New · Personalized to you Open your portal
Rolling Thunder Security // Cybersecurity Knowledge Hub

Rolling Thunder Security

An introduction to the field built around doing the work, not just reading about it.

Welcome

Rolling Thunder Security
Hands-On Cybersecurity Knowledge Hub
  • CISSP
  • CCSP
  • CEH
  • Security+

Welcome to Rolling Thunder Security, a hands-on cybersecurity knowledge hub. It provides a base knowledge on a wide variety of topics in cybersecurity, similar in scope to what a Security+ certification would cover. It covers topics from Network Security, to Cryptography, to Social Engineering and Phishing.

This site is an expressive outlet to give you a place to visualize cybersecurity concepts, to practice performing attacks, or to be interactive with data being sent through the OSI layers being encapsulated and decapsulated. You will be right there in the action with this website.

Cybersecurity is a wide field. This hub covers a lot of ground — frameworks, cryptography, networks, social engineering, web attacks — and it is normal to feel that breadth as overwhelming. Take it at your own pace. Move through the modules in whatever order serves you, revisit the visualizations and games when something does not click, and trust that the picture comes together piece by piece.

This site makes no money, runs no ads, and collects no data. It is intended to be an educational tool that gives learners another form of material to study if the more traditional methods are not working.

— Rolling Thunder Security

Welcome

Approach
Learn by doing
Scope
Security+ aligned
Format
Hands-on labs
Domains
6 modules
SQLi labs
18 techniques
Practice
10 games & tools

Cybersecurity is rarely defeated by breaking the strong thing. AES-256 holds. SHA-256 holds. Modern TLS holds. Attackers know this, so they go around the strong thing. They steal the key from a sticky note, trick the help desk into a password reset, slip a malicious link past an inattentive reader, or find one forgotten input box on one forgotten page that lets them ask the database whatever they want.

This site teaches you to think the same way. You will read about the controls, then you will sit at a keyboard and do the work. You will evaluate real phishing emails, trace the protocols that delivered them, and find the exact mechanisms the attacker leaned on. You will write SQL injection payloads against vulnerable applications. You will encrypt and decrypt, hash and verify, capture and inspect. By the end you will know the fundamentals because you will have used them.

The six domains

6 Modules // Hands-On Throughout
01 / Framework

Security Frameworks

CIA Triad
AAA Model
Authentication
 02 / Math

Cryptography

Symmetric
Asymmetric
Hashing
 03 / Human

Social Engineering

Phishing Fundamentals
Email Anatomy & Forensics
SPF, DKIM, DMARC
Teams Phishing Simulation
 02 / Identity

Authentication & Identity

Passwords & Passkeys
SSO & Federation
OAuth, JWT, JWT Lab
 04 / Wire

Network Security

Traffic & Protocols
Perimeter Controls
Segmentation
 05 / Application

SQL Injection

18 Attack Techniques
Interactive Labs
Defense & Mitigation
 06 / Code

Software Vulnerabilities

Buffer Overflow
Memory Corruption
Mitigations & Defenses
 07 / Web

Web Application Security

Cross-Site Scripting
CSRF & SameSite
Command Injection
 08 / Code w/ Intent

Malware

Viruses, Worms, Trojans
Ransomware & Rootkits
Kill Chain & Defenses
 09 / Somebody Else's Computer

Cloud Security

Shared Responsibility
IAM & Zero Trust
AWS · Azure · GCP · OCI
 10 / When Prevention Fails

IR & Forensics

NIST 800-61 lifecycle
Evidence handling
Host & network forensics
 11 / Phones in Pockets

Mobile Security

iOS vs Android platform
OWASP Mobile Top 10
MDM, BYOD, SS7, SIM swap
 12 / The Unwired Edge

Wireless & IoT

WiFi, WPA evolution & attacks
Bluetooth Classic & BLE
IoT landscape + handshake-crack lab

Practice & Games

10 Activities // Study at your own pace
Capstone / Hard Mode

Cyber Escape Room

10 stages, one breach
90 minutes on the clock
Caesar to console — everything
 Game / Memory

Vocab Matching

22-term vocab pool
Three difficulty tiers
Term & definition pairs
 Game / Crossword

Cyber Crossword

Interactive grid
Check & reveal hints
Foundations terminology
 Game / Role-Play

Hoppy Hollow

Decision-tree RPG
Nine security scenarios
Defend the family recipe
 Game / Matching

Port Match

Flashcard matching
TCP & UDP ports
Learn by repetition
 Game / Quiz

Port Scanner Quiz

Simulated nmap output
Identify open services
TCP & UDP protocols
 Simulation / Phishing

Teams Phish Demo

Simulated Teams voicemail
Credential-capture portal
Interactive red flags
 Simulation / SMiShing

SMiShing Demo

Simulated iPhone SMS attack
Step-through conversation
Six red flags revealed
 Tool / Security

Password Strength

Entropy calculation
Pattern detection
NIST SP 800-63B aligned
 Tool / Terminal

Command Explainer

Type any Linux command
Flag & argument breakdown
Interactive reference

Tools

4 Resources // Utilities & references
Reference / Standards

NIST Standards

CSF 2.0 & SP 800 Series
14 reference entries
APA 7 citations included
 Reference / Model

OSI Model

Seven layers
Packet encapsulation
Interactive walkthrough
 Reference / Standards

NIST AI 100-1

AI Risk Management Framework
Four core functions
Trustworthy AI characteristics
 Lab / Build

Password Checker Lab

Build from scratch
Basic to advanced tiers
HTML, CSS & JavaScript

Course & class tools

Class-specific // Migrating to a separate site

These tools are tied to a specific class rather than general cybersecurity knowledge. They live here for now and will move to a dedicated course site later.

Tool / Estimator

Grade Calculator

Lecture & Lab weights
60% pass/fail check
Extra credit included