A free, interactive course that follows one engagement from start to finish. Short lessons. Hands-on challenges.
4 modules · 19 lessons · ~3 hours · No account required
The Problem
Every interview asks the same thing: "Walk me through an assessment you ran." Most courses and platforms do not prepare you for that question.
Every Other Platform
The Engagement Playbook
How It Works
Every lesson follows the same pattern: read a short brief on the left, then work through an interactive challenge on the right. The teaching happens through the challenge, not before it.
No passive reading. Every lesson opens with a scenario: a broken scope, messy evidence, or a bad executive summary. You do something with it.
Every artifact belongs to one fictional engagement: TadiSec testing Navigating Security Corp. You follow the same client from scoping to readout.
Every answer, right or wrong, gets feedback explaining the consultant's reasoning. You don't just learn what's correct. You learn why.
The Course
Follow TadiSec's engagement with Navigating Security Corp from the first scoping document to the final readout.
01
3 lessons
Start by watching a real readout: no context, no buildup. Then understand why the engagement lifecycle matters and how it maps to the career you want.
Observation Quiz · Interview Scenario · Lifecycle Sequencing
02
4 lessons
Read the scope of work, review rules of engagement, prepare for the kickoff call, and cross-reference the target list. Find the problems before testing begins.
Spot the Scope Issues · RoE Scenario Decision · Kickoff Question Priority
03
4 lessons
Learn to think methodically, prioritize enumeration, document as you go, and triage raw evidence. This isn't a hacking tutorial; it's how consultants approach the work.
Methodology Mapping · AD Enumeration Priority · Evidence Triage
04
8 lessons
The heaviest module and the reason this course exists. Evaluate report structure, critique an executive summary, rate finding severity, assess remediation, structure a presentation, and evaluate client Q&A.
Executive Summary Critique · Severity Rating · Client Q&A Evaluation
This is Lesson 2.1: Reading the Scope of Work. TadiSec received this scope from Navigating Security Corp. Find the 3 problems.
Review each section of the scope document below. Click on any section that contains an issue; something missing, ambiguous, or risky. There are 3 issues to find.
That's one of 19 lessons.
"Anyone can learn to exploit a vulnerability. Almost no one practices all that comes before and after. That's the gap."
Course Artifacts
Every artifact belongs to the TadiSec × Navigating Security Corp engagement. They're portfolio-grade documents you can reference and adapt.
A complete report: executive summary, findings, evidence, severity ratings, remediation. The gold standard for Module 4.
Download DOCX ↓
The Navigating Security Corp scope, with deliberate issues for you to find in the Lesson 2.1 challenge.
Download PDF ↓
Authorization, prohibited actions, data handling, communication protocols. The legal guardrails.
Download PDF ↓
Structured format for timestamps, commands, output, screenshots, and context notes.
Download DOCX ↓
The framework for documenting individual findings with consistent severity ratings.
Download DOCX ↓
15–20 real client questions with guidance on how to answer each one.
Download PDF ↓
What Comes Next
The Engagement Playbook teaches the cycle. The Navigating Security Labs environments let you live it: a persistent AD network, a report you write, and a live Readout where you present your findings.
Step 1: You're Here
Learn the complete engagement lifecycle through interactive challenges.
Free · No signup
Step 2: Next Step
Hack a real AD network. Write a real report. Submit for professional feedback.
View Environments →Step 3: The Flagship
Present your findings live. Face client-style Q&A. Get recorded. Walk into any interview with proof.
Coming Soon!
Honest Answers
No. The entire course is open. No login, no email gate, no paywall. Just start.
If you've done a few HTB or TryHackMe machines, you're ready. You don't need to be a hacker; this course teaches the professional skills around the hacking, not the hacking itself.
About 3 hours if you work through everything in one sitting. Most people spread it across a few days. Each lesson takes 5–10 minutes.
No. Every lesson has an interactive challenge: you flag issues in a scope document, triage evidence, rate finding severity, evaluate client Q&A answers. The artifacts are there to download, but the learning happens in the challenges.
This course teaches the engagement lifecycle. The paid environments let you execute it: a real AD network to hack and a real report to write. The free course teaches you skills needed for an end to end pentest; the paid course allows you to pentest whilst you're at it.
Yes, a simple completion certificate you can share. But the real value is the skill, not the credential. This is only available on the paid version that includes the lab found at courses.navigatingsecurity.net
4 modules. 19 interactive challenges. One engagement from start to finish. Completely free.
No signup · No paywall · ~3 hours · Start anywhere