IoT Hacking

Ajay SK, Hemant Sonkar & Shubham Thorat

A comprehensive 3-day IoT security course covering hardware, firmware, and radio protocol attack surfaces using real devices (including DIVA-IoT, a custom vulnerable IoT sensor). Participants attack hardware debug ports (UART, JTAG), extract and analyze firmware (SPI/I2C flash), perform ARM assembly analysis, and execute BLE radio protocol attacks.

IoTHardware SecurityFirmware+4
3d
On-Site
$2,800
SoftwareIntermediate
Nullcon

Slaying the RE Dragon: Mastering Reverse Engineering

Sudhakar Verma

A 3-day workshop on reverse engineering fundamentals through advanced malware analysis and vulnerability research techniques. Day 1 covers binary formats, x86-64 assembly, OS internals, and RE tooling; Day 2 covers connecting assembly to C/C++, static analysis, and debugging; Day 3 covers scripting, bypassing malware evasion, and full RE workflows.

Reverse EngineeringMalware Analysisx86-64+2
3d
On-Site
$2,500
IndustryAdvanced
Nullcon

CISO Masterclass: Building and Leading a Security Program

Staff Instructor

An executive-level training for current and aspiring CISOs covering the strategic, operational, and leadership aspects of running an enterprise security program. Topics include board communication, budget justification, team building, vendor management, and measuring program effectiveness.

CISOLeadershipStrategy+2
2d
Remote
$2,000
IndustryFoundational
Nullcon

Cybersecurity Awareness Training for Enterprises

Staff Instructor

An engaging, interactive security awareness training designed for non-technical employees. Covers the most common attack vectors targeting organizations today including phishing, social engineering, credential attacks, and insider threats. Customizable to your industry and compliance requirements.

Security AwarenessPhishingSocial Engineering+1
1d
Hybrid
$500
IndustryIntermediate
Nullcon

GRC Framework Implementation: From NIST to ISO 27001

Staff Instructor

A practical training on implementing governance, risk, and compliance frameworks. Students learn to assess organizational maturity, select and map frameworks, build policies and controls, and prepare for certification audits. Includes case studies from healthcare, fintech, and SaaS environments.

GRCNIST CSFISO 27001+2
2d
Remote
$1,200
Hardwear.io
Hardwear.io USA 2026
Hardware · Embedded · ICS · SDR
8 trainings
HardwareFoundational
Hardwear.io

Practical Hardware Hacking Basics + Bonus Day!

Joe Grand

The industry's premier hardware hacking training — 2-day core + exclusive bonus day. Students learn hands-on techniques for product teardown, component identification, circuit board reverse engineering, soldering, signal monitoring with logic analyzers, and memory extraction. The bonus third day covers advanced hardware hacking and espionage techniques not available elsewhere.

Hardware HackingPCB AnalysisSoldering+2
3d
On-Site
$3,500
HardwareAdvanced
Hardwear.io

Hands-On TrustZone TEE Security

Marcel Busch

An advanced, offensive-focused exploration of ARM TrustZone Trusted Execution Environment vulnerabilities. Students analyze, fuzz, and exploit TEE implementations used in smartphones, IoT devices, and automotive systems through an integrated CTF experience on a 64-bit ARM emulated platform.

ARM TrustZoneTEETrusted Computing+2
3d
On-Site
$3,800
HardwareIntermediate
Hardwear.io

Medical Device Hacking and Defending Training

Marcus Richerson

A hands-on, CTF-style training to identify, exploit, and remediate critical vulnerabilities across the full medical device attack surface — hardware, firmware, software, wireless, and cloud. Grounded in FDA Cybersecurity Premarket Guidance, the course covers PCB depotting and JTAG extraction to BLE and custom radio protocol attacks.

Medical DevicesIoT SecurityWireless Hacking+3
3d
On-Site
$3,200
HardwareIntermediate
Hardwear.io

Assessing and Exploiting PLCs

Todd Keller

A non-traditional ICS/SCADA security course built around a formal PLC penetration testing methodology. This training teaches deep-level exploitation of PLCs including controller logic, fieldbus protocols, network communications, and proprietary vendor interfaces — every attendee takes home a real PLC with non-expiring software.

ICS/SCADAPLCOT Security+2
3d
On-Site
$3,500
HardwareIntermediate
Hardwear.io

Connected Car Hacking

Philippe AZALBERT

A 3-day course teaching hands-on penetration testing of connected vehicle ECUs with a focus on In-Vehicle Infotainment (IVI) units and Telematics Control Units (TCUs). Participants build their own automotive test bench, extract ECU filesystems, exploit hardware protections, and intercept/mimic backend server communications over LTE.

Automotive SecurityConnected CarCAN Bus+3
3d
On-Site
$3,500
HardwareIntermediate
Hardwear.io

Embedded & Shredded: Advanced Embedded System Hacking

Nathan Smith & Matthew Domanic

A comprehensive advanced course covering the full embedded system attack chain: visual PCB inspection and reverse engineering, firmware extraction via hardware debugging protocols, and in-depth firmware analysis with Ghidra and specialized plugins. Each attendee receives a custom SolaSec development board as the training target.

Embedded SystemsFirmware REGhidra+3
3d
On-Site
$3,500
HardwareAdvanced
Hardwear.io

IC Reverse Engineering: ROM is Your Primary Target

Olivier Thomas

A specialized advanced training on optical and analytical extraction of ROM content from integrated circuits at the transistor level — directly applicable to extracting cryptographic material, boot code, and hidden device modes. Participants work with SEM images, Python scripts, Fiji/ImageJ, and VHDL to reconstruct scrambled ROM binaries.

IC Reverse EngineeringROM ExtractionSilicon Analysis+2
3d
On-Site
$4,000
HardwareAdvanced
Hardwear.io

LoRaPWN: From Custom/Industrial to Drone Hacking

Sébastien Dudek

Using Software-Defined Radio, this advanced training covers the full attack lifecycle against LoRa PHY-based communications across industrial systems, IoT, Meshtastic mesh networks, LoRaWAN infrastructure, and FPV drone control links (ELRS). Each attendee receives a complete RF kit (HydraSDR RFOne + antennas).

SDRLoRaLoRaWAN+4
3d
On-Site
$4,000

Ready to train your team?

Whether you need a single workshop or a full program — we match you with the right expert and handle everything from contracts to delivery.