PlainlySec Team 
The XZ Utils backdoor (CVE-2024-3094) explained — the 2-year social engineering campaign, how the backdoor worked, which systems were affected, and lessons for open source security.
EDR vs antivirus explained — what endpoint detection and response monitors, free options like Wazuh, detecting credential dumping and living-off-the-land attacks with behavioral analysis.
Memory forensics with Volatility 3 — capturing RAM dumps, finding hidden malware with malfind, analyzing network connections, and a real case study finding a Cobalt Strike beacon.
Cryptography fundamentals for beginners — symmetric (AES), asymmetric (RSA), hashing, password hashing with bcrypt/Argon2, and TLS, with real Python code examples.
Microsoft Entra ID (Azure AD) security hardening — Conditional Access policies, Privileged Identity Management, Identity Protection, and emergency access accounts with PowerShell.
Hardware security keys (YubiKey, FIDO2) explained — how they beat phishing attacks, how WebAuthn works cryptographically, setup guides for Google, SSH, and Windows Hello.
Reverse shells explained — how attackers use outbound connections to bypass firewalls, common payload types, and how to detect them with Sysmon, auditd, and egress filtering.
GDPR compliance for small businesses — data mapping, legal bases, privacy notices, cookie consent, breach notification timelines, and the technical security measures you actually need.
Password spraying explained — how this low-and-slow attack bypasses lockouts, how APT groups use it, how to detect it with KQL queries, and how to prevent it with MFA and modern auth.
How to start bug bounty hunting — essential tools (Subfinder, Nuclei, Burp Suite), reconnaissance methodology, where to find programs, and how to write reports that get paid.