<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Virtue Of Vague</title><link>https://virtueofvague.com/mindsecset/</link><description>Recent content on Virtue Of Vague</description><generator>Hugo -- gohugo.io</generator><language>en</language><managingEditor>prakashpayyanagoudar@gmail.com (Virtue of Vague)</managingEditor><webMaster>prakashpayyanagoudar@gmail.com (Virtue of Vague)</webMaster><copyright>© 2026 Virtue of Vague</copyright><lastBuildDate>Wed, 01 Jul 2026 10:00:00 +0530</lastBuildDate><atom:link href="https://virtueofvague.com/mindsecset/index.xml" rel="self" type="application/rss+xml"/><item><title>Claude everywhere — desktop, code, slack, excel, chrome</title><link>https://virtueofvague.com/posts/ai-series-17/</link><pubDate>Wed, 01 Jul 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-17/</guid><description> AI Series · post 17 of 18 series index → Claude.ai is just one door into the same intelligence. there are several others worth knowing.
same Claude underneath. different interfaces built around different types of work. knowing which one to reach for — and when — is what separates occasional use from a genuine workflow upgrade.
the desktop app — three modes, one install # the Claude desktop app gives you three distinct ways to work depending on what the task needs.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-17/featured.svg"/></item><item><title>Claude meets your tools — connectors and enterprise search</title><link>https://virtueofvague.com/posts/ai-series-15/</link><pubDate>Wed, 01 Jul 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-15/</guid><description> AI Series · post 15 of 18 series index → Claude is only as useful as the context it has. connectors solve that.
without connectors, you’re manually bridging the gap — copy pasting emails, uploading documents, re-explaining your tools every conversation. connectors remove that friction. Claude works directly with your actual data, in the tools you already use.
what connectors are # connectors link Claude to external services and applications. instead of starting every conversation from scratch, Claude can read, search, and in some cases act within your connected tools.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-15/featured.svg"/></item><item><title>from open to actually useful — a SOC analyst's guide to Claude</title><link>https://virtueofvague.com/posts/ai-series-12/</link><pubDate>Wed, 01 Jul 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-12/</guid><description> AI Series · post 12 of 18 series index → everyone has Claude open. almost no one is using it well.
and i was no different. open a tab, ask a question, copy the answer, close the tab. repeat. that’s not working with Claude. that’s just a fancier search engine.
it took me actually sitting down and learning the tool properly to realise how much i was leaving on the table.
two ways to use Claude FANCIER SEARCH ENGINE one question per tab starts blank every time copy. close. repeat. leaving value on the table → THINKING PARTNER knows your context iterates with you moves at your pace working with Claude same tool. different relationship. why this matters for SOC analysts specifically # we deal with information overload every single day. 40 open investigations. alert queues that never empty. context switching every 20 minutes. documentation that’s always behind.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-12/featured.svg"/></item><item><title>how to actually talk to Claude — and get something useful back</title><link>https://virtueofvague.com/posts/ai-series-13/</link><pubDate>Wed, 01 Jul 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-13/</guid><description> AI Series · post 13 of 18 series index → most people treat their first Claude prompt like a google search. that’s where it goes wrong.
google is built for keywords. Claude is built for context. the more you give it, the better it performs. one line in, one line out — you’re not using it, you’re just testing it.
what Claude actually is # not a chatbot. not a search engine. a thinking partner.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-13/featured.svg"/></item><item><title>Research mode — when Claude stops answering and starts investigating</title><link>https://virtueofvague.com/posts/ai-series-16/</link><pubDate>Wed, 01 Jul 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-16/</guid><description> AI Series · post 16 of 18 series index → most Claude features save you time. Research mode saves you hours.
not an exaggeration. tasks that would take a morning of tab switching, source hunting, and synthesis — done in 5 to 45 minutes. comprehensive, cited, structured. this is the feature that changes how you approach deep work.
what Research mode actually is # not a web search. not a quick lookup. systematic investigation.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-16/featured.svg"/></item><item><title>stop starting from scratch — organising your work in Claude</title><link>https://virtueofvague.com/posts/ai-series-14/</link><pubDate>Wed, 01 Jul 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-14/</guid><description> AI Series · post 14 of 18 series index → Claude has a memory problem. Projects fix it.
every new chat starts blank. no context. no history. no understanding of who you are or what you’re working on. if you’re re-explaining yourself every single conversation — that’s the problem. Projects, Artifacts, and Skills are how you solve it.
