Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

18,057
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (11,146) Articles (5541)Blog Posts (4313)Tutorials (414)Research Papers (34)News (844)
Uncover the Real MSISDN | SS7 Telecom Security Research Tool
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Uncover the Real MSISDN | SS7 Telecom Security Research Tool
Understanding How Mobile Identity Works in Modern Telecom Networks Continue reading on Medium »
Entry Level Cybersecurity Salary in India: What Freshers Can Expect in 2026
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Entry Level Cybersecurity Salary in India: What Freshers Can Expect in 2026
Entry level cybersecurity jobs in India can offer freshers a starting salary of around ₹3.5 LPA to ₹8 LPA in 2026. The final package… Continue reading on Medium
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Cybercrime Investigation in 2026: A Complete Guide for Beginners and Businesses
Cybercrime has become one of the fastest-growing threats in today’s digital world. Every day, businesses and individuals face phishing… Continue reading on Medi
Cyber Security Roadmap: A Complete Beginner-to-Professional Guide
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Cyber Security Roadmap: A Complete Beginner-to-Professional Guide
A few years ago, a university student received an email that looked completely legitimate. Continue reading on Medium »
Medium · DevOps 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Azure Network Security Groups (NSGs) and Application Gateway: Building Secure and Scalable Cloud…
As organizations continue migrating applications to the cloud, security and traffic management become critical concerns. Continue reading on Medium »
TechRepublic 🔐 Cybersecurity ⚡ AI Lesson 2w ago
8 Best Enterprise VPN Solutions for 2026
Find the best enterprise VPN solution for your business with 2026 comparisons of pricing, security, remote access, endpoint protection, and ZTNA features. The p
Neyro COO Andrew Isaacs on Multi-Auditor Strategies and Blockchain Cybersecurity Challenges
Hackernoon 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Neyro COO Andrew Isaacs on Multi-Auditor Strategies and Blockchain Cybersecurity Challenges
Andrew Isaacs discuss the current state of blockchain cybersecurity, smart contract auditing processes, and the practical realities projects face.
Accidental RCE: How I Found a Working Exploit in a Live CTF (and It Wasn’t Even the Challenge)
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Accidental RCE: How I Found a Working Exploit in a Live CTF (and It Wasn’t Even the Challenge)
On 19/6/2026, riffhack.biterra.co hosted an online CTF. The event had two types of challenges, what I’ll call normal and RIFFHACK… Continue reading on Medium »
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Medium · Python 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Look. I was writing Python scripts before your favorite framework even existed. I’ve watched the internet go from a place where anonymity… Continue reading on M
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Look. I was writing Python scripts before your favorite framework even existed. I’ve watched the internet go from a place where anonymity… Continue reading on M
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Password Disclosure
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Password Disclosure
Category: Access Control Vulnerabilities Difficulty: Apprentice Continue reading on Medium »
PortSwigger : DOM XSS in jQuery Anchor href Attribute Sink Using location.search Source
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
PortSwigger : DOM XSS in jQuery Anchor href Attribute Sink Using location.search Source
In this lab, the website has a DOM-based XSS vulnerability in the submit feedback page. Continue reading on Medium »
Your EDR Is Not Enough. Here’s What Philippine Security Teams Are Missing.
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Your EDR Is Not Enough. Here’s What Philippine Security Teams Are Missing.
A class of attack is slipping past Philippine company defenses right now. Most security teams don’t realize it until it’s too late. Continue reading on zerodayd
Securing Your Dependency Tree: A Complete Guide to npm i -g snyk
Medium · Python 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Securing Your Dependency Tree: A Complete Guide to npm i -g snyk
The Hidden Risks of npm install: Securing Your Dependency Tree with Snyk? Continue reading on Medium »
Securing Your Dependency Tree: A Complete Guide to npm i -g snyk
Medium · JavaScript 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Securing Your Dependency Tree: A Complete Guide to npm i -g snyk
The Hidden Risks of npm install: Securing Your Dependency Tree with Snyk? Continue reading on Medium »
Reddit r/cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Mentorship Monday - Post All Career, Education and Job questions here!
