Cybersecurity, learned like a practitioner.

Mobile App Penetration Testing Intermediate Free

Android Permission Model

Android 6.0+ introduced runtime permissions. Android 11+ added more restrictions. Mobile pentesters check permission patterns; defenders limit ask. The categories Normal — auto-granted (network, vibrate) Dangerous — runtime permission required (location, camera, contacts) Signature — only granted to apps signed with same cert as system Special — Settings opt-in (overlay, accessibility, device admin) What pentesters […]

Apr 27, 2026 20 min Open

Mobile App Penetration Testing Intermediate Free

Mobile Pentest Reporting

OWASP MASVS (Mobile Application Security Verification Standard) is the reporting baseline. MASTG (Testing Guide) is the methodology. MASVS verification levels L1 (Standard) — basic security; suitable for most apps L2 (Defense in Depth) — for apps handling sensitive data R (Resiliency) — additional resistance to client-side attacks; for high-value targets The categories tested Architecture, design, […]

Apr 27, 2026 20 min Open

Red Team Operations Intermediate Free

Red Team — External Recon

Red team engagements start with weeks of recon before any technical action. Quality of recon determines success of later phases. Reconnaissance phases Organizational — leadership, departments, sites, M&A history Technical — domains, IP ranges, technology stack, SaaS used Personnel — names, roles, emails, social-media patterns Physical — office locations, vendor relationships Tools by phase Already […]

Apr 27, 2026 20 min Open

Red Team Operations Intermediate Free

Red Team Reporting

The report is the deliverable. A great engagement with poor reporting fails to drive change. Three audiences Executives — what could happen; what was the impact; what investment justified Security team — TTPs used, detection gaps, recommended controls Engineering / IT — specific configurations to change, code to fix Structure Executive summary (1-2 pages) Engagement […]

Apr 27, 2026 15 min Open

Red Team Operations Intermediate Free

Red-to-Purple Handoff

One-shot red team engagement: report → file in drawer. Purple-team handoff: report → workshop → detections built. The latter is what produces lasting improvement. The handoff workshop Red team walks through engagement chronologically For each step: blue team confirms what (if any) signal fired Where signal fired but ignored — investigate why Where no signal […]

Apr 27, 2026 15 min Open

Red Team Operations Intermediate Free

Red Team Engagement Management

Red team is high-risk consulting. A bad engagement can crash production, leak data, breach contracts. Discipline matters. Rules of Engagement (ROE) Authorized targets and out-of-scope assets Authorized techniques and prohibited (e.g., DoS, social engineering of HR) Engagement window Stop conditions Deconfliction contacts (real production incidents vs red team) Get-out-of-jail letter Communication Trusted Agent (TA) on […]

Apr 27, 2026 15 min Open

Cyber Threat Intelligence Intermediate Free

MITRE ATT&CK in Practice

MITRE ATT&CK is the de-facto common language. Operationalising it requires discipline. The structure Tactics (14) — adversary goals (Initial Access, Execution, Persistence, etc.) Techniques (~200) — how the goal is achieved Sub-techniques — specific variants Procedures — actor-specific implementation ATT&CK Navigator Free tool for visualising layers. Use cases: Coverage map — which techniques have detections […]

Apr 27, 2026 20 min Open

Cyber Threat Intelligence Intermediate Free

STIX & TAXII Standards

STIX = data format. TAXII = transport. Together: machine-readable threat intel sharing. STIX object types Indicator (the “what to look for”) Threat Actor Campaign Intrusion Set Malware Tool Attack Pattern (= ATT&CK technique) Vulnerability (= CVE) Identity (= Victim) Relationship Why structured matters Vendor PDF report → manual extraction. Vendor STIX feed → automatic ingestion […]

Apr 27, 2026 15 min Open

Cyber Threat Intelligence Intermediate Free

OSINT for Actor Profiling

For sectoral and regional threat awareness, OSINT is invaluable. Sources Public threat reports — Mandiant, CrowdStrike, Microsoft, Recorded Future VirusTotal Intelligence — sample relationships MalwareBazaar — malware samples URLhaus, ThreatFox — abuse.ch projects Twitter/X — security researchers post real-time Telegram — actor channels (be careful) Dark web monitoring — paid services (Recorded Future, Flashpoint, KELA) […]

Apr 27, 2026 15 min Open

Cyber Threat Intelligence Intermediate Free

IOC Hygiene

Buying IOC feeds is the easy part. Operationalising them without false positives is the hard part. IOC lifecycle Ingest from source Score (confidence, source reputation) Enrich (WHOIS, geolocation, ASN, related campaigns) Match against telemetry Decay — IOCs age out (IPs rotate, domains expire) Retire — remove from active matching after N days Quality signals Source […]

Apr 27, 2026 15 min Open