Projects — your persistent workspace # a Project is a self-contained workspace with its own memory, knowledge base, and instructions. everything Claude needs to understand your work — already loaded before you type a single word.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-14/featured.svg"/></item><item><title>from noise to meaning — the quiet revolution in AI</title><link>https://virtueofvague.com/posts/ai-series-11/</link><pubDate>Wed, 24 Jun 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-11/</guid><description> AI Series · post 11 of 12 series index → every AI generated image you’ve seen started as pure noise.
not a rough sketch. not a blurry draft. literal random noise. static. and then, step by step, something meaningful emerged from it.
that’s diffusion. and it’s behind deepfakes, synthetic media, AI generated phishing assets, and some of the most realistic fake content circulating right now.
the core idea # how diffusion models work FORWARD — adding noise clean image x₀ → + noise xₜ₋₅ → more noise xₜ₋₂ → pure noise xₜ REVERSE — neural network removes noise step by step TRAINED NEURAL NETWORK predict and subtract noise at each step learn to destroy. then learn to create. that's diffusion. diffusion models learn by studying destruction.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-11/featured.jpg"/></item><item><title>the AI everyone is talking about — how does it actually work</title><link>https://virtueofvague.com/posts/ai-series-10/</link><pubDate>Wed, 17 Jun 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-10/</guid><description> AI Series · post 10 of 12 series index → you’ve used it. you’ve been impressed by it. you probably don’t know how it works.
that’s fine. most people don’t. but as a security professional — understanding what’s under the hood matters. because attackers already do.
generative AI — the concept # previous posts covered AI that classifies, detects, predicts. generative AI does something different — it creates.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-10/featured.jpg"/></item><item><title>how AI sees images and reads sequences — two tools, one post</title><link>https://virtueofvague.com/posts/ai-series-9/</link><pubDate>Wed, 10 Jun 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-9/</guid><description> AI Series · post 9 of 12 series index → not all data looks the same. images are grids. logs are sequences. deep learning has a different tool for each.
feed an image into a standard neural network — it loses all spatial information. feed a log sequence into one — it loses all temporal context. wrong tool, wrong result.
two architectures were built to solve this. CNNs for grids. RNNs for sequences.
CNNs — convolutional neural networks # built for grid-like data. images, screenshots, binary visualisations.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-9/featured.jpg"/></item><item><title>the brain analogy everyone uses — here's what it actually means</title><link>https://virtueofvague.com/posts/ai-series-8/</link><pubDate>Wed, 03 Jun 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-8/</guid><description> AI Series · post 8 of 12 series index → deep learning is the reason AI got dramatically better. not magic. architecture.
same data. same computers. different structure. suddenly image recognition works. speech recognition works. threat detection gets dramatically more accurate. the architecture changed everything.
let’s look inside.
the perceptron — where it started # smallest unit of a neural network. one decision maker.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-8/featured.jpg"/></item><item><title>learn by doing — how AI figures things out the hard way</title><link>https://virtueofvague.com/posts/ai-series-7/</link><pubDate>Wed, 27 May 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-7/</guid><description> AI Series · post 7 of 12 series index → how do you learn to drive? not from a textbook. from doing it, failing, adjusting.
nobody handed you a perfect rulebook. you got in the car, made mistakes, got feedback, improved. over time your decisions got better because the feedback loop worked.