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job re
I found North Korean (DPRK) malware hiding in my tailwind.config.js
Medium · JavaScript 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I found North Korean (DPRK) malware hiding in my tailwind.config.js
I almost closed the file without reading it. Three days later I was killing processes in production at 2am, rotating every credential I… Continue reading on Med
I found North Korean (DPRK) malware hiding in my tailwind.config.js
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I found North Korean (DPRK) malware hiding in my tailwind.config.js
I almost closed the file without reading it. Three days later I was killing processes in production at 2am, rotating every credential I… Continue reading on Med
Reddit r/cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I've ripped and replaced a security product. Ask me anything.
CISO Series presents this AMA. For this edition, we've assembled a panel of security leaders to discuss a critical challenge every practitioner faces: ripping a
The Single-Primitive Write: WriteProcessMemory’s Hidden Page Flip
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
The Single-Primitive Write: WriteProcessMemory’s Hidden Page Flip
Documenting Undocumented WriteProcessMemory Behavior Continue reading on Medium »
OAuth Is Still Misunderstood
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
OAuth Is Still Misunderstood
OAuth has a reputation for being complicated, mysterious, and slightly annoying. To be fair, it has worked hard to earn that reputation. Continue reading on Med
The Spy Group Hiding Their Orders Inside a Dropbox Folder
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
The Spy Group Hiding Their Orders Inside a Dropbox Folder
In March 2025, a North Korean spy crew emailed activists a poster, the download link pointed to Dropbox, and so did every secret command… Continue reading on Me
Is Your AI secretly exposing or Defending You? Part 2: Building Your Shield
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Is Your AI secretly exposing or Defending You? Part 2: Building Your Shield
The Sovereign Clean-Pipe Protocol Continue reading on Medium »
Making CrowdSec and Shorewall Work Together Without Breaking Each Other
Medium · DevOps 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Making CrowdSec and Shorewall Work Together Without Breaking Each Other
By default, crowdsec-firewall-bouncer injects its own chain into iptables. That works fine on a simple system where nothing else is… Continue reading on Medium
Detecting Atomic Arch Before the eBPF Rootkit Loads
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Detecting Atomic Arch Before the eBPF Rootkit Loads
Atomic Arch (Sonatype-2026–003775) backdoored around 1,500 AUR packages on June 11–12, 2026. The credential stealer it ships is… Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
The CIA Triad: The Three Words Every Security Decision Comes Back To
I’ve taught cybersecurity to enough beginners now to know that the term “CIA Triad” sounds like it belongs in a spy movie, not a textbook… Continue reading on M
Triaging My First Phishing Alerts: A SOC Simulator Walkthrough
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Triaging My First Phishing Alerts: A SOC Simulator Walkthrough
Most of my recent work has been offensive or IR-focused tracing a fileless malware infection through an Active Directory lab, running… Continue reading on Mediu
Spent Years Trying to Forecast Cyberattacks Like Weather Systems
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Spent Years Trying to Forecast Cyberattacks Like Weather Systems
For the last few years, I’ve been working on a problem that sits between cybersecurity, mathematics, and large-scale systems : Can… Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Reconnaissance: Why the Best Hackers Look Before They Touch Anything
When new students start learning ethical hacking, almost all of them want to skip straight to the exciting part: running a scan, finding a… Continue reading on
Maritime Cyber Resilience Brief — Charting the USCG Cybersecurity Rule: Implementation Timeline and…
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Maritime Cyber Resilience Brief — Charting the USCG Cybersecurity Rule: Implementation Timeline and…
A follow‑up to the 3‑Part Comparative Series. Part 3 mapped the conceptual bridge between IACS UR E26/E27 and the U.S. Coast Guard’s new… Continue reading on Me
Medium · Startup 🔐 Cybersecurity ⚡ AI Lesson 2w ago
What is RDP? Complete Beginner’s Guide (2026)
What is RDP? Complete Beginner's Guide (2026) Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Your Browser as a Weapon — Understanding and Stopping CSRF
The attack that exploits trust to make you do things you never intended Continue reading on Medium »
Anonymous — TryHackMe Walkthrough
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Anonymous — TryHackMe Walkthrough
