Tools & Tutorials
Step-by-step tool guides — BloodHound, Burp, Metasploit, NetExec, Impacket.
Sliver C2: The Modern Cobalt Strike Alternative
Sliver has largely replaced Cobalt Strike for Indian red-team operations since 2023. Operator workflow, capability set, network and endpoint detection patterns, evasion…
Security GuidesEmail Security in 2026: SPF, DKIM, DMARC, MTA-STS, BIMI
The modern email-authentication stack — SPF for IP authorisation, DKIM for cryptographic signing, DMARC for enforcement and reporting, MTA-STS for TLS enforcement,…
Security GuidestheHarvester and Recon-ng: OSINT Toolchain in 2026
theHarvester for breadth-of-source aggregation; Recon-ng for workflow continuity across investigation. Where they fit alongside modern tools (subfinder, amass, SpiderFoot, Maltego) in 2026…
Tools & TutorialsGraphQL Security in 2026: Beyond Introspection
GraphQL pentest beyond enabling introspection — schema enumeration without introspection, nested query DoS, alias-based brute-forcing, batched query authorisation bypass, IDOR via GraphQL,…
Tools & TutorialsRace Conditions in 2026: Single-Packet Attacks with Turbo Intruder
James Kettle's 2023 single-packet attack made race conditions reliably exploitable. Coupon multi-redemption, OTP brute-force despite lockouts, voucher stacking — anonymised real findings.…
Tools & TutorialsNoSQL Injection: MongoDB, Elasticsearch, DynamoDB
NoSQL injection class — MongoDB operator injection ($ne, $where), Elasticsearch DSL injection, DynamoDB attribute injection, CouchDB MapReduce. Test workflow with NoSQLMap and…
Red TeamingNmap for Pentesters: Beyond -sV -sC
Senior Nmap workflow — phased scanning (discovery, full TCP, service detection, vuln scripts, UDP), NSE scripts that find bugs (vulners, smb-vuln, ssl-enum-ciphers),…
Blue TeamWireshark for Security Teams: Network Forensics That Works
Wireshark workflow for security analysis — display filters, TLS decryption setup, Kerberos analysis, follow-stream feature, IoC extraction with tshark, beaconing detection. From…
Red TeamingMetasploit in 2026: The Practitioner Workflow
Metasploit beyond search-and-exploit — workspace management, database integration, payload customisation with msfvenom, listener management, post-exploitation modules, integration with BloodHound and modern C2.…
Red TeamingHydra in 2026: Modern Brute-Force That Doesn’t Trip Lockouts
Modern brute-force — password spraying instead of per-user, slow-and-low timing, distributed source IPs, targeted Indian wordlists. Where it still works (internal services,…