Full Curriculum

All 34 Modules

Every LawZeee module — CFAA, state law, EU frameworks, enforcement, emerging law, Flipper Zero, safe harbor, and the full hacker prosecution archive.

CFAA and the Federal Criminal Toolkit
01a · intermediate

CFAA and the Federal Criminal Toolkit

This post explains the main federal anti-hacking law in plain English. The key modern question is whether someone broke into a part of a com…

ReadQuiz
State Breach Notification and Private Damages
01b · intermediate

State Breach Notification and Private Damages

This post explains what companies owe people after a data breach. If a business waits too long to notify customers or regulators, it can fac…

ReadQuiz
EU Frameworks: GDPR, NIS2, and the Budapest Convention
01c · intermediate

EU Frameworks: GDPR, NIS2, and the Budapest Convention

EU cyber law is not one rule. GDPR is about personal data, NIS2 is about security duties and incident reporting, and the Budapest Convention…

ReadQuiz
Landmark Cases: Prosecutions and Civil Suits
01d · intermediate

Landmark Cases: Prosecutions and Civil Suits

This post is the case-law map for cybersecurity. It explains the court decisions that define what counts as hacking, when data-breach victim…

ReadQuiz
Enforcement Agencies and Mechanisms
01e · intermediate

Enforcement Agencies and Mechanisms

After a cyber incident, different government bodies do different jobs. The FBI investigates crimes, CISA helps with defense and coordination…

ReadQuiz
Victim Remedies and Procedural Hurdles
01f · advanced

Victim Remedies and Procedural Hurdles

Winning a cyber case is not just about proving harm. Victims still have to identify the right defendant, show the court has power over that …

ReadQuiz
Emerging Issues in Cybersecurity Law
01g · advanced

Emerging Issues in Cybersecurity Law

This post covers the parts of cyber law that are changing fastest: zero-day markets, ransomware sanctions, bug bounty safe harbors, cross-bo…

ReadQuiz
CIRCIA: Cyber Incident Reporting for Critical Infrastructure
01h · intermediate

CIRCIA: Cyber Incident Reporting for Critical Infrastructure

CIRCIA will require many critical infrastructure companies to report serious cyber incidents to CISA within 72 hours and ransomware payments…

ReadQuiz
HIPAA Security Rule Update: The 2025 Overhaul
01i · intermediate

HIPAA Security Rule Update: The 2025 Overhaul

This post explains the proposed HIPAA Security Rule overhaul in plain English. HHS is trying to make healthcare cybersecurity less flexible …

ReadQuiz
Bug Bounty Legal Protections: What Security Researchers and Companies Actually Have
01j · intermediate

Bug Bounty Legal Protections: What Security Researchers and Companies Actually Have

Bug bounty work is not automatically legal just because it improves security. The safest protection comes from written permission through a …

ReadQuiz
AI/ML Regulations: Cross-Jurisdiction Map
01k · intermediate

AI/ML Regulations: Cross-Jurisdiction Map

There is no single AI law that covers everything everywhere. Companies have to map where they operate, what kind of AI they use, and whether…

ReadQuiz
Cyber Incident Reporting: Multi-Framework Comparison
01l · intermediate

Cyber Incident Reporting: Multi-Framework Comparison

One cyberattack can start several different reporting clocks at the same time. This post explains who has to be told, how fast each notice i…

ReadQuiz
Hacker Lawsuits: The Cases That Define Your Scope
01m · beginner

Hacker Lawsuits: The Cases That Define Your Scope

This module is the technical translation of cybersecurity case law. It explains court decisions not through legal jargon, but through the le…

ReadQuiz
Foundational Criminal Prosecutions: Morris Worm to Marcus Hutchins
01n · beginner

Foundational Criminal Prosecutions: Morris Worm to Marcus Hutchins

Six prosecutions shaped every legal rule that applies to hackers and security researchers today. They established what "damage" means under …

ReadQuiz
Nation-State Indictments: Charging Foreign Hackers the U.S. Cannot Extradite
01o · intermediate

Nation-State Indictments: Charging Foreign Hackers the U.S. Cannot Extradite

The U.S. government regularly charges Russian military intelligence officers, Chinese MSS operatives, Iranian IRGC-linked hackers, and North…

ReadQuiz
Ransomware Group Prosecutions: DOJ Disruption Operations and Criminal Charges
01p · intermediate

Ransomware Group Prosecutions: DOJ Disruption Operations and Criminal Charges

The U.S. government no longer just charges ransomware actors — it runs multi-agency "disruption operations" combining indictments, server se…

ReadQuiz
Beyond CFAA: Economic Espionage Act, Espionage Act, State Statutes, and Trespass to Chattels
01q · intermediate

Beyond CFAA: Economic Espionage Act, Espionage Act, State Statutes, and Trespass to Chattels

The CFAA is not the only law that can land a hacker, researcher, or employee in federal prison. Four other legal frameworks operate alongsid…

ReadQuiz
Doctrinal Gaps: Restitution, Parallel Proceedings, Crypto Forfeiture, OFAC Liability, and Critical Infrastructure Sentencing
01r · advanced

Doctrinal Gaps: Restitution, Parallel Proceedings, Crypto Forfeiture, OFAC Liability, and Critical Infrastructure Sentencing

Five doctrinal areas that don't make headlines but determine what actually happens after a cybercrime prosecution or regulatory action:…

