The Cyber Field Guide
Plain-English explainers on how attacks actually work and how to stop them — written for people who have to do the job, with the commands to go with them.
61 articles across 15 topics
Cyber Threat Landscape
3 articlesChoosing a DNS Server: Balancing Security, Privacy, and Speed
Almost nobody chooses their DNS server on purpose. When you sign up for internet service, your provider quietly assigns you one, and it silently answers billions of the internet’s most…
6 min read7 sections
DNS Leaks: What They Are and How to Close Them
A DNS leak is one of those privacy failures that hides in plain sight. You do everything right — you turn on a VPN, you see the little “connected” icon, you assume your browsing is now…
4 min read5 sections
DNS Root Servers: The Top of the Name System
When people first hear that the entire internet’s naming system depends on “13 root servers,” it sounds impossibly fragile — as if thirteen machines somewhere could be unplugged and the web…
4 min read5 sections
Cyber Threats
5 articlesEmerging Threats: How the Attack Landscape Keeps Reinventing Itself
It is tempting to think of cybersecurity as a checklist: install a firewall, patch your systems, train your staff, and you are done.
6 min read7 sections
Ransomware Explained: How Digital Extortion Works and How to Stop It
Most people picture ransomware as a dramatic red skull flashing on a screen, demanding Bitcoin within 72 hours. That image isn’t wrong, but it misses the point.
6 min read6 sections
Ransomware in the Wild: Real Attacks, Tactics, and How Recovery Actually Works
Most people picture ransomware as a single dramatic moment: a skull on a screen, a countdown timer, a demand for Bitcoin. That image is a decade out of date.
6 min read7 sections
Stopping Ransomware Before It Starts: A Practical Prevention Guide
The most dangerous myth about ransomware is that paying the ransom makes the problem go away. It rarely does.
6 min read8 sections
The Main Types of Ransomware, and Why the Differences Matter
Most people picture ransomware as a single thing: a skull-and-crossbones splash screen demanding Bitcoin.
5 min read5 sections
General
6 articlesCloud Security Explained: Protecting Data and Workloads in the Cloud
A surprising number of breaches in the cloud have nothing to do with a clever attacker defeating a provider’s defenses.
5 min read4 sections
Cyber Threats: How Attacks Happen and How to Stay Ahead of Them
Most people picture a cyber threat as a hooded stranger furiously typing to “break in” to a system. The reality is far more mundane and far more dangerous.
6 min read7 sections
External Attack Surface Management: Seeing Your Organization the Way an Attacker Does
Most security teams have a pretty good map of the assets they *know* about: the servers in the data center, the laptops in the asset inventory, the cloud accounts finance signed off on.
6 min read6 sections
Malware Explained: How Malicious Software Works and How to Stop It
Most people picture malware as a dramatic red skull flashing across a screen, or a hacker in a hoodie typing furiously in a dark room. The reality is far quieter and far more dangerous.
6 min read7 sections
Threat Intelligence Explained: From Raw Data to Decisions
Ask ten security teams what “threat intelligence” means and you’ll get ten different answers. Some point at a subscription feed of malicious IP addresses.
6 min read6 sections
Threat Intelligence Tools: What Actually Earns a Place in Your Stack
A lot of teams buy a “threat intelligence tool” expecting a magic feed that tells them exactly who is about to attack them.
5 min read5 sections
Glossary
10 articlesAutomated Intelligence: Turning Raw Data Into Security Decisions at Machine Speed
There is a persistent myth in security operations that more data equals more insight. Teams pour money into feeds, sensors, and threat intelligence subscriptions, then discover that the…
6 min read5 sections
Cyber Resilience: Staying Operational When Defenses Fail
For years, the unspoken goal of security teams was to build a wall so tall and so thick that nothing could ever get over it.
6 min read6 sections
Cybersquatting: Registering Domains to Exploit Someone Else’s Brand
Most people assume the internet has a landlord — that if a company is called Acme, then acme.com automatically belongs to Acme. It doesn’t.
5 min read6 sections
Dark Web vs. Deep Web: What They Are and Why the Difference Matters
Almost every security awareness deck gets this wrong. It shows an iceberg: a sliver of “surface web” above the waterline and a menacing “dark web” lurking below, full of hackers and stolen…
6 min read6 sections
Exposure Management: Seeing Your Attack Surface the Way Attackers Do
Most security teams still measure their work in vulnerabilities patched. It feels productive: a scanner spits out ten thousand findings, you close a few thousand, and the dashboard turns a…
6 min read6 sections
Identity Protection: Defending the Credentials Attackers Want Most
Ask most people what identity protection means and they’ll picture a service that watches for someone opening a credit card in their name.
