Posts

New Domain Name Is Live

Earlier, I was using the default Blogspot subdomain for my blog. Recently, I came to know that the GitHub Student Developer Pack offers free domain names to students for a limited period through its partners. So I decided to take advantage of it. I applied for the GitHub Student Developer Pack using my university ID, and within about 72 hours my application was approved. After that, I explored the available domain providers and chose Name.com . I searched for the domain: cyberwithpriyanshu.live and successfully claimed it for free. This was not my first choice — I originally wanted a .tech domain — but for now, this works perfectly and gives my blog a more professional identity than the default Blogspot URL. Now my blog is accessible through a custom domain , which is a big step forward for branding and long-term growth. Why This Matters A custom domain looks more professional It is easier to share and remember It helps in building a consistent personal brand It can be u...
Post a Comment
Read more

Subdomain Enumeration: Finding the Hidden Attack Surface

Image
For a penetration tester, one very common question is: How do we find subdomains, and how can they be used during penetration testing? Before jumping directly into subdomains, it’s important to remember that we have already discussed domain names in earlier posts. Why Subdomains Matter Let’s take a simple example. Suppose you register on a bug bounty platform like Bugcrowd. There, you’ll find multiple bug bounty programs, and each program clearly defines: rules of engagement in-scope targets out-of-scope targets Most of the time, organizations list their targets like this: *.example.com Here, the * represents all subdomains of example.com . Even a small organization can have dozens or even hundreds of subdomains — for development, testing, admin panels, APIs, legacy systems, etc. So the real question becomes: How do we discover these subdomains? How to Find Subdomains There are many tools available for subdomain enumeration. Broadly, they fall into two categories: CLI-...
Post a Comment
Read more

How to Trace an Email: The Real Guide to Finding an IP Address

Image
Recently, I was watching a crime investigation show where an officer received an email from a criminal. One of his colleagues immediately said: “Check the IP address of the email.” That line alarmed me ⏰. Is it really possible to find the IP address of an email sender? And if yes, how useful is it in real life? I went searching for answers — and what I found was more interesting (and more limited) than TV shows make it look. Why Track an IP Address from an Email? Knowing how to analyze an email’s origin can help in: Identifying the approximate sender location Verifying suspicious or spoofed emails Detecting phishing attempts Understanding email authentication and routing This is especially useful in cybersecurity investigations , not for exact tracking. Where Does the IP Address Come From? The IP address (if available) is found inside the email header . Email headers contain metadata that describes how an email traveled from the sender to the recipient. How to View Em...
Post a Comment
Read more

From First Release to Better Release: Confronting My Tool’s Flaws

Image
In December 2025, I built and published a username reconnaissance tool on GitHub and PyPI. Along with that, I also shared the tragedy-cum-comedy story of how the tool was developed and finally published. For the past month, I was away from tool development and core cybersecurity studies due to some personal reasons. But this week, I decided to revisit the project and test it again. And that’s when reality hit 😅. During testing, I was able to identify numerous problems in the tool. Obviously, these issues were not visible at the beginning  because at that time, everything felt like a eureka moment . What Should an Engineer Do When Problems Appear? The obvious answer is: fix them. But engineering is not about solving all problems at once. The real philosophy is: " Solve one problem properly, then move to the next. Eventually, you conquer Everest 😎 ."  Problem #1: Platform Selection The first issue I wanted to solve was lack of flexibility . Earlier, the tool...
Post a Comment
Read more

Building My Portfolio Website (Without Overthinking It)

Image
A portfolio is your personal website where you curate information about yourself and the work you have done. This is usually the first thing a recruiter, collaborator, or even a client asks for. Even I was asked to make my portfolio. Now, a portfolio is supposed to represent your work. Ideally, you would write the code yourself. But honestly, instead of spending days writing HTML and CSS, I just wanted to fill my details into something that already works. There are many tools available for this: WordPress Google Sites Vercel Wix You might like any of these. But in my case, I wanted to try something different. Using AI to Build the Portfolio So, I decided to use AI. I gave it a proper prompt describing what kind of portfolio I wanted. It gave me code. I checked it. It was not up to the mark. Then I gave another prompt. Still not good enough. This process repeated almost five times . At one point, it felt frustrating — but then I realized something important....
Post a Comment
Read more

What is SAM File and How it is used for penetration testing ?

Image
Windows stores local user credentials in a place most users never see, yet attackers, forensic analysts, and system administrators all rely on it. This component is known as the Security Accounts Manager (SAM) . Understanding how the SAM file works is essential for anyone learning Windows security, digital forensics, or incident response. In this post, we’ll break down what the SAM file is, what it contains, how it is protected, and why it matters from both defensive and forensic perspectives. What Is SAM? SAM (Security Accounts Manager) is a Windows database that stores credentials for local user accounts on a system. It contains information related to: local users groups password hashes account properties Windows never stores passwords in plain text. Instead, it stores cryptographic hashes derived from user passwords inside the SAM database. Location and Structure of the SAM File Primary Location C:\Windows\System32\config\SAM The SAM file is locked while Windows is ...
Post a Comment
Read more

Why IP address instead of MAC address ?

Image
At first glance, this question feels almost unnecessary. Both IP addresses and MAC addresses are unique identifiers. So why do we use IP addresses for communication across networks instead of MAC addresses? That curiosity pushed me to revisit some networking fundamentals — and the answer turns out to be surprisingly elegant. What Is a MAC Address? A MAC (Media Access Control) address is a unique hexadecimal identifier assigned to a network interface by the manufacturer. Key properties: Assigned at manufacturing time Works at the Data Link Layer (Layer 2) Intended for local network communication Flat addressing (no hierarchy) Although often called “hardcoded,” modern systems can spoof or change MAC addresses — but logically, they are still hardware-level identifiers . What Is an IP Address? An IP (Internet Protocol) address is a logical identifier assigned by: a network administrator, or automatically via DHCP Key properties: Works at the Networ...
Post a Comment
Read more