reinforcement learning is exactly that. an algorithm that learns by doing.
this one is genuinely new territory for most SOC analysts. no shortcuts here. let’s build it properly.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-7/featured.jpg"/></item><item><title>Copy Fail (CVE-2026-31431): A Four‑Byte Linux Kernel LPE Hidden for Nine Years</title><link>https://virtueofvague.com/posts/copy-fail-cve/</link><pubDate>Tue, 26 May 2026 13:40:43 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/copy-fail-cve/</guid><description>Executive Summary # CVE-2026-31431 – a high‑severity local privilege escalation (LPE) in the Linux kernel – was disclosed on April 29, 2026. Nicknamed “Copy Fail”, it allows any unprivileged local user to gain root access on almost every Linux distribution since 2017.
A 732‑byte Python PoC exists. The exploit is reliable, requires no race conditions or offset guessing, and works on Ubuntu, Amazon Linux, RHEL, SUSE, and others.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/copy-fail-cve/featured.jpg"/></item><item><title>this is literally what your SIEM does — now let's understand it</title><link>https://virtueofvague.com/posts/ai-series-6/</link><pubDate>Wed, 20 May 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-6/</guid><description> AI Series · post 6 of 12 series index → your SIEM doesn’t know what an attack looks like. it knows what normal looks like.
everything else is an anomaly.
that’s the entire foundation of modern threat detection. not rules. not signatures. a learned baseline of normal behaviour — and a flag when something deviates from it.
you’ve been working on top of this every day. let’s look inside.
three types of anomalies # not all anomalies are equal. understanding the type helps you triage faster.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-6/featured.jpg"/></item><item><title>no labels, no problem — finding patterns in the chaos</title><link>https://virtueofvague.com/posts/ai-series-5/</link><pubDate>Wed, 13 May 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-5/</guid><description> AI Series · post 5 of 12 series index → some threats don’t come with a label. that’s where unsupervised learning lives.
supervised learning needs examples. labelled data. known outcomes. but what about a zero day? a novel attack technique? behaviour you’ve never seen before and have no label for?
you can’t train a model on what you don’t know exists. unsupervised learning handles exactly that.
the concept # no labels. no predefined categories. just raw data and an algorithm looking for structure.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-5/featured.jpg"/></item><item><title>drawing the line — how machines separate threats from noise</title><link>https://virtueofvague.com/posts/ai-series-4/</link><pubDate>Wed, 06 May 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-4/</guid><description> AI Series · post 4 of 12 series index → classification is easy when the data is clean. it never is.
in the real world — malicious and benign behaviours overlap. a legitimate admin running powershell looks a lot like an attacker doing the same. a user downloading a large file looks a lot like data exfiltration. the line between threat and noise is rarely clean.
SVMs were built exactly for this problem.
the core idea # SVM — support vector machine — finds the optimal line that separates two classes. not just any line. the one with the maximum margin between the closest points of each class.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-4/featured.jpg"/></item><item><title>your SOC playbook is literally a decision tree</title><link>https://virtueofvague.com/posts/ai-series-3/</link><pubDate>Wed, 29 Apr 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-3/</guid><description> AI Series · post 3 of 12 series index → every escalation decision you make follows a pattern. machines do it too.
is this alert high severity? yes — escalate. is the IP external? yes — check threat intel. is there lateral movement? yes — page the IR team.
you’ve been running a decision tree in your head every single shift. the algorithm just formalises it.
decision trees — the concept # a decision tree splits data into branches based on questions. at each node, it asks the most useful question. keeps splitting until it reaches a conclusion — a leaf node.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-3/featured.jpg"/></item><item><title>How a Fake Teams Meeting Took Down One of npm's Most Trusted Packages</title><link>https://virtueofvague.com/posts/Axios_Threat/</link><pubDate>Thu, 23 Apr 2026 13:40:43 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/Axios_Threat/</guid><description>On March 30, 2026, one of the most downloaded JavaScript packages on the internet was weaponized against the developers who trusted it most. The Axios npm supply chain attack wasn’t a sophisticated zero-day or a brute-force credential attack. It started with a fake Slack workspace and a Microsoft Teams call.
