Ethical hacking, pentesting techniques and methodologies
Pass-the-Hash explained — how NTLM hashes are stolen from LSASS, used to authenticate without passwords, and how to defend with Credential Guard, LAPS, and Protected Users.
OWASP API Security Top 10 explained with code examples — BOLA, broken authentication, rate limiting, JWT vulnerabilities, and how to test your own APIs.
SSRF (Server-Side Request Forgery) explained — how attackers exploit URL-fetching features to reach AWS metadata APIs and internal services, with the Capital One breach as a real example.
Kerberoasting explained for beginners — how attackers steal Active Directory service account hashes, crack them offline, and how to defend with gMSA and audit logging.
SQL injection explained from scratch — how it works, real-world examples, how to test for it, and the parameterized query patterns that prevent it completely.
Learn how attackers use OSINT to research targets before an attack — with Google Dorking, Shodan, DNS recon, and GitHub secret scanning — and how to minimize your own exposure.
A beginner’s guide to Nmap — how to discover hosts, scan ports, detect services, and run security scripts against your own network with real command examples.
Essential Windows 10/11 security hardening settings — from Defender configuration and BitLocker to firewall rules and audit logging, with PowerShell commands for everything.
A practical beginner guide to hardening Linux — from firewall setup and SSH hardening to Fail2Ban, auditd, and Lynis security scanning.
A complete digital forensics guide using free tools — Volatility memory analysis, Autopsy disk forensics, Zeek network forensics, and malware static analysis with real commands.