Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

18,683
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (11,769) Articles (5894)Blog Posts (4545)Tutorials (430)Research Papers (37)News (863)
# Building an Active Directory Security Lab — Part 2: Users, Groups, and the First GPO
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
# Building an Active Directory Security Lab — Part 2: Users, Groups, and the First GPO
In [Part 1] (https://medium.com/@ahmednaoum/cybersecurity-lab-7278776f731d) I got the domain controller running and verified it with… Continue reading on Medium
LLMNR/NBT-NS Poisoning — Capturing NTLMv2 Hashes in Active Directory
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
LLMNR/NBT-NS Poisoning — Capturing NTLMv2 Hashes in Active Directory
Part 2 of the Active Directory Home Lab Series (https://medium.com/@keskarshrishailya/active-directory-home-lab-setup-4b6acb321035) Continue reading on Medium »
OSI AND TCP/IP MODEL IN DETAIL.
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
OSI AND TCP/IP MODEL IN DETAIL.
The OSI Model is a 7-layer conceptual model used to understand and standardize network communication. The TCP/IP Model is a 4-layer… Continue reading on Medium
Not Sure Which Cybersecurity Course to Choose? Start Here.
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Not Sure Which Cybersecurity Course to Choose? Start Here.
Cybersecurity is one of the fastest-growing career fields, but many beginners have the same question: Continue reading on Medium »
How Hackers Actually Think — And What Developers Miss
Medium · JavaScript 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How Hackers Actually Think — And What Developers Miss
You’ve been building for users. Hackers have been building for your blind spots. Continue reading on InfoSec Write-ups »
Demystifying SSH Key Pairs: The Silent Guardians of Modern Infrastructure
Dev.to · Karthik Korrayi 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Demystifying SSH Key Pairs: The Silent Guardians of Modern Infrastructure
Every DevOps engineer has typed this command countless times: ssh ubuntu@my-server Enter...
OAuth Challenges now Available
Dev.to · Hamza 🔐 Cybersecurity ⚡ AI Lesson 2d ago
OAuth Challenges now Available
OAuth’s core purpose is secure delegation of access, but when apps blindly trust any valid token...
Low-Cost EDR for Modern Security Teams
Dev.to · Pramod PR 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Low-Cost EDR for Modern Security Teams
Enterprise-grade endpoint security doesn't have to come with an enterprise price tag. 🔐 Many...
How to audit an MCP server: 6 layers from static analysis to gVisor sandbox
Dev.to · Edison Flores 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How to audit an MCP server: 6 layers from static analysis to gVisor sandbox
The problem Model Context Protocol servers are powerful — they let AI agents call external...
ArXiv cs.AI 🔐 Cybersecurity 📄 Paper ⚡ AI Lesson 2d ago
JavaVulBench: A Java Vulnerability Benchmark with Realistic Splits, a Unified Multi-Backend Harness, and a Leakage-Aware Evaluation Mode
arXiv:2607.02825v1 Announce Type: cross Abstract: We release \textsc{JavaVulBench}, a benchmark dataset and evaluation harness for Java vulnerability detection.