6 min read5 sections
Types of Malware: A Practical Field Guide to Malicious Software
Most people picture malware as a single thing: a “virus” that pops up a scary message and slows your computer down. That mental model is decades out of date.
6 min read5 sections
What Is a Cyber Attack? How Digital Intrusions Actually Work
Most people picture a cyber attack as a lone hacker in a hoodie furiously typing green text until a “ACCESS GRANTED” banner flashes. The reality is far more mundane and far more dangerous.
6 min read5 sections
What Is Social Engineering? How Attackers Hack People, Not Machines
Most people picture a hacker as someone hunched over a keyboard, cracking encryption and exploiting obscure software bugs.
6 min read6 sections
Zero Trust Security: Never Trust, Always Verify
For decades, network security worked like a medieval castle. You built a strong perimeter — firewalls, VPNs, a DMZ — and anything inside that wall was treated as friendly.
6 min read6 sections
Incident Response Management
2 articlesEssentials of Cyber Crime Investigation: How Digital Cases Are Actually Solved
Most people picture a cyber crime investigation as someone furiously typing in a dark room while progress bars race across the screen. The reality is closer to accounting than to hacking.
6 min read7 sections
Ransomware Response: A Practical Field Guide for the First 72 Hours
The most damaging mistake in a ransomware incident is not the initial breach. It is the reaction.
6 min read5 sections
Integrations
1 articleIntelligence Sources Collection
6 articlesDNS History: Reading a Domain’s Paper Trail
A DNS lookup answers a simple question: where does this domain point *right now*? That single word — “now” — hides one of the most useful blind spots in everyday infrastructure work.
6 min read6 sections
Information Gathering: How Attackers and Defenders Map a Target
Ask most people what a cyberattack looks like and they picture the exploit: a payload firing, a shell popping open, data pouring out.
6 min read7 sections
Social Media Threat Intelligence: Listening Where Attackers Talk
Most people think of social media as a place for vacation photos and arguments about sports. Threat actors see it differently.
6 min read6 sections
The OSINT Framework: A Map of Open-Source Intelligence Tools
When people first hear “OSINT Framework,” they often imagine a piece of software you install and run, like a scanner or a hacking suite. It isn’t.
6 min read6 sections
Threat Intelligence Feeds: Turning Raw Data Into Defensive Signal
There is a persistent myth in security operations that buying a threat intelligence feed makes you meaningfully safer. It rarely does — at least not on its own.
6 min read5 sections
Threat Intelligence Sources: Where Your Visibility Actually Comes From
Ask most people what “threat intelligence” is and they picture a feed of malicious IP addresses being piped into a firewall.
6 min read6 sections
Legal Ethical Considerations
3 articlesRansomware Regulations: What Enterprises Need to Know
Most companies discover ransomware regulations at the worst possible moment: at 2 a.m., with production servers encrypted, a ransom note on every screen, and a lawyer on the phone asking…
7 min read7 sections
Security Theater: When Safety Is Just a Performance
Walk through almost any airport and you will see it: passengers removing their shoes, surrendering water bottles, and shuffling through scanners while a queue of hundreds bunches up in an…
6 min read6 sections
Security Through Obscurity: When Hiding Helps and When It Hurts
Ask a room full of engineers about “security through obscurity” and you will usually get a reflexive sneer.
6 min read6 sections
Risk Assessment Management
6 articlesSupply Chain Threats: The Attacks You Inherit From Someone Else’s Code
Most teams spend enormous energy defending the front door — patching their own servers, hardening their own applications, training their own people.
6 min read5 sections
Third Party Cyber Risk Management: Securing the Vendors You Depend On
Most organizations spend enormous effort hardening their own perimeter, patching their own servers, and training their own staff, and then hand a copy of their most sensitive data to a…
7 min read8 sections
Third Party Risk Monitoring: Watching the Vendors You Can’t Control
Most serious breaches in the last few years did not start with someone kicking down the front door of the victim.
6 min read6 sections
Third-Party Risk Assessment: Knowing Where Your Real Attack Surface Ends
Most organizations spend enormous effort hardening the systems they own and almost none thinking about the systems they merely depend on. That is backwards.
6 min read5 sections
Vendor Risk Management Frameworks: Turning Third-Party Trust Into a Repeatable Process
Most organizations don’t get breached because of a flaw in their own code. They get breached because a payroll processor, a marketing analytics plugin, or an HVAC contractor with network…
6 min read6 sections
Vendor Risk Management: Securing the Suppliers You Can’t See
Most security teams spend the bulk of their budget hardening infrastructure they own: their own servers, their own endpoints, their own code.
