Knowledge Hub

Practitioner-grade cybersecurity content

Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.

Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.

Latest articles

Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.

Mobile Pentest

Android Frida: SSL Pinning Bypass and Runtime Hooking in 2026

The practitioner workflow for Android pentesting with Frida 16+ — SSL pinning bypass, root detection bypass, runtime function hooking, and the layered…

Apr 25, 2026 · 4 min read
Tools & Tutorials

Burp Suite Professional Workflow: How Senior Pentesters Actually Use It

Most engineers use Burp like a glorified intercepting proxy. Senior pentesters use it as a programmable workbench — macros, session-handling rules, Intruder…

Apr 25, 2026 · 6 min read
Threat Intelligence

Log4Shell 4 Years Later: Why It’s Still in 15% of Indian Enterprise Audits

Log4Shell (CVE-2021-44228) was disclosed in December 2021. Four years on, 15-20% of Indian enterprise audits still find vulnerable Log4j. The bug, modern…

Apr 25, 2026 · 6 min read
Red Teaming

PrintNightmare in 2026: The Bug Class Microsoft Couldn’t Quite Kill

PrintNightmare (CVE-2021-1675/34527) was supposed to die in 2021. Print Spooler bugs continue producing new CVEs every year. The bug, the variants since…

Apr 25, 2026 · 5 min read
Active Directory

SeImpersonatePrivilege: From Service Account to SYSTEM in 10 Seconds (Potato Attacks 2026)

Service accounts with SeImpersonatePrivilege are 10 seconds from SYSTEM via Potato attacks — JuicyPotato, RoguePotato, PrintSpoofer, GodPotato. Why the privilege exists, how…

Apr 25, 2026 · 5 min read
Red Teaming

DirtyPipe (CVE-2022-0847): Why This 3-Year-Old Linux Kernel CVE Still Hits Indian Production

DirtyPipe was disclosed in March 2022. The fix has been available for three years. Yet 1 in 5 Indian Linux pentests still…

Apr 25, 2026 · 6 min read
Red Teaming

Linux Sudo Privilege Escalation: 8 Paths You Need to Know in 2026

Eight sudo-based Linux privilege escalation paths — shell-spawning binaries (GTFOBins), insecure script paths, env_keep PATH, LD_PRELOAD, wildcard expansion, writable binaries, sudo CVEs…

Apr 25, 2026 · 6 min read
Tools & Tutorials

JWT Attacks in 2026: alg:none, RS256-to-HS256, JWKS Injection — Still Working

JWT done with library defaults from 2017 is a privilege-escalation primitive. Seven attack variants — alg:none, RS256-HS256 confusion, weak HMAC, JWKS injection,…

Apr 25, 2026 · 6 min read
Security Guides

SQL Injection in 2026: Why It’s Still in 40% of Indian Web Pentests

SQL injection has been on OWASP Top 10 since 2003. Modern variants — blind, time-based, second-order, NoSQL injection, ORM injection — still…

Apr 25, 2026 · 5 min read
Cloud Security

S3 Bucket Misconfigurations: Why 30% of Indian Startups Still Leak Customer Data

Five S3 misconfigurations we actually find on Indian startup audits — Block Public Access disabled, broad bucket-policy Principal, pre-signed URL leakage, object-level…

Apr 25, 2026 · 6 min read
1 66 67 68 69 70 91