Tools & Tutorials · 29 articles

Tools & Tutorials

Step-by-step tool guides — BloodHound, Burp, Metasploit, NetExec, Impacket.

Red Teaming

Sliver C2: The Modern Cobalt Strike Alternative

Sliver has largely replaced Cobalt Strike for Indian red-team operations since 2023. Operator workflow, capability set, network and endpoint detection patterns, evasion…

Apr 25, 2026 · 3 min read
Security Guides

Email Security in 2026: SPF, DKIM, DMARC, MTA-STS, BIMI

The modern email-authentication stack — SPF for IP authorisation, DKIM for cryptographic signing, DMARC for enforcement and reporting, MTA-STS for TLS enforcement,…

Apr 25, 2026 · 3 min read
Security Guides

theHarvester and Recon-ng: OSINT Toolchain in 2026

theHarvester for breadth-of-source aggregation; Recon-ng for workflow continuity across investigation. Where they fit alongside modern tools (subfinder, amass, SpiderFoot, Maltego) in 2026…

Apr 25, 2026 · 2 min read
Tools & Tutorials

GraphQL Security in 2026: Beyond Introspection

GraphQL pentest beyond enabling introspection — schema enumeration without introspection, nested query DoS, alias-based brute-forcing, batched query authorisation bypass, IDOR via GraphQL,…

Apr 25, 2026 · 4 min read
Tools & Tutorials

Race Conditions in 2026: Single-Packet Attacks with Turbo Intruder

James Kettle's 2023 single-packet attack made race conditions reliably exploitable. Coupon multi-redemption, OTP brute-force despite lockouts, voucher stacking — anonymised real findings.…

Apr 25, 2026 · 4 min read
Tools & Tutorials

NoSQL Injection: MongoDB, Elasticsearch, DynamoDB

NoSQL injection class — MongoDB operator injection ($ne, $where), Elasticsearch DSL injection, DynamoDB attribute injection, CouchDB MapReduce. Test workflow with NoSQLMap and…

Apr 25, 2026 · 2 min read
Red Teaming

Nmap for Pentesters: Beyond -sV -sC

Senior Nmap workflow — phased scanning (discovery, full TCP, service detection, vuln scripts, UDP), NSE scripts that find bugs (vulners, smb-vuln, ssl-enum-ciphers),…

Apr 25, 2026 · 3 min read
Blue Team

Wireshark for Security Teams: Network Forensics That Works

Wireshark workflow for security analysis — display filters, TLS decryption setup, Kerberos analysis, follow-stream feature, IoC extraction with tshark, beaconing detection. From…

Apr 25, 2026 · 3 min read
Red Teaming

Metasploit in 2026: The Practitioner Workflow

Metasploit beyond search-and-exploit — workspace management, database integration, payload customisation with msfvenom, listener management, post-exploitation modules, integration with BloodHound and modern C2.…

Apr 25, 2026 · 3 min read
Red Teaming

Hydra in 2026: Modern Brute-Force That Doesn’t Trip Lockouts

Modern brute-force — password spraying instead of per-user, slow-and-low timing, distributed source IPs, targeted Indian wordlists. Where it still works (internal services,…

Apr 25, 2026 · 2 min read