CyberCode Academy

By CyberCode Academy

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity.
🎧 Each course is divided into a series of short, focused episodes that take you from beginner to ad... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about CyberCode Academy:

How many episodes does CyberCode Academy have?

The podcast currently has 250 episodes available.

CyberCode Academy episodes:

May 27, 2026Course 35 - Footprinting and Reconnaissance | Episode 6: Information Gathering with theHarvester in Kali Linux
In this lesson, you’ll learn about: information gathering using theHarvester1. What is theHarvester?
A reconnaissance tool used for Open Source Intelligence (OSINT)
Built into Kali Linux
Designed to collect publicly available data about a target
🔹 Core Function
Gathers:
Email addresses
Subdomains
IP addresses
Hostnames
👉 Purpose:
Build a digital footprint of the target before active testing
2. Tool Overview
theHarvester
🔹 Data Sources
Search engines:
Google
Bing
External services:
Shodan
👉 Value:
Combines multiple sources into one unified result set
3. Basic Command Usage🔹 Essential Flags
-d → Target domain
-l → Limit number of results
-b → Data source (e.g., google, bing, shodan)
-f → Save output to file
🔹 Example CommandtheHarvester -d microsoft.com -l 100 -b google -f results 👉 What this does:
Searches Google
Collects up to 100 results
Saves output locally
4. Advanced Querying🔹 Additional Flags
-s → Start position of search results
👉 Use Case:
Continue collecting data beyond initial results
Avoid duplicate data
🔹 Shodan IntegrationtheHarvester -d microsoft.com -b shodan 👉 Benefit:
Finds:
Exposed devices
Services
Technical infrastructure
5. Analyzing Results🔹 Key Findings
Subdomains:
news.microsoft.com
support.microsoft.com
IP Addresses:
Associated with infrastructure
🔹 Why It Matters
Reveals:
Attack surface
Entry points
Hidden assets
6. Cybersecurity Use Case🔹 Reconnaissance Phase
First step in:
Penetration testing
Bug bounty hunting
🔹 What You Gain
Target structure understanding
Identification of:
Weak subdomains
Exposed services
👉 Impact:
Better planning for:
Scanning
Exploitation
Key Takeaways
theHarvester is a powerful OSINT tool
Uses multiple public sources for data collection
Command-line flags control precision and scope
Results reveal critical reconnaissance insights
Forms the foundation of ethical hacking workflows
Big PicturetheHarvester helps you:👉 Move from no knowledge → mapped digital footprintMental Model
theHarvester → “Collect target data”
Analysis → “Understand the attack surface”

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
21min
May 26, 2026Course 35 - Footprinting and Reconnaissance | Episode 5: Website Mirroring and Footprinting with HTTrack
In this lesson, you’ll learn about: website mirroring using HTTrack for footprinting1. What is Website Mirroring?
The process of creating a local copy of a website
Used for:
Footprinting
Reconnaissance
Offline analysis
👉 Goal:
Analyze the target without interacting with the live system repeatedly
2. Tool Overview
HTTrack
🔹 What HTTrack Does
Downloads:
HTML pages
Images
Scripts (JavaScript, CSS)
👉 Result:
A fully browsable offline version of the website
3. Lab Environment Setup🔹 Environment Used
Virtual lab (Cyber Lab)
Windows 7 Virtual Machine
👉 Why this setup:
Safe environment
Pre-configured tools
No risk to real systems
4. Installation & Initial Configuration🔹 Steps
Run:
httrack-3.48.19.exe
🔹 Project Setup
Project Name:
Example: PAB
Category:
Example: intranet
Target:
Website URL
👉 This defines:
What you are copying
How the project is organized
5. Advanced Configuration🔹 Proxy Settings
Configure proxy:
Port 8080
👉 Why:
Required in lab environments
Ensures proper network routing
🔹 Mirroring Depth (Critical Setting)
Max Depth
Limits how deep HTTrack follows links
External Depth
Controls external site crawling
👉 Importance:
Prevents:
Huge downloads
Long execution times
6. Analyzing the Mirrored Website🔹 Comparison
Local copy vs original:
Mostly identical
Some UI elements may be missing
👉 Reason:
Depth limitations
Dynamic content not fully captured
7. Cybersecurity Use Case🔹 Source Code Analysis
Inspect:
HTML
JavaScript
CSS
🔹 What to Look For
Hardcoded IP addresses
Hidden endpoints
API calls
Misconfigurations
👉 Value:
Helps identify:
Weak points
Entry paths
Technology stack
Key Takeaways
HTTrack enables offline website analysis
Mirroring helps reduce interaction with live targets
Proper configuration (depth, proxy) is essential
Source code analysis reveals hidden vulnerabilities
This is a key step in web application reconnaissance
Big PictureWebsite mirroring helps you:👉 Move from surface browsing → deep analysis
Not just seeing the site
But understanding how it works internally
Mental Model
HTTrack → “Copy the website”
Analysis → “Understand the website”

