Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
theHarvester and Recon-ng: OSINT Toolchain in 2026
theHarvester for breadth-of-source aggregation; Recon-ng for workflow continuity across investigation. Where they fit alongside modern tools (subfinder, amass, SpiderFoot, Maltego) in 2026…
Security GuidesSharePoint CVE-2024-38094: Why On-Prem SharePoint Stays a Target
SharePoint Server's recent CVE roster — 2019-0604, 2023-29357 chain, 2024-38094 — shows the on-prem attack surface persists. Detection, mitigation, and the migration…
Blue TeamModern Phishing Kits: Tycoon, Greatness, EvilProxy, Mamba 2FA
Phishing-as-a-Service kits dominate 2024-26 attacks against Indian fintech and BFSI. Tycoon, Greatness, EvilProxy / Caffeine, Mamba 2FA, Robin Banks. IoCs to monitor,…
Security GuidesMaltego for OSINT: Graph-Based Investigation
Maltego turns scattered OSINT into structured intelligence. Entity types, transform ecosystem, practical workflow for phishing-campaign investigation, threat-actor profiling, supply-chain mapping. Pro vs…
Security GuidesGraphQL Authorisation Bypass: The Deep-Dive
GraphQL's most consequential bug class isn't injection — it's authorisation bypass. Field-level over-exposure, resolver-level IDOR, mutation field injection, connection traversal, batched-query tenant…
Security GuidesEmail Security in 2026: SPF, DKIM, DMARC, MTA-STS, BIMI
The modern email-authentication stack — SPF for IP authorisation, DKIM for cryptographic signing, DMARC for enforcement and reporting, MTA-STS for TLS enforcement,…
Security GuidesIndian Phishing in 2026: SMS, Vishing, and UPI Scams
The Indian phishing landscape has distinct shapes — SMS-led, mobile-first, UPI-integrated. Bank impersonation, KYC scams, UPI fraud patterns, vishing with AI voice…
Red TeamingBrowser-in-the-Browser (BitB) Phishing: Why Users Still Fall for It
BitB renders fake browser popup windows inside the actual browser tab. Users see legitimate URLs in the fake popup and trust them.…
Red TeamingEvilginx2 + AiTM Phishing: How Modern Attacks Defeat MFA
Adversary-in-the-Middle phishing captures both credentials and session cookies during auth flow — defeating traditional MFA. How AiTM works, detection limits, and why…
Blue TeamDetecting C2 Traffic from Network Telemetry: The Layered Approach
C2 detection from network telemetry — beaconing analysis with RITA, JA3/JA4 fingerprinting, DNS analytics for tunneling and DGA, HTTP/HTTPS anomalies, threat-intel destination…