Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

10,306
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (3,403) Articles (2354)Blog Posts (661)Tutorials (278)Research Papers (4)News (106)
Uncover the Real MSISDN | SS7 Telecom Security Research Tool
Medium · AI 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Uncover the Real MSISDN | SS7 Telecom Security Research Tool
Understanding How Mobile Identity Works in Modern Telecom Networks Continue reading on Medium »
Uncover the Real MSISDN | SS7 Telecom Security Research Tool
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Uncover the Real MSISDN | SS7 Telecom Security Research Tool
Understanding How Mobile Identity Works in Modern Telecom Networks Continue reading on Medium »
Accidental RCE: How I Found a Working Exploit in a Live CTF (and It Wasn’t Even the Challenge)
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Accidental RCE: How I Found a Working Exploit in a Live CTF (and It Wasn’t Even the Challenge)
On 19/6/2026, riffhack.biterra.co hosted an online CTF. The event had two types of challenges, what I’ll call normal and RIFFHACK… Continue reading on Medium »
Dev.to AI 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Weekly Roundup — What Happened in Tech, Jun 15–21
Five stories from the week of Jun 15–21, each one I read end to end. 1. CISA contractor exposed AWS GovCloud admin keys on public GitHub. A repo called "Private
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Medium · Python 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Look. I was writing Python scripts before your favorite framework even existed. I’ve watched the internet go from a place where anonymity… Continue reading on M
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Look. I was writing Python scripts before your favorite framework even existed. I’ve watched the internet go from a place where anonymity… Continue reading on M
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Password Disclosure
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Password Disclosure
Category: Access Control Vulnerabilities Difficulty: Apprentice Continue reading on Medium »
PortSwigger : DOM XSS in jQuery Anchor href Attribute Sink Using location.search Source
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
PortSwigger : DOM XSS in jQuery Anchor href Attribute Sink Using location.search Source
In this lab, the website has a DOM-based XSS vulnerability in the submit feedback page. Continue reading on Medium »
I found North Korean (DPRK) malware hiding in my tailwind.config.js
Medium · Programming 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I found North Korean (DPRK) malware hiding in my tailwind.config.js
I almost closed the file without reading it. Three days later I was killing processes in production at 2am, rotating every credential I… Continue reading on Med
I found North Korean (DPRK) malware hiding in my tailwind.config.js
Medium · JavaScript 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I found North Korean (DPRK) malware hiding in my tailwind.config.js
I almost closed the file without reading it. Three days later I was killing processes in production at 2am, rotating every credential I… Continue reading on Med
I found North Korean (DPRK) malware hiding in my tailwind.config.js
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I found North Korean (DPRK) malware hiding in my tailwind.config.js
I almost closed the file without reading it. Three days later I was killing processes in production at 2am, rotating every credential I… Continue reading on Med
The Single-Primitive Write: WriteProcessMemory’s Hidden Page Flip
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Single-Primitive Write: WriteProcessMemory’s Hidden Page Flip
Documenting Undocumented WriteProcessMemory Behavior Continue reading on Medium »
Timing Attacks Against PHP Login Endpoints — How Real and How to Fix
Medium · Programming 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Timing Attacks Against PHP Login Endpoints — How Real and How to Fix
If your login skips password_verify for unknown users, attackers can enumerate accounts via response time. Verified fix in 4 lines. Continue reading on Medium »
OAuth Is Still Misunderstood
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
OAuth Is Still Misunderstood
OAuth has a reputation for being complicated, mysterious, and slightly annoying. To be fair, it has worked hard to earn that reputation. Continue reading on Med
VeriLync- Application Security for SaaS Scale-ups
Dev.to · Oluwole Ajayi 🔐 Cybersecurity ⚡ AI Lesson 1w ago
VeriLync- Application Security for SaaS Scale-ups
I studied MSc Applied Cybersecurity at the University of South Wales. My dissertation was titled...
Precision Loss and Rounding Exploits in Financial Smart Contracts
Dev.to · Hiren Kava 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Precision Loss and Rounding Exploits in Financial Smart Contracts
A smart contract does not need an overflow, reentrancy bug, or broken access-control check to lose...
