foyl Learn / Concepts

How attacks work. How defenses work.

Visual, interactive explainers of the techniques and tools behind modern cybersecurity. Step through attack chains, click vocabulary terms, and see real detection examples from the Ficsit Inc. environment.

9 concepts Interactive demos Attack chains Vocab explorer Real examples
01
Step through the attack Each concept page walks you through an attack or defense technique one action at a time, with animated diagrams showing exactly what happens at each stage.
02
Click any vocab word Technical terms appear underlined in blue throughout each page. Click them for an instant definition without interrupting your reading.
03
See it in the SOC Every concept links directly to the foyl Learn tools and scenarios where that technique appears -- alerts, logs, and investigation timelines included.
Attack Techniques
Attack Technique Interactive
AiTM Phishing
How attackers proxy the login page in real time, stealing session cookies to bypass MFA without the victim ever knowing the login was intercepted.
T1566.002 T1539 T1550.004
Attack Technique Interactive
Credential Theft
LSASS dumps, SAM database access, Kerberoasting, Pass-the-Hash -- how attackers extract and reuse credentials without ever cracking passwords in real time.
T1003.001 T1558.003 T1550.002
Attack Technique Interactive
Lateral Movement
How attackers move from a compromised workstation to domain controllers, Exchange servers, and CI/CD pipelines -- mapped to the Ficsit Inc. network.
T1021.002 T1550.002 T1569.002
Attack Technique Timeline
Ransomware Lifecycle
From initial phishing email to full disk encryption -- a step-by-step timeline showing how ransomware operators work, and where defenders can intervene at each phase.
T1486 T1490 T1041
Attack Technique Interactive
Business Email Compromise
How attackers impersonate executives and vendors to redirect wire transfers. Real email thread walkthrough with red-flag analysis and header inspection.
T1534 T1566.001 T1585.002
Core Concepts
Core Concept Interactive
MFA and Bypass Techniques
How authenticator apps, push MFA, SMS, and passkeys each work -- and where each method is vulnerable to AiTM proxying, SIM swapping, and push fatigue.
T1621 T1111
Core Concept Visual
C2 Beacons
How command-and-control beacons work, why they blend into normal traffic, and how security teams detect the patterns of a host checking in with an attacker's server.
T1071 T1573 T1132
Core Concept Interactive
The Cyber Kill Chain
The seven phases of every attack from reconnaissance to actions on objectives -- mapped to the IRON CHIMNEY incident with detection opportunities at each phase.
Framework Lockheed Martin
Core Concept Interactive
Reading Security Logs
Windows Event IDs, Sysmon, NGFW flows, and Entra ID sign-in logs -- what they contain, what defenders look for, and how each event maps to a MITRE ATT&CK technique.
Windows EL Sysmon Entra ID