Here’s what happened, why it matters, and what defenders should take away.
What Is Axios? # If you’ve ever built a web application in JavaScript, there’s a very good chance Axios touched your code. It’s a promise-based HTTP client used to make API requests in both browsers and Node.js — downloaded over 300 million times weekly on npm. It’s the kind of package that’s so ubiquitous, most developers don’t even think about it. That trust is exactly what the attacker exploited.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/Axios_Threat/featured.jpg"/></item><item><title>teaching machines with examples — like training a junior analyst</title><link>https://virtueofvague.com/posts/ai-series-2/</link><pubDate>Wed, 22 Apr 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-2/</guid><description> AI Series · post 2 of 12 series index → here’s something you already do at work without realising it.
every malware sample you label. every alert you close as true positive or false positive. every ticket you tag as phishing or legitimate — you’re creating labelled data. and labelled data is exactly how supervised learning works.
you’ve been doing this. you just didn’t have a name for it.
supervised learning — the concept # feed a machine enough labelled examples, it learns the pattern. show it 10,000 emails — spam and not spam — it figures out what separates them. then it classifies new emails on its own.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-2/featured.jpg"/></item><item><title>AI, ML, deep learning — same thing? not quite</title><link>https://virtueofvague.com/posts/ai-series-1/</link><pubDate>Wed, 15 Apr 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-1/</guid><description> AI Series · post 1 of 12 series index → three terms. endless confusion. let’s fix that.
every vendor, every job posting, every threat intel report throws these around interchangeably. AI-powered detection. machine learning model. deep learning engine. sounds impressive. means nothing if you can’t tell them apart.
so let’s untangle this once and for all.
AI — the big umbrella # artificial intelligence is the broad goal — building systems that can do things that normally require human intelligence. reasoning, decision making, pattern recognition.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-1/featured.jpg"/></item><item><title>why a soc analyst is learning AI (and why you should too)</title><link>https://virtueofvague.com/posts/ai-series-0/</link><pubDate>Wed, 08 Apr 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-series-0/</guid><description> AI Series · post 0 of 12 series index → so i was thinking about something.
i spend most of my day staring at alerts. triaging. correlating. escalating. repeat. and somewhere between the 40th investigation and the third cup of chai, i realised — the tools i use every day are powered by technology i barely understand.
anomaly detection. behavioural analysis. threat scoring. all AI under the hood.
and i’m the analyst on top of it, making decisions, without knowing what’s happening underneath.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-series-0/featured.jpg"/></item><item><title>still figuring out AI, one post at a time</title><link>https://virtueofvague.com/posts/ai-fundamentals/</link><pubDate>Wed, 01 Apr 2026 10:00:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ai-fundamentals/</guid><description>a series for SOC analysts learning AI from the ground up.
twelve posts. one concept per post. short reads. built for people who work on top of AI systems every day and want to understand what’s underneath.
ONE CONCEPT AT A TIME AI FUNDAMENTALS — 12 POSTS ML, deep learning, anomaly detection, reinforcement learning, LLMs, diffusion CLAUDE 101 — 6 POSTS prompting, Projects, connectors, Research mode, Claude everywhere no PhD required — just a SOC analyst, one concept at a time. # post 0 why a soc analyst is learning AI (and why you should too) 1 AI, ML, deep learning — same thing? not quite 2 teaching machines with examples — like training a junior analyst 3 your SOC playbook is literally a decision tree 4 drawing the line — how machines separate threats from noise 5 no labels, no problem — finding patterns in the chaos 6 this is literally what your SIEM does — now let’s understand it 7 learn by doing — how AI figures things out the hard way 8 the brain analogy everyone uses — here’s what it actually means 9 how AI sees images and reads sequences — two tools, one post 10 the AI everyone is talking about — how does it actually work 11 from noise to meaning — the quiet revolution in AI Claude 101 # six posts on actually using Claude — prompting, Projects, connectors, Research mode, and more. built on Anthropic’s Claude 101 course, filtered through a SOC analyst’s lens.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ai-fundamentals/featured.jpg"/></item><item><title>6 hours, 20 challenges, one SOC analyst</title><link>https://virtueofvague.com/posts/ceh-series-7/</link><pubDate>Wed, 11 Mar 2026 12:25:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-7/</guid><description> CEH Notes · post 7 of 8 series index → an honest debrief after the exam
The exam ended, and I just sat there.
