Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

18,047
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (11,136) Articles (5535)Blog Posts (4310)Tutorials (414)Research Papers (34)News (843)
OverTheWire Wargames : Natas - LOTS OF DOCS, LOTS OF VULNS
Dev.to · Breindel Medina 🔐 Cybersecurity ⚡ AI Lesson 1w ago
OverTheWire Wargames : Natas - LOTS OF DOCS, LOTS OF VULNS
I recently tackled the Natas Wargames by OverTheWire, following my completion of the Bandit series....
Cal Water Handala Attack: OT Containment Analysis & Attacker Motivation
Dev.to · Satyam Rastogi 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Cal Water Handala Attack: OT Containment Analysis & Attacker Motivation
Handala's Cal Water intrusion demonstrates classic attacker posturing: threat inflation to maximize pressure during extortion. Forensic analysis revea
One hyphen, two tenants, one signing key
Dev.to · authagonal 🔐 Cybersecurity ⚡ AI Lesson 1w ago
One hyphen, two tenants, one signing key
Two of our tenants were the same tenant. They had different names, different signups, and different...
Reverse Engineering a Windows Keylogger with IDA Pro: Assembly-Level Deep Dive
Dev.to · Khalif AL Mahmud 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Reverse Engineering a Windows Keylogger with IDA Pro: Assembly-Level Deep Dive
When I first loaded msdsrv.exe into IDA Pro, I had no idea what I was dealing with. No strings, no...
Security Best Practices in .NET Core and Azure
Dev.to · Hossein Esmati 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Security Best Practices in .NET Core and Azure
Security is paramount in modern distributed systems, especially when deploying to cloud platforms like Azure. A comprehensive security strategy encompasses mult
BBS Signatures and Anonymous Credentials: Proving Less to Show More
Dev.to · Haven Messenger 🔐 Cybersecurity ⚡ AI Lesson 1w ago
BBS Signatures and Anonymous Credentials: Proving Less to Show More
A government issues you a digital ID containing your name, date of birth, address, and license...
Real-World CVE HTTP Request Smuggling Apache mod_proxy Example
Dev.to · Stefan 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Real-World CVE HTTP Request Smuggling Apache mod_proxy Example
A reproducible walkthrough of CVE-2022-26377, a request smuggling desync in Apache mod_proxy_ajp, plus the upstream patch and config hardening that close it.
78% False Negatives: Your AI Security Scanner Is Gaslighting You
Dev.to · techpotions 🔐 Cybersecurity ⚡ AI Lesson 1w ago
78% False Negatives: Your AI Security Scanner Is Gaslighting You
A 78% false negative rate means automated AI scanners are missing real vulnerabilities. Understand why these tools fail and how to build a defense-in-depth stra
"I Won't Call It a Vulnerability: How Carapace Chose Not to Overclaim an OSS Finding"
Dev.to · Carapace 🔐 Cybersecurity ⚡ AI Lesson 1w ago
"I Won't Call It a Vulnerability: How Carapace Chose Not to Overclaim an OSS Finding"
In a previous post, I wrote about why I built Carapace: a local-first security CLI for people outside...
What NIS2 compliance actually costs in Hungary (2026, with real numbers)
Dev.to · Jernej Domanjko 🔐 Cybersecurity ⚡ AI Lesson 1w ago
What NIS2 compliance actually costs in Hungary (2026, with real numbers)
What NIS2 Compliance Actually Costs in Hungary: Numbers, Deadlines, and Hard...
Last month I saw something I haven’t seen in 18 years of dark web and underground monitoring.
Dev.to · Adrian Alexandru Stinga 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Last month I saw something I haven’t seen in 18 years of dark web and underground monitoring.
The underground is changing faster than the security industry is adapting. Here’s what nearly two...
Cybersecurity Roadmap
Dev.to · Ajitesh 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Cybersecurity Roadmap
Introduction: Cybersecurity is one of the most in-demand fields on the planet - and also one of the...
CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser
CVE-2026-39829: Denial of Service in Go SSH Parser Vulnerability ID: CVE-2026-39829 CVSS...
Beyond Static IP Databases: Why Real-Time Detection Matters
Dev.to · Husnain Babar 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Beyond Static IP Databases: Why Real-Time Detection Matters
Beyond Static IP Databases: Why Real-Time Detection Matters Legacy IP intelligence APIs...
CVE-2026-39834: CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel Write
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-39834: CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel Write
CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel...
MCP Trust Pack: a security layer for MCP tool calls
Dev.to · Teller 🔐 Cybersecurity ⚡ AI Lesson 1w ago
MCP Trust Pack: a security layer for MCP tool calls
MCP Trust Pack: a security layer for MCP tool calls MCP makes it easy for agents to call...