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
18min
May 25, 2026Course 35 - Footprinting and Reconnaissance | Episode 4: Email and Domain Information Mapping
In this lesson, you’ll learn about: Maltego for visual footprinting and OSINT analysis1. What is Maltego?
Maltego
A tool used for:
Information gathering (OSINT)
Footprinting
Visual link analysis
👉 Key idea:
Instead of raw data → Maltego gives you a visual map of relationships
2. Lab Setup (Kali Linux Environment)🔹 Platform
Kali Linux
🔹 Setup Steps
Install Maltego Community Edition
Register an account
Launch and create a new graph
👉 The graph is your workspace where:
Entities (emails, domains, IPs) are connected visually
3. Email Reconnaissance in Maltego🔹 Process
Add an email entity to the graph
Run transforms (automated queries)
🔹 Example Data Source
Have I Been Pwned
🔹 What You Discover
Data breaches linked to the email
Associated accounts or services
Connections to other entities
👉 Value:
Helps identify:
Compromised credentials
Attack vectors
4. Domain-Level Investigation🔹 Example Target
Microsoft (microsoft.com)
🔹 What Maltego Can Find
Associated email addresses
Subdomains
Infrastructure components
👉 This builds:
A complete map of the organization’s digital presence
5. Visualization Power🔹 What Makes Maltego Unique
Displays relationships between:
Emails
Domains
IP addresses
Organizations
🔹 Unexpected Insights
Can reveal:
Physical locations
Cities
Additional contextual data
👉 Result:
A clear attack surface map instead of scattered data
6. Why Maltego is Important
Automates OSINT collection
Correlates data from multiple sources
Makes complex relationships easy to understand
Key Takeaways
Maltego is a visual OSINT and footprinting tool
Uses transforms to gather and connect data
Email analysis can reveal breach exposure
Domain analysis maps full infrastructure
Visualization helps identify hidden relationships
Big PictureMaltego helps you:👉 Move from data collection → intelligence visualization
Not just gathering info
But understanding how everything is connected
Mental Model
Raw tools → give data
Maltego → gives insight + connections

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
13min
May 24, 2026Course 35 - Footprinting and Reconnaissance | Episode 3: Exploring Shodan and the Google Hacking Database
In this lesson, you’ll learn about: Shodan and Google Dorking (GHDB) in footprinting1. Shodan (Internet-Wide Device Discovery)🔹 What is Shodan?
Shodan
A search engine designed to find:
Internet-connected devices
Exposed services
🔹 What You Can Discover
IP addresses
Open ports
Operating systems
Device types (e.g., routers, cameras, servers)
🔹 Example Use Case
Searching for:
Cisco routers
Filtering by:
Geographic location
👉 Why it matters:
Helps identify:
Exposed infrastructure
Potential attack surface
2. Key Shodan Capabilities
Advanced filters:
Location-based searches
Service-specific queries
Real-world visibility into:
Global internet exposure
👉 Insight:
Many systems are:
Misconfigured
Publicly accessible
3. Google Dorking (GHDB)🔹 What is GHDB?
Google Hacking Database
A collection of:
Advanced Google search queries (dorks)
🔹 Purpose
Find:
Sensitive files
Misconfigured web pages
Hidden data
4. Common Google Dorking Techniques🔹 File Type Searches
Example:
.xlsx (Excel files)
👉 Can reveal:
Reports
Credentials (sometimes)
Internal data
🔹 Targeted Queries
Use operators like:
site:
filetype:
intitle:
5. Practical Considerations🔹 Handling Limitations
Google may:
Trigger CAPTCHA (human verification)
Requires:
Careful, slow searching
🔹 Navigating Results
Review multiple pages
Refine queries for accuracy
6. Legal & Ethical Use
Always:
Stay within authorized scope
Use tools for:
Security research
Defensive purposes
👉 Important:
These tools are powerful:
Misuse can lead to legal consequences
Key Takeaways
Shodan reveals internet-exposed devices and services
GHDB enables precision searching for sensitive data
Both tools are critical for OSINT and footprinting
Advanced search techniques improve accuracy
Ethical usage is mandatory
Big PictureThese tools help you:👉 Move from basic information → deep exposure analysis
Shodan → “What devices are exposed?”
GHDB → “What data is publicly accessible?”
Mental Model
Shodan → Infrastructure visibility
Google Dorking → Data discovery