Six hours. Twenty challenges. A closed room with Bangalore traffic still filtering through the window. My eyes were dry. My brain felt like it had been wrung out. But I wasn’t panicked. I wasn’t celebrating. I was just… empty, in a calm way.
I scored 16/20.
Not perfect. Not a failure. A score that felt, honestly, about right for someone who came in as a defender and learned to think like an attacker for six hours.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-7/featured.png"/></item><item><title>hiding in plain sight — stego and crypto</title><link>https://virtueofvague.com/posts/ceh-series-6/</link><pubDate>Mon, 02 Mar 2026 15:10:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-6/</guid><description> CEH Notes · post 6 of 8 series index → steghide, veracrypt, and the flags that don’t look like flags
If you’d asked me before the exam which module I was least excited about, I’d have said stego and crypto. Not because it’s useless. Because it felt… niche. Like a puzzle box inside a hacking exam.
Then the exam gave me an image. Just a normal JPEG. No obvious connection to anything. And I had to figure out what was inside.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-6/featured.png"/></item><item><title>web attacks: SQLi, XSS, and why they still work</title><link>https://virtueofvague.com/posts/ceh-series-5/</link><pubDate>Sat, 21 Feb 2026 09:40:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-5/</guid><description> CEH Notes · post 5 of 8 series index → sqlmap, burp, and the simple injection I nearly missed
If you’ve done any CTF or lab, you know web attacks are the bread and butter. CEH Practical is no different. Web applications show up repeatedly—login forms, search boxes, file uploads, admin panels. It’s the easiest place to lose time, and the easiest place to find a flag hiding in plain sight.
I learned that the hard way. Let me tell you about a login form that nearly wasted 20 minutes of my life.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-5/featured.png"/></item><item><title>what exploitation actually looks like</title><link>https://virtueofvague.com/posts/ceh-series-4/</link><pubDate>Thu, 12 Feb 2026 13:50:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-4/</guid><description> CEH Notes · post 4 of 8 series index → metasploit, shells, and the alarms you hope are set off
If recon is knocking on doors and scanning is testing the handle, exploitation is picking the lock. Or just walking through an open window someone forgot about.
In CEH Practical, exploitation is not about writing your own zero-days. It’s about recognising known vulnerabilities, selecting the right public exploit, and executing it cleanly under time pressure. For a SOC analyst, this is where theory meets the logs you’ve been staring at for years. You finally get to be the person generating those “CRITICAL” alerts, not just triaging them.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-4/featured.png"/></item><item><title>hashcat, hydra, and the art of credential attacks</title><link>https://virtueofvague.com/posts/ceh-series-3/</link><pubDate>Tue, 03 Feb 2026 10:20:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-3/</guid><description> CEH Notes · post 3 of 8 series index → brute force, hash cracking, and the login storms your SOC can’t ignore
Up to this point, we’ve been knocking on doors. Recon told us which doors exist. Scanning told us what’s behind them. Now we actually try the handle. Sometimes it’s locked. Sometimes someone left it open with a sticky note that says “password123.”