6 min read5 sections
Threat Actors
2 articlesCybercriminals: How Financially Motivated Attackers Operate and How to Stop Them
The image most people carry of a cybercriminal—a hooded loner hammering away at a keyboard in a dark basement—is almost entirely wrong. Modern cybercrime is a service economy.
6 min read7 sections
Know Your Adversary: The Main Types of Threat Actors
Ask most people to picture a “hacker” and they’ll describe a hooded figure in a dark room, furiously typing to break into a bank. It’s a persistent image, and it’s almost entirely wrong.
6 min read5 sections
Threat Analysis
2 articlesRed Team vs Blue Team: Two Sides of the Same Security Coin
There is a persistent myth that buying the right stack of security products makes an organization secure.
6 min read6 sections
The Cyber Kill Chain: How Attacks Unfold and Where to Break Them
Most people imagine a cyberattack as a single dramatic moment: a hacker hits enter, and suddenly the data is gone. The reality is far less cinematic and far more useful to understand.
6 min read7 sections
Threat Analysis Techniques
2 articlesGoogle Dorks: Turning a Search Box into a Reconnaissance Tool
Most people assume that if something is exposed on the internet but not linked from anywhere, it’s effectively hidden.
6 min read5 sections
Threat Intelligence Analysis: Turning Raw Data Into Decisions
Ask ten security teams what “threat intelligence” means and you will get ten different answers, and most of them will be wrong in the same way.
6 min read6 sections
Tools and Techniques
4 articlesBanner Grabbing: Reading What Services Tell You About Themselves
There is a persistent myth that reconnaissance requires exotic exploits or expensive tooling. In practice, some of the most useful information an attacker or defender can gather comes from…
6 min read7 sections
DNS Enumeration: Mapping an Organization Through Its Name Records
Most people think of DNS as the internet’s phone book — a quiet background service that turns example.com into an IP address so your browser knows where to go.
6 min read6 sections
DNSSEC Explained: How Cryptographic Signatures Keep DNS Honest
Every time you visit a website, send an email, or open an app, your device quietly asks the Domain Name System a simple question: “What is the IP address for this name?” The answer comes…
6 min read6 sections
Nmap Scan Techniques: A Practical Command Guide
Most people meet Nmap the same way: someone tells them to “just run a scan,” they type nmap followed by an IP address, and a wall of ports scrolls past.
6 min read7 sections
Tools and Technologies
4 articlesMISP: Turning Scattered Threat Data Into Shared Defense
Most security teams already have threat intelligence. It just lives in the wrong places: a spreadsheet of malicious IPs a colleague emailed around, a PDF report from a vendor, a handful of…
5 min read6 sections
MITRE ATT&CK: A Shared Language for How Attackers Actually Operate
Ask two security teams to describe the same breach and you’ll often get two incompatible stories.
5 min read5 sections
The Practical OSINT Toolkit: Gathering Intelligence from Open Sources
People often imagine intelligence gathering as something involving hidden cameras and shadowy sources.
6 min read4 sections
Threat Intelligence Frameworks: Turning Raw Feeds into Decisions
Most teams that say they “do threat intelligence” are really just subscribing to feeds. They pipe a few thousand malicious IPs and domains into a firewall, watch the block count tick up…
6 min read6 sections
Vulnerability Management Threat Hunting
5 articlesAttack Surface Explained: Every Way In, and How to Shrink It
Most people picture a breach as a hacker “breaking through the firewall,” as if an organization has a single front door with a lock on it. Reality is messier and far more interesting.
6 min read7 sections
Attack Surface Monitoring: Keeping Watch Over What Attackers Can See
Most breaches don’t start with a genius exploit. They start with something nobody remembered was there: a forgotten staging server, an S3 bucket someone spun up for a demo three years ago…
6 min read6 sections
Fingerprinting in Cybersecurity: How Systems Give Themselves Away
Every machine on a network has a habit of talking about itself. A web server announces its software version in an HTTP header, an operating system stamps its TCP packets with a distinctive…
6 min read6 sections
Front-End Security: Where the Browser Becomes the Battleground
There is a comfortable myth in software teams that security is something the back end handles. The API validates, the database enforces constraints, the WAF filters the ugly stuff, so the…
6 min read7 sections
Where to Practice Hacking Legally: Deliberately Vulnerable Websites for Pentest Training
There’s a persistent myth among people learning offensive security that the fastest way to get good is to poke at real, live websites and “see what happens.” It’s a fast way to get good…
6 min read5 sections