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
18min
May 23, 2026Course 35 - Footprinting and Reconnaissance | Episode 2: Gathering Intelligence with NSlookup and WHOIS
In this lesson, you’ll learn about: network footprinting using NSlookup and WHOIS1. What is Network Footprinting?
The process of gathering technical information about a target domain
Focuses on:
DNS data
IP addresses
Domain ownership
👉 Goal:
Build a clear profile of the target’s infrastructure
2. Using NSlookup (DNS Intelligence)🔹 Tool Overview
NSlookup
A command-line tool used to query:
DNS (Domain Name System) records
🔹 What You Can Discover
Domain → IP address mapping
DNS servers
Network-related details
🔹 Interactive Mode
Allows advanced queries like:
MX Records (Mail Servers)
Identify email infrastructure
👉 Why it matters:
Reveals:
Email servers
Attack surface for phishing or targeting
3. Using WHOIS (Administrative Intelligence)🔹 Tool Overview
WHOIS
Often accessed via:
ICANN
🔹 What You Can Discover
Domain registrar
Registration & expiration dates
Name servers
Contact details:
Emails
Phone numbers
Addresses
4. Key Data ExtractedData TypeSourceValueIP AddressNSlookupNetwork targetingMX RecordsNSlookupEmail infrastructureRegistrar InfoWHOISDomain ownershipContact DetailsWHOISSocial engineeringName ServersBothInfrastructure mapping5. Strategic Importance
This data helps build:
A complete footprint of the target
🔹 Potential Use Cases (High-Level)
Identifying:
Entry points
Services to investigate
Supporting:
Security assessments
Risk analysis
6. Role in Footprinting Phase
Part of:
Early-stage reconnaissance
👉 It enables you to:
Move from:
Domain name → full infrastructure visibility
Key Takeaways
NSlookup is used for DNS-level intelligence
WHOIS provides administrative and ownership data
MX records reveal email systems
Public data can expose critical infrastructure details
Footprinting is the foundation of any security assessment
Big PictureThis stage is about:👉 Turning public data into actionable intelligence
Before any testing begins
You must understand:
Who owns the system
How it is structured
What services it exposes
Mental Model
NSlookup → “Where is the system?”
WHOIS → “Who owns the system?”

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
22min
May 22, 2026Course 35 - Footprinting and Reconnaissance | Episode 1: Methodology, OSINT Tools, and Lab Setup
In this lesson, you’ll learn about: footprinting, OSINT, and setting up a penetration testing lab1. Penetration Testing Methodology🔹 The First Rule: Legal Scope
Before any testing:
Define scope clearly
Get explicit permission
👉 Why it matters:
Protects you legally
Defines what systems you can test
Prevents unauthorized access issues
2. Footprinting & Reconnaissance🔹 Definition
The process of gathering information about a target before attacking
🔹 Types of Footprinting🟢 Passive Footprinting
No direct interaction with the target
Uses publicly available data
🔴 Active Footprinting
Direct engagement with the target
Higher risk of detection
🌐 OSINT (Open Source Intelligence)
Collecting intelligence from:
Public databases
Websites
Social platforms
3. Essential OSINT & Footprinting Tools🔹 Basic Network Tools
nslookup
DNS records and IP resolution
whois
Domain registration and ownership details
🔹 Search & Intelligence Platforms
Shodan
Discover exposed devices and services
🔹 Visual Intelligence Tool
Maltego
Maps relationships between:
Domains
Emails
Infrastructure
🔹 Website Analysis
HTTrack
Clone websites for offline analysis
🔹 Advanced Recon Frameworks
Recon-ng
theHarvester
👉 Used for:
Automated data collection
Email harvesting
Domain intelligence
4. Building a Safe Lab Environment🔹 Why You Need a Lab
Avoid testing on real systems
Practice safely and legally
Simulate real-world attacks
🔹 Virtualization Platform
Oracle VM VirtualBox
👉 Important:
Install:
Base platform
Extension Pack
🔹 Operating System for Pentesting
Kali Linux
👉 Includes:
Pre-installed security tools
Ready-to-use environment
5. Troubleshooting Setup
Always:
Follow guides specific to your OS (Windows / Linux / Mac)
Check virtualization support (VT-x / AMD-V)
Key Takeaways
Always start with scope and permission
Footprinting is the foundation of pentesting
OSINT provides powerful public intelligence
Tools automate and enhance data gathering
A lab environment is essential for safe practice
Big PictureThis phase is where you:👉 Move from zero knowledge → complete visibility
Understand the target
Map the attack surface
Prepare for deeper testing
Mental Model
Methodology → “What am I allowed to do?”
Footprinting → “What can I learn?”
Lab → “Where can I practice safely?”