Credential attacks are where the exam—and real attacks—get loud. For a SOC analyst, this is often the first unambiguous “this is not normal” moment. For the attacker, it’s where you stop being a ghost.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-3/featured.png"/></item><item><title>scanning: the noise before the storm</title><link>https://virtueofvague.com/posts/ceh-series-2/</link><pubDate>Mon, 26 Jan 2026 16:45:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-2/</guid><description> CEH Notes · post 2 of 8 series index → enumeration, banners, and why your SOC is already blinking before the attack
After recon, you’ve got a list of open ports. 22, 80, 445, 3306, maybe 21. The exam screen sits there and your brain wants to start hacking immediately. But you can’t. Not yet. You have to know what you’re breaking into. Otherwise you’re just throwing exploits at the wall.
This is scanning—the phase between “what’s there” and “how do I get in.” For a SOC analyst, it’s also the phase where the noise starts.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-2/featured.png"/></item><item><title>recon looks different from both sides of the wire</title><link>https://virtueofvague.com/posts/ceh-series-1/</link><pubDate>Sat, 17 Jan 2026 11:05:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-1/</guid><description> CEH Notes · post 1 of 8 series index → nmap, OSINT, and the art of being loud without realising it
You sit down at the exam terminal. First task. You have an IP address and a domain name. The clock is ticking. Your brain is asking: what do I run first?
I froze there for a good two minutes. Not panicking — just caught between too many options. Nmap? Gobuster? theHarvester? Google dorking? Trial-and-error mode kicked in. And that’s exactly what I want to write about: why recon is both the easiest phase and the one that reveals your mindset. Especially if you’re a SOC analyst pretending to be an attacker.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-1/featured.png"/></item><item><title>SOC eyes, attacker hands: why a defender signs up for CEH</title><link>https://virtueofvague.com/posts/ceh-series-0/</link><pubDate>Fri, 09 Jan 2026 14:30:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-0/</guid><description> CEH Notes · post 0 of 8 series index → or: what I was thinking in a closed room in Bangalore, 6 hours of hacking ahead of me
I’ve never sat a 6-hour exam before.
College exams were three hours, pen and paper, you walk out. But 6 hours on a terminal, proctored, with 20 practical challenges waiting? That’s not an exam. That’s a small battle.
The room was closed. Bangalore traffic bled through the window anyway—horns, autos, a dog somewhere. And I sat there, staring at the login screen, repeating one thing:</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-0/featured.png"/></item><item><title>two sides of the wire — notes from CEH Practical</title><link>https://virtueofvague.com/posts/ceh-notes/</link><pubDate>Mon, 05 Jan 2026 09:15:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-notes/</guid><description>a series for defenders learning to think like attackers.
eight posts. every one pairs an attacker technique with what it actually generates — or doesn’t — on the SOC side. written after sitting the CEH Practical exam: 6 hours, 20 challenges, one closed room in Bangalore.
EVERY TECHNIQUE, BOTH SIDES OF THE WIRE ATTACKER TERMINAL recon, scanning, credential attacks, exploitation, web attacks, stego and crypto SOC SIGNAL what it actually generates — or doesn't — in the logs, the SIEM, and the alerts a defender actually sees 6 hours, 20 challenges, one closed room — written to bring the signal back with me. # post 0 SOC eyes, attacker hands: why a defender signs up for CEH 1 recon looks different from both sides of the wire 2 scanning: the noise before the storm 3 hashcat, hydra, and the art of credential attacks 4 what exploitation actually looks like 5 web attacks: SQLi, XSS, and why they still work 6 hiding in plain sight — stego and crypto 7 6 hours, 20 challenges, one SOC analyst</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-notes/featured.png"/></item><item><title>Hello, :)</title><link>https://virtueofvague.com/posts/welcome_to_mindsecset/</link><pubDate>Tue, 23 Dec 2025 20:50:14 +0000</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/welcome_to_mindsecset/</guid><description>Welcome to MindSecSet!!</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/welcome_to_mindsecset/featured.png"/></item></channel></rss>