Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
Module 20 · Initial Access — Modern Techniques in 2026
The initial-access categories Phishing: targeted email with malicious link or attachment. Valid accounts: stolen / purchased credentials; password spray. Exposed services: VPN,…
AcademyModule 19 · Living-off-the-Land Binaries (LOLBins) Mastery
Why LOLBins matter Binary is signed by Microsoft — passes signature checks. Binary is present on every Windows host — no payload…
AcademyModule 18 · EDR Evasion in 2026
The EDR detection stack User-mode hooks: EDR hooks key API calls (CreateRemoteThread, NtMapViewOfSection, etc.) to inspect arguments. Kernel-mode callbacks: PsSetCreateProcessNotifyRoutine, PsSetCreateThreadNotifyRoutine notify…
AcademyModule 17 · Beyond Cobalt Strike — Sliver, Mythic, Brute Ratel, Havoc
The C2 landscape Framework Licence Notes Cobalt Strike Commercial (Fortra) Industry standard; highly detected Sliver Open-source (Bishop Fox) Go-based; mTLS / DNS…
AcademyModule 16 · Adversary Emulation Plans — TTPs from Threat Intel to Engagement
Why emulate vs. just pentest Generic pentests find generic findings. Adversary emulation tests whether you can withstand the specific groups that target…
AcademyModule 20 · Purple Team — Operationalising Adversary Emulation
Red vs purple — what differs Red team Purple team Adversary emulation, blue blind Adversary emulation, blue collaborating Goal: demonstrate impact Goal:…
AcademyModule 19 · SOC Metrics That Actually Drive Improvement
The bad metrics Total alerts processed — measures volume, not value. Encourages keeping noisy rules. Alerts per analyst per shift — encourages…
AcademyModule 18 · Detection Engineering — Sigma, ATT&CK Coverage, Validation
What detection engineering is Design rules that fire on adversary behaviour, not noise. Test rules against historical data and red-team data. Tune…
AcademyModule 17 · Threat Hunting Operationalised — Hypotheses, Pivots, Dashboards
What threat hunting is Proactive search for adversary presence based on hypothesis, not alert. The defender assumes a sophisticated attacker may already…
AcademyModule 16 · SOAR — Security Orchestration, Automation, Response
What SOAR does Orchestration: connect security tools via API; trigger actions across them. Automation: execute repeatable workflows without human intervention. Case management:…