10 Million-Install Chrome Ad Blocker Hides a Remote Kill Switch for Arbitrary JavaScript
Dev.to · Etairos.ai 🔐 Cybersecurity ⚡ AI Lesson 1w ago
10 Million-Install Chrome Ad Blocker Hides a Remote Kill Switch for Arbitrary JavaScript
TL;DR what: Island researchers found that Adblock for YouTube (ID...
CVE-2026-42508: CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in golang.org/x/crypto/ssh/knownhosts
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-42508: CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in golang.org/x/crypto/ssh/knownhosts
CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in...
CVE-2026-46595: CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in golang.org/x/crypto/ssh
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-46595: CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in golang.org/x/crypto/ssh
CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in...
On Security+, social engineering questions test the principle, not the label
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 1w ago
On Security+, social engineering questions test the principle, not the label
A lot of people walk into the SY0-701 exam ready to define phishing, vishing, smishing, and...
CVE-2026-48517: CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-48517: CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp
CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in...
I Built a JWT Playground That Re-signs Tokens With Real HMAC-SHA256
Dev.to · Devanshu Biswas 🔐 Cybersecurity ⚡ AI Lesson 1w ago
I Built a JWT Playground That Re-signs Tokens With Real HMAC-SHA256
Most JWT explainers cheat. They show you header.payload.signature, point at the third part, and say...
7 Security Holes We Keep Finding in Vibecoded Apps: Audit Vibe Coding by Inithouse
Dev.to · Jakub 🔐 Cybersecurity ⚡ AI Lesson 1w ago
7 Security Holes We Keep Finding in Vibecoded Apps: Audit Vibe Coding by Inithouse
We run Audit Vibe Coding at Inithouse, a security audit tool built specifically for AI-generated...
What actually visits a self-hosted website in 2026? Humans, AI crawlers, and 6,400 automated attacks
Dev.to · Tommy 🔐 Cybersecurity ⚡ AI Lesson 1w ago
What actually visits a self-hosted website in 2026? Humans, AI crawlers, and 6,400 automated attacks
I run a small self-hosted website on a Raspberry Pi 4B at home. A few weeks ago I started wondering:...
CVE-2026-48713: CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-48713: CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend
CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend Vulnerability ID:...
# Real-World SSH: From Your Laptop to the Linux Kernel 🚀
Dev.to · Mh Asif Kamal 🔐 Cybersecurity ⚡ AI Lesson 1w ago
# Real-World SSH: From Your Laptop to the Linux Kernel 🚀
If you work in tech, you use SSH every day. But for a lot of developers, it's just a black box. Let’s...
curl Patches 25-Year-Old Vulnerability and 17 Other Flaws
Dev.to · BeyondMachines 🔐 Cybersecurity ⚡ AI Lesson 1w ago
curl Patches 25-Year-Old Vulnerability and 17 Other Flaws
curl version 8.21.0 addresses 18 vulnerabilities, including a 25-year-old authentication bypass (CVE-2026-8932) and multiple memory safety issues. The flaws pri
Protecting Developers Means Protecting Their Secrets
Dev.to · Dwayne McDaniel 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Protecting Developers Means Protecting Their Secrets
When most people think of "Enterprise Security," they immediately think of hardened data centers,...
Your Baby Monitor's Biggest Security Flaw Isn't Hackers. It's the Company That Built It.
Dev.to · Spicy 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Your Baby Monitor's Biggest Security Flaw Isn't Hackers. It's the Company That Built It.
In May 2026, a French ethical hacker named Sammy Azdoufal bought a baby monitor off Amazon and spent...
Nation-State Actors Are Now Targeting Your AI Agent's npm Packages
Dev.to · Toni Antunovic 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Nation-State Actors Are Now Targeting Your AI Agent's npm Packages
Sapphire Sleet (North Korean APT) compromised 140+ Mastra npm packages via postinstall hook to steal AI API keys and cloud credentials from developer machines.
From Root CA to User Authorization in nginx+apache. Part 2: Certificate Revocation, CRL and OCSP
Dev.to · Maksim Didenko 🔐 Cybersecurity ⚡ AI Lesson 1w ago
From Root CA to User Authorization in nginx+apache. Part 2: Certificate Revocation, CRL and OCSP
A follow-up to Part 1 (EN on LinkedIn · RU on Habr), where we stood up a two-tier PKI: a Root CA and...
Lantronix Serial-to-IP RCE: OT Device Takeover via CVE-2025-67038
Dev.to · Satyam Rastogi 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Lantronix Serial-to-IP RCE: OT Device Takeover via CVE-2025-67038
CVE-2025-67038 in Lantronix Serial-to-IP converters enables unauthenticated remote code execution on operational technology devices. Active exploitati
vrp-ir 0.9.0: a line-cited security audit for Huawei VRP/USG configs
Dev.to · zynovex-support 🔐 Cybersecurity ⚡ AI Lesson 1w ago
vrp-ir 0.9.0: a line-cited security audit for Huawei VRP/USG configs
If you do acceptance or audit work on Huawei gear, you've hit this wall: Batfish explicitly marks...
