Security Intelligence

Research & Threat Intel

Field notes from the AxVeil red team — attack methodologies, compliance playbooks, and threat-intel breakdowns written for the engineers and CISOs who have to ship the fix.

13 articles/VAPT · cloud · compliance · APT/No fluff, all method

FeaturedSEBI CSCRFComplianceMay 2026

SEBI CSCRF — A Compliance Checklist for Regulated Entities

SEBI's 2024 Cyber Security and Cyber Resilience Framework decoded — scope, the five Anticipate-Withstand-Contain-Recover-Evolve principles, graded approach, VAPT cadence, and board reporting.

Read the analysis14 min read

RBIComplianceMay 2026

RBI Cyber Security Framework — A Compliance Checklist for Banks

RBI master direction, CERT-In six-hour reporting, NCIIPC obligations, SOC, VAPT cadence, and the board-level cyber committee — the full Indian banking stack in one place.

14 min readRead

CLOUDTechnicalMay 2026

AWS Penetration Testing Methodology — End-to-End Playbook

AWS customer-policy permissions, Pacu/ScoutSuite/CloudFox recon, IAM privilege escalation, IMDSv1 vs IMDSv2, EKS pod-to-cluster pivots, and EBS snapshot exfiltration.

16 min readRead

OWASPGuideApr 2026

OWASP Top 10 2026 — A Practical Checklist for Engineering Teams

Refreshed for the 2026 release. Concrete remediation patterns, sample exploits, and CI test coverage notes for each category.

13 min readRead

DPDP ACTComplianceApr 2025

Penetration Testing Under India's DPDP Act 2023 — What CISOs Must Know

India's Digital Personal Data Protection Act 2023 mandates robust security controls for data fiduciaries. Implement these controls before enforcement begins.

9 min readRead

APTThreat IntelMar 2025

Lazarus Group: MITRE ATT&CK Techniques and Detection Patterns

Mapped TTPs the group uses against Indian and SE-Asian banking targets. Sigma rules, EDR queries, and SOC-ready detection logic.

15 min readRead

VAPTGuideMar 2025

VAPT vs. Penetration Testing — What's the Difference?

VAPT bundles automated vulnerability assessment with manual exploitation. When to choose each, what scope to expect, and how regulators read the difference.

8 min readRead

RED TEAMGuideMar 2025

Red Team vs. Penetration Test — How to Choose

Pentests find vulnerabilities. Red teams test detection. Picking wrong wastes money and gives you false assurance — here's the decision tree.

10 min readRead

SOC 2ComplianceFeb 2025

SOC 2 Type 1 vs Type 2 — Which One Buyers Actually Want

Type 1 ships fast. Type 2 wins enterprise deals. The trade-off in observation period, audit cost, and revenue unlock.

7 min readRead

PCI DSSComplianceFeb 2025

PCI DSS v4.0 — The 2025 Mandatory Changes Most Teams Missed

Targeted risk analysis, custom controls, MFA-on-everything. The new requirements that go from 'best practice' to 'audit failure' on 1 April 2025.

11 min readRead

BUG BOUNTYGuideFeb 2025

Bug Bounty vs. Penetration Test — Which Buys You More Security?

They cover different attack surfaces and reach different attackers. Run both, but in the right order — here's the playbook.

9 min readRead

NUCLEITechnicalJan 2025

Nuclei Templates Explained — Writing Custom Security Checks

How the YAML DSL maps to HTTP/DNS/TCP probes. Build a template that detects your stack's CVEs in under 50 lines.

12 min readRead

TIBER-EUComplianceJan 2025

TIBER-EU Framework — Threat-Led Penetration Testing for European Financial Entities

DORA mandates threat-led red teaming. The TIBER-EU framework defines how. The threat-intel scoping, white-team coordination, and reporting flow.

14 min readRead

Get Research in Your Inbox

Monthly threat intelligence digest. No spam, unsubscribe anytime.