Learn
The Mirai Botnet: How It Changed IoT Security Forever
Mirai scanned for IoT devices with default credentials and built a botnet that took down half the internet.
The Mirai Botnet: How It Changed IoT Security Forever
Mirai scanned for IoT devices with default credentials and built a botnet that took down half the internet.
The KARMA Attack: How It Exploited WiFi Probe Requests
In 2004, KARMA demonstrated that responding to every WiFi probe request could capture connections automatically.
The KARMA Attack: How It Exploited WiFi Probe Requests
In 2004, KARMA demonstrated that responding to every WiFi probe request could capture connections automatically.
NetBIOS and LLMNR: The Protocols That Keep Getting Abused
NetBIOS and LLMNR broadcast name queries before trying DNS. Responder.py answers them all and captures NTLMv2 hashes.
NetBIOS and LLMNR: The Protocols That Keep Getting Abused
NetBIOS and LLMNR broadcast name queries before trying DNS. Responder.py answers them all and captures NTLMv2 hashes.
What Is SNMP and Why It Leaks Data
SNMP manages network devices but leaks topology, configs, and credentials in cleartext. Here's the full security picture.
What Is SNMP and Why It Leaks Data
SNMP manages network devices but leaks topology, configs, and credentials in cleartext. Here's the full security picture.
How SSH Works and Secures Connections
SSH provides encrypted remote access to servers. Here's the key exchange, authentication flow, and common security failures.
How SSH Works and Secures Connections
SSH provides encrypted remote access to servers. Here's the key exchange, authentication flow, and common security failures.
What Is RDP and Its Common Vulnerabilities
Remote Desktop Protocol on port 3389 is one of the most attacked services on the internet. Here's why and how to protect it.
What Is RDP and Its Common Vulnerabilities
Remote Desktop Protocol on port 3389 is one of the most attacked services on the internet. Here's why and how to protect it.
What Is SMB and the EternalBlue Vulnerability
SMB handles Windows file sharing. EternalBlue turned it into the most devastating exploit vector of the decade.
What Is SMB and the EternalBlue Vulnerability
SMB handles Windows file sharing. EternalBlue turned it into the most devastating exploit vector of the decade.
What Is UPnP and Why Should You Disable It?
UPnP lets devices open firewall ports automatically. That convenience creates holes you never asked for.
What Is UPnP and Why Should You Disable It?
UPnP lets devices open firewall ports automatically. That convenience creates holes you never asked for.
What Is SSDP and Why Is It a Security Problem?
SSDP discovers UPnP devices on your network. Unfortunately, millions of devices also respond to the entire internet.
What Is SSDP and Why Is It a Security Problem?
SSDP discovers UPnP devices on your network. Unfortunately, millions of devices also respond to the entire internet.
What Is mDNS / Bonjour?
mDNS lets devices find each other on a local network without a DNS server. Here's how Apple Bonjour and Avahi use it.
What Is mDNS / Bonjour?
mDNS lets devices find each other on a local network without a DNS server. Here's how Apple Bonjour and Avahi use it.
What Is HTTP/3?
HTTP/3 runs over QUIC instead of TCP. Here's why TCP's head-of-line blocking problem motivated the change.
What Is HTTP/3?
HTTP/3 runs over QUIC instead of TCP. Here's why TCP's head-of-line blocking problem motivated the change.
What Is QUIC?
QUIC runs over UDP with built-in TLS 1.3 encryption. Here's how it works and why it's replacing TCP for web traffic.
What Is QUIC?
QUIC runs over UDP with built-in TLS 1.3 encryption. Here's how it works and why it's replacing TCP for web traffic.
How IPv6 Works
IPv6 replaces ARP with NDP, eliminates NAT, and changes the security model. Here's how the 128-bit protocol works.
How IPv6 Works
IPv6 replaces ARP with NDP, eliminates NAT, and changes the security model. Here's how the 128-bit protocol works.
How NAT Works: A Deep Dive
NAT lets your entire network share one public IP. Here's the translation table, port mapping, and the P2P problems it creates.
How NAT Works: A Deep Dive
NAT lets your entire network share one public IP. Here's the translation table, port mapping, and the P2P problems it creates.
How Traceroute Works
Traceroute maps the path packets take by manipulating TTL to trigger responses from each router along the way.
How Traceroute Works
Traceroute maps the path packets take by manipulating TTL to trigger responses from each router along the way.
How ICMP and Ping Work
ICMP carries diagnostic messages across IP networks. Ping uses it to test reachability. Here's the full protocol.
How ICMP and Ping Work
ICMP carries diagnostic messages across IP networks. Ping uses it to test reachability. Here's the full protocol.
How ARP Works and Why It Enables Spoofing
ARP maps IP addresses to MAC addresses with no authentication. That design flaw is why ARP spoofing still works on every LAN.
How ARP Works and Why It Enables Spoofing
ARP maps IP addresses to MAC addresses with no authentication. That design flaw is why ARP spoofing still works on every LAN.
How DHCP Works: The Full Exchange
The four-step DORA process that gives every device an IP address - Discover, Offer, Request, Acknowledge in detail.
How DHCP Works: The Full Exchange
The four-step DORA process that gives every device an IP address - Discover, Offer, Request, Acknowledge in detail.
How DNS Works: A Deep Dive
The full DNS resolution chain from stub resolver to root servers, with caching, TTL, negative caching, and DNSSEC.
How DNS Works: A Deep Dive
The full DNS resolution chain from stub resolver to root servers, with caching, TTL, negative caching, and DNSSEC.
How WebSockets Work
WebSockets upgrade an HTTP connection to full-duplex communication. Here's the handshake, framing, and why the Nano uses them.
How WebSockets Work
WebSockets upgrade an HTTP connection to full-duplex communication. Here's the handshake, framing, and why the Nano uses them.
How HTTPS and TLS Work Step by Step
The complete HTTPS flow from TCP connection to encrypted data - the TLS handshake, certificates, and session key derivation.
How HTTPS and TLS Work Step by Step
The complete HTTPS flow from TCP connection to encrypted data - the TLS handshake, certificates, and session key derivation.
How HTTP Works
HTTP is the protocol behind every web page. Here's the full request-response cycle and why it was designed stateless.
How HTTP Works
HTTP is the protocol behind every web page. Here's the full request-response cycle and why it was designed stateless.
Router Hardening Checklist
A practical, actionable checklist for securing your router. Ten steps that make a real difference.
Router Hardening Checklist
A practical, actionable checklist for securing your router. Ten steps that make a real difference.
Why Updating Your Router Firmware Matters
Router CVEs are publicly known once disclosed. If you haven't updated, you're running known-vulnerable software.
Why Updating Your Router Firmware Matters
Router CVEs are publicly known once disclosed. If you haven't updated, you're running known-vulnerable software.