Knowledge Hub

Practitioner-grade cybersecurity content

Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.

Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.

Latest articles

Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.

Academy

Module 2 · Why Injection Still Happens — A Grammar Problem

Injection isn't about bad input. It's attackers smuggling tokens into an interpreter's grammar.

Apr 22, 2026 · 4 min read

Academy

Module 1 · Trust Boundaries — Where Every Web Vuln Begins

Every web vuln is a trust-boundary bug. Learn to see boundaries before learning to exploit them.

Apr 22, 2026 · 4 min read

News

Operation Cronos February 2024 — How NCA-Led International Action Took Down LockBit (Twice): Inside the Most Significant Ransomware Takedown

A multi-national law-enforcement operation seized LockBit's infrastructure, decryption keys, and admin panel — turning the most prolific ransomware operation's own leak site…

Apr 22, 2026 · 15 min read

Academy

BGP Security and RPKI — How the Internet Trusts Itself, and Why It Sometimes Should Not

BGP is the routing protocol of the Internet — every ISP, hyperscaler, and large enterprise speaks it. It assumes good behaviour by…

Apr 22, 2026 · 11 min read

Academy

Module 7 · Hybrid AD & ADFS Attack Surface

Entra Connect crown jewel, ADFS Golden SAML, PHS attacks, on-prem ↔ cloud lateral movement, Tier 0 isolation.

Apr 22, 2026 · 4 min read

Academy

Module 17 · Prototype Pollution

JS prototype model, pollution sources, attack vectors (auth bypass, RCE chains), Object.create(null) defense.

Apr 22, 2026 · 11 min read

Academy

Module 16 · Race Conditions in Web Apps

TOCTOU, single-packet attacks, where races hide, Burp testing, transactional + idempotency-key defenses.

Apr 22, 2026 · 11 min read

Academy

Module 15 · Insecure Deserialization

Java/.NET/Python/PHP/Ruby deserialization vulns, gadget chains, ysoserial, signed-data defense.

Apr 22, 2026 · 11 min read

Academy

Module 2 · GCP Advanced — VPC-SC, WIF, Confidential Computing

VPC Service Controls, Workload Identity Federation, BeyondCorp, Confidential VMs, Assured Workloads, EKM.

Apr 22, 2026 · 5 min read

Academy

Module 1 · Google Cloud Platform Security

Resource hierarchy, IAM, service accounts, network, GCS/SQL/GKE/KMS hardening, Security Command Center.

Apr 22, 2026 · 5 min read

← Newer 1 … 73 74 75 76 77 … 91 Older →