Wireshark, tcpdump, MITM, and exfil detection
The network sees everything. Learn to read it: capture and dissect packets in Wireshark, filter at the CLI with tcpdump, run a man-in-the-middle with ARP spoofing, and analyze protocols to catch data exfiltration — each paired with the encrypt-everything defense and the detection that catches it.