Knowledge Hub

Practitioner-grade cybersecurity content

Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.

Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.

Latest articles

Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.

Module 17 · Cloud Logs Have Detection Gaps

CloudTrail records management plane by default. Data plane (S3 reads) requires explicit data events. Most teams skip it for cost. Result: attacker…

Apr 27, 2026 · 1 min read

Academy

Module 16 · IAM Policies Are Contracts

An IAM policy is a contract. Effect: Allow on Action: * is a blank-cheque clause. Resource: * with NotAction negation is a…

Apr 27, 2026 · 1 min read

Academy

Module 15 · Account Boundaries Are Negotiable

“Account boundaries protect us.” They do — until you create cross-account roles. Or federate identity. Or assume a role for a SaaS…

Apr 27, 2026 · 1 min read

Academy

Module 14 · Console vs API Visibility Gap

AWS console shows curated views. Some resources only visible via API. Some metadata not in console. Attackers operate via API. They see…

Apr 27, 2026 · 1 min read

Academy

Module 13 · Region Isolation Is a Trust Decision

AWS regions are physically separate data centres. But your IAM is global. A user with ec2:* permission has it in every region.…

Apr 27, 2026 · 1 min read

Academy

Module 12 · Every Cloud Service Has an IAM Trap

AWS has 300+ services. Each has actions. Combinations create privilege escalation. iam:PassRole + ec2:RunInstances + the right role = root access. “Innocent”…

Apr 27, 2026 · 1 min read

Academy

Module 11 · The Shared-Responsibility Asymmetry

AWS shared-responsibility model: AWS handles “security of the cloud.” You handle “security in the cloud.” Clear chart. What’s missing: the gap. You…

Apr 27, 2026 · 1 min read

Academy

Module 20 · Defenders’ Worst Assumption

Defenders frequently believe their AD is too complex, too custom, too unique for attackers to navigate. Attackers run BloodHound in 90 minutes.…

Apr 27, 2026 · 1 min read

Academy

Module 19 · Why Passwords Persist 5+ Years

Service-account password rotation breaks services. Documentation incomplete. Owner unknown. Last person who knew has left. Result: passwords from 2018 still active. This…

Apr 27, 2026 · 1 min read

Academy

Module 18 · The Backup-Account Anti-Pattern

Every AD has a “break glass” account: backup_admin, recovery_account, etc. Reasoning: “what if everything else fails?” Reality: account exists with full rights,…

Apr 27, 2026 · 1 min read

← Newer 1 … 33 34 35 36 37 … 91 Older →