ArXiv cs.AI 🔐 Cybersecurity 📄 Paper ⚡ AI Lesson 2d ago
Enhanced Feature Extraction for IoT Network Intrusion Detection Using GNNs and KAN
arXiv:2607.02981v1 Announce Type: cross Abstract: Recent advancements in the Internet of Things (IoT) emphasize the urgent need for advanced network security, a
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Data Privacy is Essential, And Often Neglected
When was the last time you DOXXED yourself, or had a professional dox you, build an opposition file, dossier, or otherwise build a profile… Continue reading on
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Auditing My Own Accounts Like an Attacker Would: A Practical Security Assessment
Inside the Breach: Auditing My Accounts, Dissecting Real Malware, and Why Entropy Is the Quiet Backbone of Security Continue reading on Medium »
How to Recover Data From a Corrupted BitLocker Drive
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How to Recover Data From a Corrupted BitLocker Drive
A BitLocker password isn’t always enough to get your files back. Continue reading on Medium »
The Watermelon Effect: Why Your Security is Greener Than it Looks
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
The Watermelon Effect: Why Your Security is Greener Than it Looks
It is 2:00 AM. You are staring at the ceiling, wondering if the “Critical” alert that just hit your PagerDuty is a false positive or the… Continue reading on Me
How I Investigated a Banking Phishing Campaign: Smishing, Credential Theft, and an Exposed…
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How I Investigated a Banking Phishing Campaign: Smishing, Credential Theft, and an Exposed…
An in-depth walkthrough of a phishing investigation, from fraudulent SMS messages to administrative panel analysis and security… Continue reading on Medium »
RMF without the jargon: how one system earns a signature that means something
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
RMF without the jargon: how one system earns a signature that means something
The Risk Management Framework, its seven steps, told as one story instead of a checklist. Continue reading on Medium »
Finding Infrastructure Connections Using Certificate Transparency
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Finding Infrastructure Connections Using Certificate Transparency
Why CT Logs Matter for Infrastructure Discovery Continue reading on Medium »
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
SQL Injection: Listing Database Contents on Non-Oracle Databases | PortSwigger Web Security Academy…
As I continue building my hands-on cybersecurity skills, I recently completed another lab from the PortSwigger Web Security Academy. This… Continue reading on M
GHSA-VJC7-JRH9-9J86: Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2d ago
GHSA-VJC7-JRH9-9J86: Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints
Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints Vulnerability...
CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2d ago
CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget
CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget Vulnerability...
We Didn’t Lose to Hackers. We Lost to Complexity.
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
We Didn’t Lose to Hackers. We Lost to Complexity.
What Salesloft Drift, Change Healthcare, CrowdStrike, M&S, and JLR teach us about secure AI-by-design. Continue reading on Medium »
Your SSL Cert Expired Saturday at 2 A.M. Customers Notified You at 9.
Medium · Programming 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Your SSL Cert Expired Saturday at 2 A.M. Customers Notified You at 9.
Synthetic monitoring was green. Browsers were not. Seven hours of checkout revenue, gone. Continue reading on Medium »
The 32-Bit Integer That Leaks Your Neighbor's GPU Memory: A Deep Dive Into CVE-2026-53923 in vLLM
Hackernoon 🔐 Cybersecurity ⚡ AI Lesson 2d ago
The 32-Bit Integer That Leaks Your Neighbor's GPU Memory: A Deep Dive Into CVE-2026-53923 in vLLM
vLLM reuses GPU memory across users for throughput. In its GGUF dequantize kernels, the output tensor is allocated full-size with torch::empty (uninitialized),
How Attackers Weaponize PHP-FPM to Steal Your .env File
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How Attackers Weaponize PHP-FPM to Steal Your .env File
You’ve done everything right. Your .env file lives safely outside your public web root. You even added an explicit Nginx rule to block any… Continue reading on
The MSP Landscape in 2026: A Defining Year for the Industry
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
The MSP Landscape in 2026: A Defining Year for the Industry
I’ve spent enough time in the MSP world to know that every January, people say it’s a pivotal year. But 2026 might really deserve that… Continue reading on Medi
GHSA-CGFV-JRFP-2R7V: GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2d ago
GHSA-CGFV-JRFP-2R7V: GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export
GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab...
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Top 10 SIEM Solution Providers in the GCC for Banks (2026 Guide)
The banking sector across the GCC is facing an unprecedented rise in cyber threats. From ransomware and insider threats to advanced… Continue reading on Medium
GHSA-QRWJ-VH9X-GW5V: GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2d ago
GHSA-QRWJ-VH9X-GW5V: GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent
GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in...
incident response is becoming an agent review workflow
Dev.to · Paulo Victor Leite Lima Gomes 🔐 Cybersecurity ⚡ AI Lesson 2d ago
incident response is becoming an agent review workflow
AWS DevOps Agent diagnosing EKS control-plane issues is not interesting because AI fixes Kubernetes. It is interesting because incident response is becoming evi
TechCrunch AI 🔐 Cybersecurity ⚡ AI Lesson 2d ago
The ‘first’ AI-run ransomware attack still needed a human
An AI agent carried out the technical execution of a real-world ransomware attack for the first known time, but new details show a human still chose the victim,
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Someone Was Testing My Live App While I Was Asleep
I want to start with the comment, because the comment set the tone for everything that followed. Continue reading on Medium »
DAC, MAC, RBAC, ABAC: the Security+ access control models people keep swapping
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 2d ago
DAC, MAC, RBAC, ABAC: the Security+ access control models people keep swapping
Four access control models show up on the SY0-701 exam, and they blur together fast. DAC, MAC, RBAC,...
