Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
OAuth 2.0 Attacks in 2026: Code Injection, PKCE Downgrade, JWT Issues
Modern OAuth attack surface — redirect URI manipulation, authorisation code injection, state parameter abuse, PKCE downgrade, JWT access token weaknesses, scope escalation.…
Cloud SecuritySSRF Beyond AWS: GCP, Azure, On-Prem and DNS Rebinding
SSRF attack surface beyond AWS metadata — GCP and Azure metadata endpoints, on-prem internal services (Redis, Elasticsearch, Kubernetes API), DNS rebinding bypass,…
Security GuidesIDOR: The Bug That Refuses to Die (And How to Find It)
IDOR is on half of Indian SaaS pentests. The taxonomy (sequential, UUID, path, body, header, mass assignment, indirect), the systematic test methodology…
Tools & TutorialsRace Conditions in 2026: Single-Packet Attacks with Turbo Intruder
James Kettle's 2023 single-packet attack made race conditions reliably exploitable. Coupon multi-redemption, OTP brute-force despite lockouts, voucher stacking — anonymised real findings.…
Tools & TutorialsGraphQL Security in 2026: Beyond Introspection
GraphQL pentest beyond enabling introspection — schema enumeration without introspection, nested query DoS, alias-based brute-forcing, batched query authorisation bypass, IDOR via GraphQL,…
Red TeamingWireless Pentest in 2026: WPA3, PMKID Attacks, Evil Twin
Wireless attacks that work in 2026 — WPA3 transition mode, Dragonblood, PMKID extraction, evil-twin captive portals, EAP-TLS misconfiguration, EAP-PEAP/MSCHAPv2 cracking. Toolchain and…
Cloud SecurityDocker Container Escape Techniques in 2026
Container escapes in 2026 — privileged containers, mounted Docker sockets, capability abuse, hostPID + ptrace, runC CVE-2019-5736, kernel CVEs. Detection with Falco…
Cloud SecurityKubernetes Pentest: Top 10 Misconfigurations We Find in Indian Production
The 10 Kubernetes misconfigurations we routinely find — default ServiceAccount tokens, privileged containers, hostPath, broad RBAC, insecure API server, unencrypted etcd, no…
Mobile PentestiOS Pentest with MASVS in 2026: The Practitioner Workflow
OWASP MASVS-aligned iOS pentest in 2026 — Frida, Objection, Hopper, Ghidra. Lab setup with jailbroken device, the 8 MASVS-L2 controls Indian apps…
Mobile PentestDrozer: Android Application Security Testing for IPC Vulnerabilities
Drozer for Android pentest — discovering exposed Activities, Services, Broadcast Receivers, Content Providers; SQL injection in providers, path traversal, broadcast privilege escalation.…