Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
Module 17 · DNS Is Half of Every Attack
Almost no internet attack avoids DNS. C2 beacons resolve domains. Phishing links resolve domains. Exfiltration via DNS tunneling. Malware periodically refreshes domain…
AcademyModule 16 · Networks Fail Differently
Networks fail in five ways: complete outage, partial outage, latency increase, packet loss, partial reachability. Each masks security signals. “Latency spike for…
AcademyModule 15 · Connection Lifecycles and Where They Leak
Connections have states: SYN_SENT, ESTABLISHED, FIN_WAIT, TIME_WAIT, CLOSE_WAIT. Each has duration; each leaks information. SYN scans use the half-open state. CLOSE_WAIT exhaustion…
AcademyModule 14 · Cleartext Is Forever
An adversary records your encrypted traffic today. Stores it. Years later, quantum computer breaks the key exchange. Decrypts. This isn’t hypothetical. Nation-state…
AcademyModule 13 · NAT Doesn’t Mean Safe
NAT was an addressing patch. It happens to drop unsolicited inbound packets. Many treat it as a firewall. It isn’t. NAT doesn’t…
AcademyModule 12 · Layer 3 vs Layer 7 Mindsets
Network team thinks in subnets, ACLs, firewalls — Layer 3. App team thinks in HTTP semantics, auth, business logic — Layer 7.…
AcademyModule 11 · Every Protocol Has Trust Assumptions
Every protocol — DHCP, ARP, DNS, BGP, NTP, IP, TCP — was designed for an environment with assumed cooperation. Attackers violate those…
AcademyModule 20 · Reading Other People’s Code With Suspicion
Most code review looks for “does it work?” Security code review asks “does it work for inputs the author didn’t imagine?” The…
AcademyModule 19 · The 5 Trust Boundaries in Every Web App
Trust boundaries are where one component trusts data from another. Each crossing is a place to validate. Most apps have at least…
AcademyModule 18 · CDN as Attack Surface
CDN was once a passive cache. Now: edge functions, header rewriting, cache key manipulation, custom routing. Each is a new attack surface.…