Engineering a residential security stack for high-value LA properties: site survey to dispatch
Dev.to · GoldenGlobalHawks 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Engineering a residential security stack for high-value LA properties: site survey to dispatch
Site survey, perimeter design, staffing models, and tech integration for LA residential security ops — with BSIS compliance requirements and real cost figures.
Business Logic Vulnerabilities in Modern APIs: The Security Flaws Firewalls Can't Stop
Dev.to · Arashad Dodhiya 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Business Logic Vulnerabilities in Modern APIs: The Security Flaws Firewalls Can't Stop
Most API security discussions revolve around SQL injection, authentication bypasses, or remote code...
The Ultimate WordPress Security Checklist for 2026
Dev.to · xusteve 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Ultimate WordPress Security Checklist for 2026
The Ultimate WordPress Security Checklist for 2026 WordPress powers over 43% of all...
The Security Checklist Every Vibe Coder Needs Before Launch
Dev.to · kg8888 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Security Checklist Every Vibe Coder Needs Before Launch
You shipped something. It works. Users are signing up. And somewhere in your codebase, there's a...
Detecting Atomic Arch Before the eBPF Rootkit Loads
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Detecting Atomic Arch Before the eBPF Rootkit Loads
Atomic Arch (Sonatype-2026–003775) backdoored around 1,500 AUR packages on June 11–12, 2026. The credential stealer it ships is… Continue reading on Medium »
Medium · Programming 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The CIA Triad: The Three Words Every Security Decision Comes Back To
I’ve taught cybersecurity to enough beginners now to know that the term “CIA Triad” sounds like it belongs in a spy movie, not a textbook… Continue reading on M
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The CIA Triad: The Three Words Every Security Decision Comes Back To
I’ve taught cybersecurity to enough beginners now to know that the term “CIA Triad” sounds like it belongs in a spy movie, not a textbook… Continue reading on M
Front-Running and MEV: Writing Contracts That Don't Leak Money to the Mempool
Dev.to · Pavel Espitia 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Front-Running and MEV: Writing Contracts That Don't Leak Money to the Mempool
When you submit a transaction, it sits in the public mempool before it is mined, visible to everyone....
Triaging My First Phishing Alerts: A SOC Simulator Walkthrough
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Triaging My First Phishing Alerts: A SOC Simulator Walkthrough
Most of my recent work has been offensive or IR-focused tracing a fileless malware infection through an Active Directory lab, running… Continue reading on Mediu
Spent Years Trying to Forecast Cyberattacks Like Weather Systems
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Spent Years Trying to Forecast Cyberattacks Like Weather Systems
For the last few years, I’ve been working on a problem that sits between cybersecurity, mathematics, and large-scale systems : Can… Continue reading on Medium »
Medium · Programming 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Reconnaissance: Why the Best Hackers Look Before They Touch Anything
When new students start learning ethical hacking, almost all of them want to skip straight to the exciting part: running a scan, finding a… Continue reading on
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Reconnaissance: Why the Best Hackers Look Before They Touch Anything
When new students start learning ethical hacking, almost all of them want to skip straight to the exciting part: running a scan, finding a… Continue reading on
Maritime Cyber Resilience Brief — Charting the USCG Cybersecurity Rule: Implementation Timeline and…
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Maritime Cyber Resilience Brief — Charting the USCG Cybersecurity Rule: Implementation Timeline and…
A follow‑up to the 3‑Part Comparative Series. Part 3 mapped the conceptual bridge between IACS UR E26/E27 and the U.S. Coast Guard’s new… Continue reading on Me
Medium · Startup 🔐 Cybersecurity ⚡ AI Lesson 1w ago
What is RDP? Complete Beginner’s Guide (2026)
What is RDP? Complete Beginner's Guide (2026) Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Your Browser as a Weapon — Understanding and Stopping CSRF
The attack that exploits trust to make you do things you never intended Continue reading on Medium »
Reverse once, run forever: designing client-side defenses that assume the attacker has already read every line
Dev.to · TrustSig 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Reverse once, run forever: designing client-side defenses that assume the attacker has already read every line
There's a sentence every engineer in this field eventually says out loud, usually with a sigh: "But...
