PlainlySec Team 
Security logging best practices — what events to log, critical Windows and Linux audit rules, building effective alerts with Wazuh, and protecting log integrity from attackers.
Pass-the-Hash explained — how NTLM hashes are stolen from LSASS, used to authenticate without passwords, and how to defend with Credential Guard, LAPS, and Protected Users.
CI/CD pipeline security — SolarWinds, Codecov breaches, GitHub Actions hardening, OIDC credentials, dependency scanning, and SLSA supply chain framework.
OWASP API Security Top 10 explained with code examples — BOLA, broken authentication, rate limiting, JWT vulnerabilities, and how to test your own APIs.
Wi-Fi security explained — WPA3, evil twin attacks, WPA2 handshake cracking, 802.1X enterprise authentication, and rogue AP detection with Kismet.
The 10 most dangerous Docker and Kubernetes misconfigurations — running as root, no resource limits, exposed daemon — with exact commands to fix each one.
DNS security explained — cache poisoning, hijacking, subdomain takeovers, DNS tunneling, DNSSEC, and DoH/DoT — with detection techniques and a complete hardening checklist.
A beginner’s guide to threat modeling using STRIDE and DREAD — step-by-step process, data flow diagrams, scoring threats, and free tools like Microsoft Threat Modeling Tool and OWASP Threat Dragon.
SSRF (Server-Side Request Forgery) explained — how attackers exploit URL-fetching features to reach AWS metadata APIs and internal services, with the Capital One breach as a real example.
Kerberoasting explained for beginners — how attackers steal Active Directory service account hashes, crack them offline, and how to defend with gMSA and audit logging.