Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
Module 2 · Cloud IAM — Where Most Breaches Live
Wildcard permissions, iam:PassRole privesc, cross-account trust, Pacu, PMapper. IAM is the hardest part of cloud security.
AcademyModule 1 · The Shared Responsibility Illusion
Cloud providers secure infrastructure; customers secure configuration. Every breach happens on customer side.
AcademyModule 10 · AD Detection — What Good Looks Like
Event IDs, Sigma rules, Defender for Identity, Sentinel KQL queries. From generic SIEM to mature AD detection.
AcademyModule 9 · Hybrid AD — On-Prem Meets Cloud
Entra Connect crown jewel, Golden SAML, Azure AD attacks, AZUREADSSOACC$ legacy, PRT theft.
AcademyModule 8 · Kerberos Delegation Abuse
Unconstrained, constrained, RBCD. S4U2Self + S4U2Proxy, MachineAccountQuota, PetitPotam coercion.
AcademyModule 7 · Trusts — Legacy Merger Paths
Trust types, SIDHistory attacks, cross-forest paths. Mergers leave trust relationships with security debt.
AcademyModule 6 · ADCS — ESC1 through ESC16
Active Directory Certificate Services attacks (Certified Pre-Owned). Template misconfigurations → domain compromise.
AcademyModule 5 · Group Policy Preferences — The Gift That Keeps Giving
cPassword in SYSVOL still found in 2026. MS14-025 didn't remove legacy files. Plus SYSVOL credential hunting.
AcademyModule 4 · AD ACL Abuse — Twenty Years of Accumulated Trust
GenericAll, GenericWrite, WriteDacl, AddMember, ForceChangePassword. Delegation sprawl = privilege escalation.
AcademyModule 3 · BloodHound — Graph Theory Meets AD
Edges, queries, custom Cypher. Why BloodHound changed offensive AD since 2017.