Knowledge Hub

Practitioner-grade cybersecurity content

Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.

Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.

Latest articles

Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.

Blue Team

Wireshark for Security Teams: Network Forensics That Works

Wireshark workflow for security analysis — display filters, TLS decryption setup, Kerberos analysis, follow-stream feature, IoC extraction with tshark, beaconing detection. From…

Apr 25, 2026 · 3 min read
Red Teaming

Nmap for Pentesters: Beyond -sV -sC

Senior Nmap workflow — phased scanning (discovery, full TCP, service detection, vuln scripts, UDP), NSE scripts that find bugs (vulners, smb-vuln, ssl-enum-ciphers),…

Apr 25, 2026 · 3 min read
Red Teaming

ProxyShell: The Exchange Vulnerability That Fueled Ransomware

ProxyShell (CVE-2021-34473/34523/31207) chain — pre-auth RCE on Exchange. Why it became ransomware fuel, IoCs (webshells in Exchange directories, anomalous PowerShell remoting), patching…

Apr 25, 2026 · 2 min read
Threat Intelligence

Python Pickle Deserialization: The 20-Year-Old Footgun

Pickle on untrusted input is RCE by design. Where it hides — cache layers, session storage, Celery task arguments, ML models, cookie…

Apr 25, 2026 · 3 min read
Tools & Tutorials

NoSQL Injection: MongoDB, Elasticsearch, DynamoDB

NoSQL injection class — MongoDB operator injection ($ne, $where), Elasticsearch DSL injection, DynamoDB attribute injection, CouchDB MapReduce. Test workflow with NoSQLMap and…

Apr 25, 2026 · 2 min read
Security Guides

CSRF in 2026: Why SameSite Doesn’t Solve Everything

SameSite=Lax is the default; CSRF should be solved. It is not. SameSite=None for legitimate cross-site, GET-based state changes, subdomain CSRF, CORS misconfigurations,…

Apr 25, 2026 · 2 min read
Security Guides

XXE: External Entity Injection in 2026 — Where It Still Hides

XXE in 2026 — document upload (DOCX, SVG, RSS), SOAP APIs, SAML, RSS processors. Blind XXE via out-of-band channels, XXE-to-SSRF chains, and…

Apr 25, 2026 · 4 min read
Threat Intelligence

Server-Side Template Injection (SSTI) in 2026: Detection and Exploitation

SSTI test methodology — canary payloads for Jinja2, Twig, Smarty, Freemarker, Velocity, ERB, Razor. Where SSTI hides (email templates, error messages, report…

Apr 25, 2026 · 3 min read
Threat Intelligence

Spring4Shell (CVE-2022-22965): Why It’s Still Hitting Java in 2026

Spring4Shell was disclosed in March 2022. Vulnerable Spring still found in Indian enterprise audits in 2026, particularly legacy Java apps and vendor…

Apr 25, 2026 · 3 min read
Security Guides

SAML Attacks: Golden SAML, XML Signature Wrapping, SLO Abuse

SAML attack surface in 2026 — XML Signature Wrapping (XSW1-8), Golden SAML (SolarWinds technique), signature exclusion, comment injection, audience replay, SLO abuse.…

Apr 25, 2026 · 4 min read
1 64 65 66 67 68 91