What’s up everyone!  So this is my very first writeup on Medium, and I figured why not kick it off with the Anonymous room on TryHackMe… Continue reading on Me
Cybersecurity Job Market Breakdown (UK 2026)
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Cybersecurity Job Market Breakdown (UK 2026)
The UK cybersecurity job market is booming, but many career changers and beginners struggle to understand where demand truly lies ,which… Continue reading on Me
How I Turned One Admin Account Into a Full Org Takeover
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
How I Turned One Admin Account Into a Full Org Takeover
Note: The target’s name has been withheld and replaced with example.com, since this report is still under responsible disclosure / private… Continue reading on
Mastering Passive Recon: How to Map an Attack Surface Without Leaving a Trace
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Mastering Passive Recon: How to Map an Attack Surface Without Leaving a Trace
Why the best hackers start in total silence: A deep dive into passive footprinting, threat intelligence search engines, and defensive… Continue reading on InfoS
I Ported an Old Shellshock PoC to Python 3 So the Bug Class Is Easier to Study Again
Medium · Python 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I Ported an Old Shellshock PoC to Python 3 So the Bug Class Is Easier to Study Again
Shellshock is one of those bugs that everyone in security has heard of, but a lot of younger workflows only know it as a story. Continue reading on Medium »
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Data Leakage in Redirect
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Data Leakage in Redirect
Category: Access Control Vulnerabilities Difficulty: Apprentice Continue reading on Medium »
Business Logic Attacks Explained Using a Banking App
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Business Logic Attacks Explained Using a Banking App
How Attackers Abuse Perfectly Working Features Without Hacking the Code Continue reading on Medium »
WhatsApp Plus Explained: What It Really Is and the Risks Nobody Tells You
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
WhatsApp Plus Explained: What It Really Is and the Risks Nobody Tells You
WhatsApp Plus means two different things in 2026. Here is the full breakdown of the official Meta subscription, the unofficial mod APK… Continue reading on Medi
The Counterfeit Self and the Fight to Reclaim Digital Trust
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
The Counterfeit Self and the Fight to Reclaim Digital Trust
A Room Where Everyone Was a Ghost Continue reading on Medium »
Write Up PortSwigger Lab: Detecting NoSQL injection
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Write Up PortSwigger Lab: Detecting NoSQL injection
NoSQL injection is an attack where we slip extra characters or commands into the input that gets sent to the database. In this lab, the… Continue reading on Med
Building a Zero-Knowledge Note Vault: What I Learned by Getting It Wrong First
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Building a Zero-Knowledge Note Vault: What I Learned by Getting It Wrong First
How a simple “encrypted message” demo turned into a real lesson in what end-to-end encryption actually means — and the mistakes along the… Continue reading on M
Part 3: Configuring and Validating the Windows 11 Domain Client
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Part 3: Configuring and Validating the Windows 11 Domain Client
With the domain controller fully operational and the cyber lab network established, the next step was to integrate a client workstation… Continue reading on Med
Part 2: Configuring the Cyber Lab Environment — Windows Server 2022
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Part 2: Configuring the Cyber Lab Environment — Windows Server 2022
With the network infrastructure now in place via pfSense, the next phase of the project focuses on configuring the systems that make up… Continue reading on Med
Understanding Converter and AttributeConverter In Java: Transparent AES Encryption at the Database…
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Understanding Converter and AttributeConverter In Java: Transparent AES Encryption at the Database…
Java applications often need to perform repetitive transformations when reading from or writing to a database. Common examples include: Continue reading on Medi
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Stop Phishing with Zero Infrastructure: Building an AI Gmail Threat Scanner with Google Apps Script…
Email security architectures usually require complex deployments: MX record modifications, third-party mail gateways, or dedicated servers… Continue reading on
Beginner picoMini 2022 Writeup
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Beginner picoMini 2022 Writeup
My writeup for the Beginner picoMini 2022 challenges! It consists of pretty simple general skills challenges that serve as a good starting… Continue reading on