The Google Cybersecurity Certificate: Know What You’re Paying For
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
The Google Cybersecurity Certificate: Know What You’re Paying For
The cert has value — just not the kind most people expect. Continue reading on Medium »
The Rise of Unified Detection: Where NDR Fits in XDR Platforms
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
The Rise of Unified Detection: Where NDR Fits in XDR Platforms
The field of cybersecurity is continuously changing due to the advanced level of cyber threats, ransomware attacks, insider threats, and… Continue reading on Me
HTB Sherlock — Telly (Writeup)
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
HTB Sherlock — Telly (Writeup)
Telnet Authentication Bypass, Persistence via linper.sh, and Credit Card Exfiltration Continue reading on Medium »
API Security Is the New Frontline of Cyber Warfare
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
API Security Is the New Frontline of Cyber Warfare
In 2024, 83% of organizations suffered an API security incident. Attackers are no longer kicking down the front door — they’re sliding… Continue reading on Info
Writing Code to Watch the Watchers: Log Aggression and Digital Self-Defense
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Writing Code to Watch the Watchers: Log Aggression and Digital Self-Defense
The modern internet isn’t run by omniscient gods. It’s run by overworked sysadmins, bloated enterprise suites, and automated scrapers… Continue reading on Mediu
CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2d ago
CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass
CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox...
.git/config Crawler, Fable 5 Stealth Attacks, & Clojure Key Validation
Dev.to · soy 🔐 Cybersecurity ⚡ AI Lesson 2d ago
.git/config Crawler, Fable 5 Stealth Attacks, & Clojure Key Validation
.git/config Crawler, Fable 5 Stealth Attacks, & Clojure Key Validation ...
Building SkyVault: A 100% Local, AI-Powered Private NAS
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Building SkyVault: A 100% Local, AI-Powered Private NAS
By Harris Saeed, Hadi Ahmad, Muhammad Abdullah bin Khalid, and Muhammad Rafay Nabeel— Final Year Project, Department of Computer… Continue reading on Medium »
Hardening my own Nmap web UI: the security holes I shipped, and what actually saved me
Dev.to · Dipesh Thapa 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Hardening my own Nmap web UI: the security holes I shipped, and what actually saved me
I built a web front end for an Nmap-based port scanner: a FastAPI backend, a React dashboard,...
Day 6: Who Are You, and What Can You Do? Kubernetes Auth, Demystified
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Day 6: Who Are You, and What Can You Do? Kubernetes Auth, Demystified
Every command you run against a cluster goes through one door: the API server. Continue reading on Medium »
Making a wazuh server in python from scratch for fun and maybe profit
Medium · Python 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Making a wazuh server in python from scratch for fun and maybe profit
Hi, souzo here, today I will show you how I created a wazuh server from scratch with python analysing wazuh agent request and wazuh server… Continue reading on
Your Phone Is Not Listening to You. The Truth Is Actually Much Creepier.
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Your Phone Is Not Listening to You. The Truth Is Actually Much Creepier.
You talked about running shoes out loud and ten minutes later saw an ad for them. Here is what is actually happening and why the real… Continue reading on ILLUM
Stop Blocking Domains. Here’s How to Actually Protect Yourself.
Medium · Cybersecurity 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Stop Blocking Domains. Here’s How to Actually Protect Yourself.
The old defense of blocking known malicious domains is easily bypassed. Learn why — and the new strategies you need now. Continue reading on Medium »
Permission denied :: Reason ≔ none
Reddit r/webdev 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Permission denied :: Reason ≔ none
Well that’s not very helpful. Anyone maybe know why this submitted by <a href="https:/
Who Gets Left Behind In Traditional Brand Protection?
Forbes Innovation 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Who Gets Left Behind In Traditional Brand Protection?
Domain attacks against SMBs don’t always make the news. But domain attacks can devastate SMBs nonetheless.