Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

10,291
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (3,391) Articles (2348)Blog Posts (660)Tutorials (274)Research Papers (4)News (105)
DAY 3 OF 100 DAYS AS A STUDENT STUDYING CYBERSECURITY
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
DAY 3 OF 100 DAYS AS A STUDENT STUDYING CYBERSECURITY
Understanding the Cyber Kill Chain Continue reading on Medium »
Uncover the Real MSISDN | SS7 Telecom Security Research Tool
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Uncover the Real MSISDN | SS7 Telecom Security Research Tool
Understanding How Mobile Identity Works in Modern Telecom Networks Continue reading on Medium »
Accidental RCE: How I Found a Working Exploit in a Live CTF (and It Wasn’t Even the Challenge)
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Accidental RCE: How I Found a Working Exploit in a Live CTF (and It Wasn’t Even the Challenge)
On 19/6/2026, riffhack.biterra.co hosted an online CTF. The event had two types of challenges, what I’ll call normal and RIFFHACK… Continue reading on Medium »
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Medium · Python 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Look. I was writing Python scripts before your favorite framework even existed. I’ve watched the internet go from a place where anonymity… Continue reading on M
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Python OpSec in 2026: Spoofing, Anti-Fingerprinting & Zero Traces
Look. I was writing Python scripts before your favorite framework even existed. I’ve watched the internet go from a place where anonymity… Continue reading on M
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Password Disclosure
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Password Disclosure
Category: Access Control Vulnerabilities Difficulty: Apprentice Continue reading on Medium »
PortSwigger : DOM XSS in jQuery Anchor href Attribute Sink Using location.search Source
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
PortSwigger : DOM XSS in jQuery Anchor href Attribute Sink Using location.search Source
In this lab, the website has a DOM-based XSS vulnerability in the submit feedback page. Continue reading on Medium »
I found North Korean (DPRK) malware hiding in my tailwind.config.js
Medium · JavaScript 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I found North Korean (DPRK) malware hiding in my tailwind.config.js
I almost closed the file without reading it. Three days later I was killing processes in production at 2am, rotating every credential I… Continue reading on Med
I found North Korean (DPRK) malware hiding in my tailwind.config.js
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I found North Korean (DPRK) malware hiding in my tailwind.config.js
I almost closed the file without reading it. Three days later I was killing processes in production at 2am, rotating every credential I… Continue reading on Med
The Single-Primitive Write: WriteProcessMemory’s Hidden Page Flip
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Single-Primitive Write: WriteProcessMemory’s Hidden Page Flip
Documenting Undocumented WriteProcessMemory Behavior Continue reading on Medium »
OAuth Is Still Misunderstood
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
OAuth Is Still Misunderstood
OAuth has a reputation for being complicated, mysterious, and slightly annoying. To be fair, it has worked hard to earn that reputation. Continue reading on Med
Detecting Atomic Arch Before the eBPF Rootkit Loads
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Detecting Atomic Arch Before the eBPF Rootkit Loads
Atomic Arch (Sonatype-2026–003775) backdoored around 1,500 AUR packages on June 11–12, 2026. The credential stealer it ships is… Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The CIA Triad: The Three Words Every Security Decision Comes Back To
I’ve taught cybersecurity to enough beginners now to know that the term “CIA Triad” sounds like it belongs in a spy movie, not a textbook… Continue reading on M
Triaging My First Phishing Alerts: A SOC Simulator Walkthrough
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Triaging My First Phishing Alerts: A SOC Simulator Walkthrough
Most of my recent work has been offensive or IR-focused tracing a fileless malware infection through an Active Directory lab, running… Continue reading on Mediu
Spent Years Trying to Forecast Cyberattacks Like Weather Systems
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Spent Years Trying to Forecast Cyberattacks Like Weather Systems
For the last few years, I’ve been working on a problem that sits between cybersecurity, mathematics, and large-scale systems : Can… Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Reconnaissance: Why the Best Hackers Look Before They Touch Anything
When new students start learning ethical hacking, almost all of them want to skip straight to the exciting part: running a scan, finding a… Continue reading on
Maritime Cyber Resilience Brief — Charting the USCG Cybersecurity Rule: Implementation Timeline and…
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Maritime Cyber Resilience Brief — Charting the USCG Cybersecurity Rule: Implementation Timeline and…
A follow‑up to the 3‑Part Comparative Series. Part 3 mapped the conceptual bridge between IACS UR E26/E27 and the U.S. Coast Guard’s new… Continue reading on Me
Medium · Startup 🔐 Cybersecurity ⚡ AI Lesson 1w ago
What is RDP? Complete Beginner’s Guide (2026)
What is RDP? Complete Beginner's Guide (2026) Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Your Browser as a Weapon — Understanding and Stopping CSRF
The attack that exploits trust to make you do things you never intended Continue reading on Medium »
Anonymous — TryHackMe Walkthrough
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Anonymous — TryHackMe Walkthrough
What’s up everyone!  So this is my very first writeup on Medium, and I figured why not kick it off with the Anonymous room on TryHackMe… Continue reading on Me
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Data Leakage in Redirect
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
PortSwigger Lab Write-Up: User ID Controlled by Request Parameter with Data Leakage in Redirect
Category: Access Control Vulnerabilities Difficulty: Apprentice Continue reading on Medium »
Business Logic Attacks Explained Using a Banking App
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Business Logic Attacks Explained Using a Banking App
How Attackers Abuse Perfectly Working Features Without Hacking the Code Continue reading on Medium »
WhatsApp Plus Explained: What It Really Is and the Risks Nobody Tells You
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
WhatsApp Plus Explained: What It Really Is and the Risks Nobody Tells You
WhatsApp Plus means two different things in 2026. Here is the full breakdown of the official Meta subscription, the unofficial mod APK… Continue reading on Medi