ReadQuiz
Emerging Cyber Law: AI/LLM Security Research, Supply Chain Liability, and Cyber Insurance
01s · advanced

Emerging Cyber Law: AI/LLM Security Research, Supply Chain Liability, and Cyber Insurance

Three legal fault lines are reshaping what AI security researchers, software vendors, and corporate IR teams can and cannot do without serio…

ReadQuiz
Flipper Zero Legal Liability: Exact Statute + Case Analysis for Security Researchers
01t · intermediate

Flipper Zero Legal Liability: Exact Statute + Case Analysis for Security Researchers

The Flipper Zero is a legitimate multi-protocol security research tool that can also be a federal crime instrument in under thirty seconds d…

ReadQuiz
Safe Harbor, VDPs, and Bug Bounty Legal Limits
01u · intermediate

Safe Harbor, VDPs, and Bug Bounty Legal Limits

Bug bounty programs and vulnerability disclosure policies tell you which systems to test, but they do not immunize you from criminal prosecu…

ReadQuiz
OSINT Legal Limits, Dark Web Operations, and Blockchain Intelligence
02a · intermediate

OSINT Legal Limits, Dark Web Operations, and Blockchain Intelligence

Open-source intelligence (OSINT) — gathering information from publicly visible sources — is broadly legal in the U.S., but a series of narro…

ReadQuiz
Physical Penetration Testing and Red Team Operations: Exact Statute + Case Analysis for Security Researchers
01w · intermediate

Physical Penetration Testing and Red Team Operations: Exact Statute + Case Analysis for Security Researchers

Physical penetration testing and red team operations are the most legally dangerous work in the security industry because the gap between "a…

ReadQuiz
Hackers Who Got Caught: 50 Years of Prosecutions, Verdicts, and Doctrine
01v · beginner

Hackers Who Got Caught: 50 Years of Prosecutions, Verdicts, and Doctrine

This module catalogs the most significant cybercriminal prosecutions from 1988 to 2025, with emphasis on the last decade. Each entry extract…

ReadQuiz
International Penetration Testing Law: UK CMA, Germany § 202c, EU NIS2, Canada, Australia, SIM Swap, and Extradition Exposure
01y · advanced

International Penetration Testing Law: UK CMA, Germany § 202c, EU NIS2, Canada, Australia, SIM Swap, and Extradition Exposure

Security professionals who test computer systems face not just U.S. law but the criminal codes of every country whose systems, data, or infr…

ReadQuiz
Social Engineering Legal Limits: Wire Fraud, Impersonation, ECPA, and the Authorization Gap
01x · intermediate

Social Engineering Legal Limits: Wire Fraud, Impersonation, ECPA, and the Authorization Gap

Social engineering — phishing, vishing, pretexting, impersonation — sits in a legal no-man's-land where a signed pen test scope letter often…

ReadQuiz
SCADA, IoT, Automotive, and Drone Hacking: Critical Infrastructure Law for Security Researchers
01z · advanced

SCADA, IoT, Automotive, and Drone Hacking: Critical Infrastructure Law for Security Researchers

Hacking a power grid controller or hospital infusion pump is a different legal universe than hacking a web application. The CFAA sentencing …

ReadQuiz
ECPA: Wiretap Act, Stored Communications, and Pen Registers
02c · intermediate

ECPA: Wiretap Act, Stored Communications, and Pen Registers

If you run Wireshark on a corporate network, spin up a honeypot, or capture Wi-Fi packets for research, you are operating inside the territo…

ReadQuiz
Zero-Day Market and Commercial Spyware Law
02b · advanced

Zero-Day Market and Commercial Spyware Law

Selling a software vulnerability to a broker is not explicitly illegal under U.S. law — there is no statute that says "you may not sell zero…

ReadQuiz
FTC Act Section 5 Cybersecurity Enforcement
02d · intermediate

FTC Act Section 5 Cybersecurity Enforcement

The Federal Trade Commission is the main federal cop for corporate cybersecurity failures in the United States. It does not prosecute hacker…

ReadQuiz
U.S. State Privacy Law: CCPA/CPRA and the State Patchwork
02f · intermediate

U.S. State Privacy Law: CCPA/CPRA and the State Patchwork

The U.S. has no single federal privacy law. Instead, roughly 20 states have enacted their own comprehensive privacy statutes, each with diff…

ReadQuiz
COPPA, FERPA, and Student Data Privacy Law for Security Researchers
02g · intermediate

COPPA, FERPA, and Student Data Privacy Law for Security Researchers

Two federal statutes govern the data of children and students: COPPA locks down personal information collected from kids under 13 online, an…

ReadQuiz
HIPAA Security Rule: A Complete Operational Guide for Security Researchers and Healthcare Pen Testers
02e · advanced

HIPAA Security Rule: A Complete Operational Guide for Security Researchers and Healthcare Pen Testers

HIPAA is not just a compliance checkbox — it is a federal regulatory regime with civil fines up to $1.9 million per violation category per y…

ReadQuiz
Cryptocurrency and Blockchain Legal Frameworks for Security Researchers
02h · advanced

Cryptocurrency and Blockchain Legal Frameworks for Security Researchers

Crypto is not a legal gray zone — it is a legal minefield with live tripwires. The U.S. government has spent a decade building enforcement i…

ReadQuiz