Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
Module 2 · AD Enumeration — Seeing Everything
BloodHound, SharpHound, Impacket, CrackMapExec, PowerView. Any authenticated user sees the whole directory.
AcademyModule 1 · Why AD Is Fragile by Design
AD's defaults accumulated risk for 20 years — authenticated-read-everything, NTLM, RC4, backwards compat.
AcademyModule 10 · Why Network Detection Underperforms
Encrypted traffic, volume overload, alert fatigue. Why attacker dwell time is weeks to months on average.
AcademyModule 9 · Wireless — The Perimeter That Moves
Evil Twin, KRACK, PMKID, rogue 802.1X, BLE. $40 of hardware extends the perimeter past the building.
AcademyModule 8 · OT / ICS at the Network Layer
Stuxnet, Industroyer, Triton, Oldsmar. Why PLCs reachable from IT is catastrophic and common.
AcademyModule 7 · BGP, DNS, CAs — Internet-Scale Trust Failures
BGP hijack + DNS poisoning + TLS cert abuse = traffic interception at scale. Real breaches, real tools.
AcademyModule 6 · VPN Appliances — The Crown Jewel
Ivanti, Fortinet, Citrix, Palo Alto — every year a critical CVE. Patching speed vs attacker speed.
AcademyModule 5 · SSH, RDP, SMB, WinRM — The Lateral Movement Highway
Every enterprise's admin protocols are attackers' rails. Credential reuse + cached credentials = fast compromise.
AcademyModule 4 · Why Kerberos Keeps Producing Attacks
Kerberoasting, AS-REP, Golden Tickets, Silver Tickets, delegation abuse. Not bugs — design features in a new threat model.
AcademyModule 3 · Why Firewalls Miss Modern C2
HTTPS C2, DNS tunneling, DoH, domain fronting, living-off-the-cloud — attackers use permitted traffic for everything.