Beyond the Hype: Why Your GRC Strategy Fails Without Real Encryption and DLP
Dev.to · Massimiliano B. 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Beyond the Hype: Why Your GRC Strategy Fails Without Real Encryption and DLP
Let’s cut through the noise. When we talk about Governance, Risk, and Compliance (GRC), people often...
Demystifying Zero-Knowledge Proofs: Constructing a ZK-SNARK Verifier from First Principles
Dev.to · Ebendttl 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Demystifying Zero-Knowledge Proofs: Constructing a ZK-SNARK Verifier from First Principles
A mathematical deep-dive into Rank-1 Constraint Systems, Quadratic Arithmetic Programs, and implementing a cryptographic SNARK verifier in TypeScript.
Hello DEV! I'm Plugecon — security developer
Dev.to · Plugecon 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Hello DEV! I'm Plugecon — security developer
Hey DEV community! I'm Plugecon, a security-focused developer working with C/C++, Python, PHP and...
Securing S3 Bucket Policies: Public Access, Conditions, and Common Mistakes
Dev.to · Shieldly 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Securing S3 Bucket Policies: Public Access, Conditions, and Common Mistakes
Originally published at shieldly.io/blog. S3 bucket policies are written once and forgotten. They...
Implementing Chat End-to-End Encryption (E2EE): A Technical Guide to X3DH and Double Ratchet
Dev.to · Nexconn 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Implementing Chat End-to-End Encryption (E2EE): A Technical Guide to X3DH and Double Ratchet
Claims of "security" are everywhere, but very few chat APIs actually walk the walk. Most offerings...
How I built ZeroAudit — AI-powered SOC 2 compliance automation with AWS DynamoDB and Vercel
Dev.to · Dmytro Mazurenko 🔐 Cybersecurity ⚡ AI Lesson 1w ago
How I built ZeroAudit — AI-powered SOC 2 compliance automation with AWS DynamoDB and Vercel
SOC 2 Type II audits are painful. Auditors want evidence for 42 controls — who has access, are...
Software Supply Chain Security (SLSA)
Dev.to · Aviral Srivastava 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Software Supply Chain Security (SLSA)
Fortifying the Foundation: Navigating the Wild World of Software Supply Chain Security...
The Security Bug Every Node.js Developer Ships to Production
Dev.to · Lolo 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Security Bug Every Node.js Developer Ships to Production
Last year I was doing a code review for a startup. Everything looked fine on the surface, clean code,...
Secrets sprawl: how we cleaned up 412 leaked tokens and stopped the latency bleed
Dev.to · isabelle dubuis 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Secrets sprawl: how we cleaned up 412 leaked tokens and stopped the latency bleed
When a CI pipeline failed at 02:13 AM on March 3, we discovered that 412 distinct API tokens had been...
Why your reCAPTCHA v3 score is low — and how to actually raise it
Dev.to · Bassem Shahin 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Why your reCAPTCHA v3 score is low — and how to actually raise it
reCAPTCHA v3 doesn't show a puzzle — it scores your whole session 0.0–1.0. Here's what actually drives a low score (IP, fingerprint, behavior) and how to raise
Building Trust Into Authentication: Practical Access Control Patterns for Modern Apps
Dev.to · Samiat Akande 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Building Trust Into Authentication: Practical Access Control Patterns for Modern Apps
Most apps think they are secure because they have login pages. But authentication is only the first...
Before You Hack Anything — How Penetration Testers Define Scope and Rules of Engagement
Dev.to · Khalif AL Mahmud 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Before You Hack Anything — How Penetration Testers Define Scope and Rules of Engagement
Most people think penetration testing starts with running tools — Nmap, Metasploit, Burp Suite. But...
Why Your Browser Should Do the Heavy Lifting: A Guide to Local Data Sanitization
Dev.to · will.indie 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Why Your Browser Should Do the Heavy Lifting: A Guide to Local Data Sanitization
Stop Uploading Your Sensitive Data to Sketchy Websites Just to Trim a File If you have...
Monorepo Dependency Security — Vulnerability Scanning Across Packages
Dev.to · Vulert 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Monorepo Dependency Security — Vulnerability Scanning Across Packages
A monorepo can look like one repository, but security teams should treat it as many applications...
Should Your App Adopt Passkeys?
Dev.to · Developer Service 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Should Your App Adopt Passkeys?
Someone on your leadership team asked a reasonable question: should we adopt passkeys? You searched...