Knowledge that strengthens your defense.
In-depth guides, analyses and practical insight on threats, vulnerabilities, and the tools security teams rely on. A guided path from foundations to working practice.
Adversaries, campaigns and how to think in threats, attacks and risk.
Discover, prioritise and understand the flaws that actually matter — OWASP Top 10.
Secure web apps and APIs — and the proxies used to test them end to end.
How traffic really flows — IP, TCP, DNS, TLS — and where an attacker can lie.
Reverse behaviours safely on intentionally-vulnerable, disposable targets.
Detect, contain and recover — a calm, ordered playbook for the first 24 hours.
Practical knowledge for today's defenders.
Cybersecurity 101: the words that mean what.
Threat, vulnerability, exploit, risk — four words that get used interchangeably, and the one mental model that finally separates them.
How networks actually work.
IP, TCP, DNS, TLS — traced through a single curl request. What each layer adds, and which ones an attacker can lie at.
Linux fundamentals for security, the working subset.
The 25 commands you will type every day, the five you will type in a hurry, and the file permissions that decide who owns the box.
Cryptography you can actually use.
Hashing vs encryption, symmetric vs asymmetric, and the three primitives you should reach for before rolling your own anything.
Threat modeling with STRIDE.
We pick a tiny web app and walk it through STRIDE, then write the prompt that gets an LLM to do 60% of the same work as a reviewer.
How to start in cybersecurity: the real roadmap.
The learning order that actually works, the official roadmap.sh path worth following, and the real job roles waiting at the other end.
Red team, blue team, purple team.
Red attacks, blue defends, purple closes the loop between them. What each one actually does day to day, and how they map to real roles.
How to actually learn cybersecurity.
Why tutorial-hell happens, what active learning looks like in this field, and a weekly rhythm that survives past month two.
AI in cybersecurity: attack and defense →
Where artificial intelligence actually shows up in a defender's day-to-day — its own sub-pillar, worth a dedicated visit.