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
15min
May 21, 2026Course 34 - Cybersecurity Kill Chain | Episode 4: Command, Objectives, and Defense in Depth
In this lesson, you’ll learn about: Command & Control (C2), Actions on Objectives, and Defense in Depth1. Command & Control (C2) Phase🔹 Definition
The stage where an attacker establishes a communication channel with a compromised system
🔹 Purpose
Send commands to the infected machine
Receive exfiltrated data
Maintain persistent remote access
🔹 Evasion Techniques
Attackers disguise communication as normal traffic
👉 Example:
Using platforms like:
Twitter
Why this works:
Traffic appears legitimate
Blends into normal user behavior
Harder for detection systems to flag
2. Actions on Objectives (Final Goal)🔹 Definition
The phase where the attacker achieves their intended objective
🔹 Common Targets
Sensitive data such as:
Financial records
Credit card data
Credentials
Intellectual property
🔹 Attacker Behavior
Operate stealthily
Maintain long-term access
Avoid detection while extracting value
3. Defense in Depth🔹 Definition
A layered security strategy designed to protect systems at multiple levels
🔹 Framework
Cyber Defense Matrix
4. Six Core Defensive Actions🛡️ Detect
Identify malicious or suspicious activity
🚫 Deny
Prevent unauthorized access
⚡ Disrupt
Interrupt attacker operations
📉 Degrade
Reduce the effectiveness of the attack
🎭 Deceive
Mislead attackers (e.g., honeypots, fake assets)
🔒 Contain
Limit the spread and impact of an attack
5. Why Defense in Depth Matters
No single security control is sufficient
Attacks occur in multiple stages
👉 Effective defense must:
Cover every phase of the Cyber Kill Chain
Key Takeaways
C2 enables attackers to remotely control compromised systems
Attackers often hide communication within legitimate traffic
Actions on Objectives is where real damage or data theft occurs
Defense in Depth provides layered protection across all stages
Security should be proactive, not reactive
Big Picture👉 This is the final stage of the attack lifecycle:
C2 → Control the system
Actions → Achieve the objective
Defense → Detect, limit, and stop the attack

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
20min
May 20, 2026Course 34 - Cybersecurity Kill Chain | Episode 3: Delivery, Exploitation, and Installation
In this lesson, you’ll learn about: Delivery, Exploitation, and Installation in the Cyber Kill Chain1. Delivery Phase (Getting the Payload to the Target)🔹 Definition
The process of transferring the malicious payload to the victim
🔹 Common Delivery Methods📡 Technical Methods
Using exposed services:
FTP uploads
Web downloads
💾 Physical Methods
Infected USB drives left in:
Offices
Public places
🎭 Social Engineering (Most Effective)
Tool:
Social Engineering Toolkit (SET)
Used for:
Spear-phishing campaigns
Mass phishing emails
👉 Key idea:
Trick the user into executing the payload themselves
2. Exploitation Phase (Triggering the Attack)🔹 Definition
The moment the payload:
executes successfully
bypasses security controls
🔹 How Exploitation Happens
Exploiting:
Software vulnerabilities
Misconfigurations
🔹 Most Common Weakness👉 Human behavior
Clicking malicious links
Entering credentials on fake pages
3. Installation Phase (Maintaining Access)🔹 Definition
Establishing a persistent foothold on the system
🔹 Goal
Ensure attacker can:
Reconnect anytime
Maintain control
🔹 Common Concept
Installing:
Backdoors
Persistent malware
🔹 Tool Example
Metasploit
Used to:
Set up a listener
Wait for incoming connection from victim
👉 Once connected:
A session is opened
Attacker gains remote control
4. Exploitation vs Installation (Key Difference)PhasePurposeResultExploitationBreak into the systemInitial accessInstallationStay inside the systemPersistent access5. Full Flow Understanding
Delivery
Gets payload to victim
Exploitation
Executes payload successfully
Installation
Keeps long-term access
Key Takeaways
Delivery relies heavily on social engineering
Exploitation is about triggering execution
Installation ensures persistence
Humans are often the weakest link
Tools automate the process, but logic remains consistent
Big PictureThese phases represent:👉 From sending the attack → to owning the system
Delivery = Entry point
Exploitation = Break-in
Installation = Persistence
Mental ModelThink of it like:
Delivery → “Send the package”
Exploitation → “Open the door”
Installation → “Stay inside the house”

