Knowledge Hub

Practitioner-grade cybersecurity content

Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.

Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.

Latest articles

Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.

Blue Team

Mythic C2: Multi-Agent Framework for Sophisticated Engagements

Mythic separates C2 server from agents (Apollo, Athena, Poseidon, Atlas, Tetanus). Why this matters for evasion, the detection challenge multi-agent creates, and…

Apr 25, 2026 · 2 min read
Blue Team

Havoc C2: The Second-Generation Open-Source Framework

Havoc's Demon implant — sleep masking, indirect syscalls, AMSI/ETW bypass by default. Why signature detection lags, what behavioural detection works, the 2024-25…

Apr 25, 2026 · 2 min read
Red Teaming

Sliver C2: The Modern Cobalt Strike Alternative

Sliver has largely replaced Cobalt Strike for Indian red-team operations since 2023. Operator workflow, capability set, network and endpoint detection patterns, evasion…

Apr 25, 2026 · 3 min read
Red Teaming

Sock Puppet Accounts for OSINT Investigations: OPSEC and Ethics

Operational sock puppet accounts for OSINT — the OPSEC stack (browser profile, VPN, email, phone, fingerprint), believable persona building, attribution mistakes, legal/ethical…

Apr 25, 2026 · 4 min read
Red Teaming

Subdomain Enumeration Deep-Dive: Beyond subfinder

Senior subdomain enumeration — passive sources (CT logs, DNS aggregators), active brute-force with smart wordlists, JS-file analysis, cloud-asset patterns, subdomain takeover hunting.…

Apr 25, 2026 · 3 min read
Red Teaming

OSINT Methodology for Pentesters: The 2026 Toolchain

Practitioner OSINT methodology — subdomain enumeration with subfinder/amass, live discovery with httpx, vulnerability scanning with nuclei, people enumeration with theHarvester, GitHub secrets…

Apr 25, 2026 · 3 min read
Security Guides

Confluence CVE-2023-22515 / 22518: When Internal Wikis Become Ransomware Targets

Two Atlassian Confluence CVEs in late 2023 enabled mass-exploitation by ransomware operators. Bug walkthrough, IoCs, mitigation, and the migration question for Confluence…

Apr 25, 2026 · 3 min read
Red Teaming

Fortinet FortiGate CVEs: The Edge-Device Attack Surface Pattern

Fortinet's recent CVE history (2022-40684, XORtigate, 2024-21762, FortiManager 23113 / 47575) shows the structural risk of edge devices. IoCs, mitigation pattern, and…

Apr 25, 2026 · 2 min read
Red Teaming

Ivanti Connect Secure 2024 CVEs: Mass Exploitation and Lessons

CVE-2023-46805 + CVE-2024-21887 chained for unauthenticated RCE on Ivanti VPN. Mass-exploited within hours by nation-state and ransomware actors. IoCs, the 7-step IR…

Apr 25, 2026 · 3 min read
Security Guides

MOVEit Transfer (CVE-2023-34362): The Cl0p Mass Exploitation Story

Cl0p exploited MOVEit Transfer's SQLi as a zero-day, compromising 2,000+ organisations including Indian-market third parties. The vulnerability, why it spread so far,…

Apr 25, 2026 · 2 min read
1 62 63 64 65 66 91