I built a macOS security tool that locks your secrets when you walk away
Dev.to · umbra 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I built a macOS security tool that locks your secrets when you walk away
CHIMERA is an open-source macOS security "organism" — one local process orchestrating 8 native organs...
Stop Using Bearer Tokens Like House Keys: DPoP with Heimdall
Dev.to · Dimitrij Drus 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Stop Using Bearer Tokens Like House Keys: DPoP with Heimdall
You've built an API. You protected it with OAuth 2.0. You're using JWTs. You feel secure. You're...
I scanned a "vibe-coded" Python repo. Found 137 security bugs.
Dev.to · 문세환 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I scanned a "vibe-coded" Python repo. Found 137 security bugs.
I scanned KaletoAI/anima-verse — a Python LLM project that literally says "Vibe-coded experiment" in...
Your Mind Is the First System Hackers Can Exploit
Dev.to · Sujala Vasanthasena Nelavai 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Your Mind Is the First System Hackers Can Exploit
Why Cybersecurity Must Start With the Analyst — Not the Attack** 1. The Breach No One Talks...
Confidential Computing (SGX, SEV)
Dev.to · Aviral Srivastava 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Confidential Computing (SGX, SEV)
Your Data's Secret Lair: Diving Deep into Confidential Computing (SGX & SEV) Ever get...
Anonymous — TryHackMe Walkthrough
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Anonymous — TryHackMe Walkthrough
What’s up everyone!  So this is my very first writeup on Medium, and I figured why not kick it off with the Anonymous room on TryHackMe… Continue reading on Me
The Aftermarket She Diagnosed is the Aftermarket She Prescribed
Dev.to · Bala Paranj 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Aftermarket She Diagnosed is the Aftermarket She Prescribed
Jen Easterly correctly identified that cybersecurity is an aftermarket for software quality failures. Then she celebrated an AI that makes the aftermarket faste
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Data Leakage in Redirect
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Data Leakage in Redirect
Category: Access Control Vulnerabilities Difficulty: Apprentice Continue reading on Medium »
Business Logic Attacks Explained Using a Banking App
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Business Logic Attacks Explained Using a Banking App
How Attackers Abuse Perfectly Working Features Without Hacking the Code Continue reading on Medium »
WhatsApp Plus Explained: What It Really Is and the Risks Nobody Tells You
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
WhatsApp Plus Explained: What It Really Is and the Risks Nobody Tells You
WhatsApp Plus means two different things in 2026. Here is the full breakdown of the official Meta subscription, the unofficial mod APK… Continue reading on Medi
The Counterfeit Self and the Fight to Reclaim Digital Trust
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Counterfeit Self and the Fight to Reclaim Digital Trust
A Room Where Everyone Was a Ghost Continue reading on Medium »
Building a Zero-Knowledge Note Vault: What I Learned by Getting It Wrong First
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Building a Zero-Knowledge Note Vault: What I Learned by Getting It Wrong First
How a simple “encrypted message” demo turned into a real lesson in what end-to-end encryption actually means — and the mistakes along the… Continue reading on M
Part 3: Configuring and Validating the Windows 11 Domain Client
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Part 3: Configuring and Validating the Windows 11 Domain Client
With the domain controller fully operational and the cyber lab network established, the next step was to integrate a client workstation… Continue reading on Med
Part 2: Configuring the Cyber Lab Environment — Windows Server 2022
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Part 2: Configuring the Cyber Lab Environment — Windows Server 2022
With the network infrastructure now in place via pfSense, the next phase of the project focuses on configuring the systems that make up… Continue reading on Med
Understanding Converter and AttributeConverter In Java: Transparent AES Encryption at the Database…
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Understanding Converter and AttributeConverter In Java: Transparent AES Encryption at the Database…
Java applications often need to perform repetitive transformations when reading from or writing to a database. Common examples include: Continue reading on Medi
Beginner picoMini 2022 Writeup
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Beginner picoMini 2022 Writeup
My writeup for the Beginner picoMini 2022 challenges! It consists of pretty simple general skills challenges that serve as a good starting… Continue reading on