Knowledge Hub

Practitioner-grade cybersecurity content

Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.

Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.

Latest articles

Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.

Module 17 · Cross-Forest, Cross-Tenant Trust

M&A: company A acquires company B. Trust between forests established for “convenience.” Compromise of one becomes compromise of both. Hybrid AD +…

Apr 27, 2026 · 1 min read

Academy

Module 16 · The Time Aspect of Kerberos

TGT typical lifetime: 10 hours. Forged Golden Ticket: any lifetime. Until krbtgt rotates, attacker maintains DA via tickets attacker forges. Service ticket…

Apr 27, 2026 · 1 min read

Academy

Module 15 · Why GPO Defaults Matter

GPOs have defaults. Defaults from when AD launched. “Not Defined” usually means “system default” — which may be insecure. Examples: NTLM still…

Apr 27, 2026 · 1 min read

Academy

Module 14 · Reading the Directory as a Graph

Microsoft Management Console shows AD as a tree. BloodHound shows it as a graph. The graph view changes everything. Nodes: users, groups,…

Apr 27, 2026 · 1 min read

Academy

Module 13 · Permission Drift

User joins team A. Gets group memberships. Moves to team B. Gets new memberships. Old memberships rarely removed. Repeats over years. Result:…

Apr 27, 2026 · 1 min read

Academy

Module 12 · Service Accounts Outlive Their Purpose

Service accounts get created. They stay forever. The original requester left in 2019. The service was decommissioned in 2021. The account remains,…

Apr 27, 2026 · 1 min read

Academy

Module 11 · The Implicit Trust of AD

Active Directory assumes a cooperative environment. Members trust each other. Domain controllers trust members. Trusts between domains assumed friendly. Every “feature” —…

Apr 27, 2026 · 1 min read

Academy

Module 20 · The Network Forensics Mindset

Network logs are evidentiary in regulator inquiries and lawsuits. They have weight when properly preserved. The discipline: timestamps in UTC, defined retention,…

Apr 27, 2026 · 1 min read

Academy

Module 19 · Reading Topology Like an Attacker

Defenders read topology as “what we built.” Attackers read it as “what paths exist.” Every line is a path. Every box is…

Apr 27, 2026 · 1 min read

Academy

Module 18 · Encrypted But Visible

“It’s TLS; we can’t see anything.” False. TLS reveals SNI (the host being visited). JA3 fingerprints the client. Packet sizes and timing…

Apr 27, 2026 · 1 min read

← Newer 1 … 34 35 36 37 38 … 91 Older →