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
21min
May 19, 2026Course 34 - Cybersecurity Kill Chain | Episode 2: Active Reconnaissance and Weaponization Strategies
In this lesson, you’ll learn about: Active Reconnaissance and Weaponization in the Cyber Kill Chain1. Transition: From Recon to Action
After passive recon, attackers move to:
Active Reconnaissance → direct interaction
Then → Weaponization → building attack tools
👉 This is the shift from:
Collecting information → Preparing the attack
2. Active Reconnaissance (Deep Target Profiling)🔹 Definition
Directly interacting with the target system to gather:
Technical details
Human-related intelligence
🔹 Technical Techniques
Port Scanning & Fingerprinting
Tools:
Nmap
Zenmap
Discover:
Open ports
Running services
Operating system
Web Application Analysis
Tools:
Burp Suite
OWASP ZAP
Identify:
Hidden endpoints
Admin panels
Vulnerabilities
🔹 Non-Technical Techniques
Social engineering using:
LinkedIn
Facebook
Build:
Spear-phishing attacks
Highly targeted emails/messages
Based on real employee data
3. Weaponization Phase🔹 Definition
Building the attack payload based on gathered intel
👉 Important:
No interaction with the victim yet
Happens entirely on the attacker’s side
4. Why Reconnaissance Matters Here
Good recon → precise payload
Poor recon → failed attack
👉 Example:
If attacker knows:
OS version
Open ports
Installed software
➡️ They can craft:
A payload that fits perfectly
5. Payload Concepts (High-Level)
A payload is:
Code designed to run on the target system
🔹 Common Strategy
Use outbound connections:
Reverse TCP / HTTPS
👉 Why?
Firewalls usually:
Block incoming connections
Allow outgoing connections
6. Tools Used in Weaponization🔹 Payload Generation
Metasploit
Create executable payloads
🔹 Evasion Techniques
Unicorn
Generates:
PowerShell-based payloads
Less suspicious than executables
7. Key Differences Between the Two PhasesPhaseGoalInteractionActive ReconGather detailed target dataYesWeaponizationBuild attack payloadNoKey Takeaways
Active recon provides deep technical insight
Weaponization turns that insight into attack capability
Tools like Nmap and Burp reveal weaknesses
Payloads are tailored based on real target data
Outbound connections are commonly abused to bypass firewalls

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
21min
May 18, 2026Course 34 - Cybersecurity Kill Chain | Episode 1: Reconnaissance and Footprinting Fundamentals
In this lesson, you’ll learn about: reconnaissance in the Cyber Kill Chain1. What is Reconnaissance?
Reconnaissance is the first phase of the Cyber Kill Chain
It focuses on:
Gathering information about a target
👉 Why it matters:
It forms the foundation of the entire attack
Poor recon = weak attack
Strong recon = precise targeting
2. Passive Reconnaissance (Footprinting)🔹 Definition
Collecting information without directly interacting with the target
👉 Low risk of detection🔹 Common Techniques🌐 Network Information Gathering
Tools like:
whois → domain ownership & contacts
nslookup → DNS & IP mapping
🔍 Search Engines & Specialized Platforms
Shodan
Censys
Used to find:
Open ports
Running services
Technologies used
👥 Social Media Intelligence (OSINT)
LinkedIn
Employee roles
Tech stack hints
Facebook
Personal interests
Behavior patterns
👉 Useful for:
Phishing attacks
Social engineering
🗑️ Physical Recon (Dumpster Diving)
Searching discarded materials for:
Passwords
Internal documents
Configurations
3. Active Reconnaissance🔹 Definition
Direct interaction with the target system
👉 Higher risk of detection🔹 Common Techniques📡 Ping Sweeps
Identify:
Live hosts on a network
🔎 Port Scanning & Fingerprinting
Tool:
Nmap
Used to detect:
Open ports (e.g., SSH, FTP, VNC)
Operating system details
4. Passive vs Active ReconTypeInteractionRisk LevelExamplePassiveNoLowShodan, LinkedInActiveYesHighNmap scan5. Why Reconnaissance is Critical
Builds a complete target profile
Identifies:
Weak points
Entry points
Makes later stages:
Faster
More effective
Key Takeaways
Recon = information gathering phase
Passive recon is stealthy and preferred
Active recon is powerful but detectable
Tools like Shodan and Nmap reveal technical exposure
Social media provides human attack vectors
Big PictureReconnaissance is where attackers:👉 Move from guessing → knowing
Instead of blind attacks
They perform data-driven targetin

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
14min

FAQs about CyberCode Academy:

How many episodes does CyberCode Academy have?

The podcast currently has 250 episodes available.