The Counterfeit Self and the Fight to Reclaim Digital Trust
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Counterfeit Self and the Fight to Reclaim Digital Trust
A Room Where Everyone Was a Ghost Continue reading on Medium »
Building a Zero-Knowledge Note Vault: What I Learned by Getting It Wrong First
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Building a Zero-Knowledge Note Vault: What I Learned by Getting It Wrong First
How a simple “encrypted message” demo turned into a real lesson in what end-to-end encryption actually means — and the mistakes along the… Continue reading on M
Part 3: Configuring and Validating the Windows 11 Domain Client
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Part 3: Configuring and Validating the Windows 11 Domain Client
With the domain controller fully operational and the cyber lab network established, the next step was to integrate a client workstation… Continue reading on Med
Part 2: Configuring the Cyber Lab Environment — Windows Server 2022
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Part 2: Configuring the Cyber Lab Environment — Windows Server 2022
With the network infrastructure now in place via pfSense, the next phase of the project focuses on configuring the systems that make up… Continue reading on Med
Understanding Converter and AttributeConverter In Java: Transparent AES Encryption at the Database…
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Understanding Converter and AttributeConverter In Java: Transparent AES Encryption at the Database…
Java applications often need to perform repetitive transformations when reading from or writing to a database. Common examples include: Continue reading on Medi
Beginner picoMini 2022 Writeup
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Beginner picoMini 2022 Writeup
My writeup for the Beginner picoMini 2022 challenges! It consists of pretty simple general skills challenges that serve as a good starting… Continue reading on
Insecure Direct Object Reference (IDOR) — TryHackMe IDOR Room
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Insecure Direct Object Reference (IDOR) — TryHackMe IDOR Room
1. Overview Continue reading on Medium »
Before You Click That Link: The 3-Second AI Scam Check That Could Save You Everything
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Before You Click That Link: The 3-Second AI Scam Check That Could Save You Everything
AI scams move fast because panic moves fast. This simple pause can protect your money, accounts, and identity before one click gives… Continue reading on Medium
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Open Redirect on via GET parameter “redirect”
Continue reading on Medium »
CyberDefenders — Web Investigation Lab
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CyberDefenders — Web Investigation Lab
I investigate Network PCAP file on the Wireshark. Continue reading on Medium »
Neighbour-TryHackMe Walkthrough
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Neighbour-TryHackMe Walkthrough
https://tryhackme.com/room/neighbour Continue reading on Medium »
Congress Uses the Word “Cybersecurity” Hundreds of Times. It Never Actually Defines It.
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Congress Uses the Word “Cybersecurity” Hundreds of Times. It Never Actually Defines It.
Spend enough time reading federal law, and you start to notice something odd. The word “cybersecurity” is everywhere. It funds programs… Continue reading on Med
The Fake Video That Almost Destroyed a Family: A Deepfake Warning Story
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Fake Video That Almost Destroyed a Family: A Deepfake Warning Story
A story about trust, panic, and why the next family crisis you see on video may not be real. Continue reading on Medium »
Zero Trust: The Executive Mandate for Modern Cybersecurity
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Zero Trust: The Executive Mandate for Modern Cybersecurity
The End of the “Castle and Moat”: Why Zero Trust is Today’s Most Relevant Security Mandate Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
One month into my cybersecurity journey through the TechRise Cohort 2 program, and the experience…
Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I. Executive Summary
This report consolidates all captured browser‑level, network, and vault telemetry from your recent sessions. Continue reading on Medium »
Tryhackme writeup: Dav machine
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Tryhackme writeup: Dav machine
Phase 1: Reconnaissance (Recon) Continue reading on Medium »
Demystifying Network Security Basics: A Hands-On Guide for Beginners
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Demystifying Network Security Basics: A Hands-On Guide for Beginners
Stepping into the world of cybersecurity can feel like trying to drink water from a firehose. Between confusing acronyms, complex tool… Continue reading on Medi
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Personal Reflection on Security & Risk Management Concepts
Personal Reflection on Security & Risk Management Concepts Continue reading on Medium »
Suspicious USB Stick(BTLO) writeup
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Suspicious USB Stick(BTLO) writeup
Question 1; Continue reading on Medium »
Password Security 101: Why we should never store raw password (FT. Bcrypt)
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Password Security 101: Why we should never store raw password (FT. Bcrypt)
When you’re first learning to build databases, storing a password as plain text feels natural. It’s right there, it’s easy to test, and… Continue reading on Med
HackAstra 2026 · Digital Forensics (Qualifier Round)
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
HackAstra 2026 · Digital Forensics (Qualifier Round)
Digital forensics challenges are rarely about a single artifact. They are about connecting small traces across memory, disk, applications… Continue reading on M
The Dark Web Marketplace That Made Millions and Changed Cybercrime Forever
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Dark Web Marketplace That Made Millions and Changed Cybercrime Forever
It Looked Like Amazon. It Ran on Bitcoin. And It Became One of the Biggest Cybercrime Stories Ever. Continue reading on Medium »
How a Broken Instagram Link Led to a Social Media Account Takeover Risk
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
How a Broken Instagram Link Led to a Social Media Account Takeover Risk
Introduction Continue reading on Medium »
Deferred Procedure Calls — DPCs : A Real Deep Dive Internals, WinDbg, and Exploitation
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Deferred Procedure Calls — DPCs : A Real Deep Dive Internals, WinDbg, and Exploitation
IRQLs → KDPC internals → WinDbg live analysis → vulnerable driver code → ROP-based exploitation → BYOVD → mitigations breakdown Continue reading on Medium »