Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
CitrixBleed (CVE-2023-4966): Why Patching Wasn’t Enough
CitrixBleed leaked active session tokens that survived patching — post-patch session hijacking persisted for weeks. The bug, IoCs, the required session-termination playbook,…
Tools & Tutorialssqlmap Advanced Workflow: From Identification to System Access
sqlmap as one stage in a workflow — manual SQLi identification first, targeted exploitation with --level/--risk, tamper scripts for WAF bypass, --os-shell…
Blue TeamRecent Ransomware Groups Targeting Indian SaaS in 2026
Active ransomware groups hitting Indian organisations — RansomHub, Akira, Play / 8base / BlackSuit. Common kill chain (initial access via VPN/RDP, Cobalt…
Blue TeamYARA Rules: Writing Detection Logic That Works
YARA syntax, effective rule patterns (combining weak signals, file-format anchors, PE module), public rule sources (signature-base, SigmaHQ), deployment across endpoint EDR, email…
Blue TeamVolatility Memory Forensics: A Walkthrough for IR Teams
Volatility 3 workflow for incident response — memory capture (WinPmem, AVML), high-leverage plugins (pstree, netscan, malfind, hashdump, lsadump), real-world analysis pattern, anonymised…
Red TeamingHydra in 2026: Modern Brute-Force That Doesn’t Trip Lockouts
Modern brute-force — password spraying instead of per-user, slow-and-low timing, distributed source IPs, targeted Indian wordlists. Where it still works (internal services,…
Blue TeamSigma Rules: Vendor-Agnostic Detection in 2026
Sigma is the YAML detection-rule format that compiles to any SIEM. Rule structure, public repositories (SigmaHQ, signature-base), conversion workflow with pySigma, deployment…
Blue TeamBuilding a Threat-Led Programme with MITRE ATT&CK
MITRE ATT&CK beyond marketing — pick relevant techniques from threat intel, map detection coverage, validate with Atomic Red Team and Caldera, operationalise…
Red TeamingCVE-2024-1086 (nf_tables): Linux Kernel LPE Pattern
nf_tables use-after-free in Linux 5.14-6.6 — LPE plus container escape via user namespace. Public exploit, affected kernels, detection, and the broader kernel-CVE…
Red TeamingMetasploit in 2026: The Practitioner Workflow
Metasploit beyond search-and-exploit — workspace management, database integration, payload customisation with msfvenom, listener management, post-exploitation modules, integration with BloodHound and modern C2.…