Stay Sharp.
Hack Smarter.
Real offensive security techniques for pentesters, bug bounty hunters, and OSCP aspirants. No fluff. Just actionable knowledge.
What You'll Get
No endless payloads. Just practical tactics you'll actually use when auditing real systems. Each week, get actionable insights from real offensive security work.
Real-World Techniques
Tactics you'll remember and reuse in actual pentests and CTFs
Tools & Tactics
Latest tools, hacker mindset, and methodology breakdowns
Multi-Domain Coverage
Web2/Web3, mobile hacking, Active Directory, and more
Sunday Security Drops
Weekly newsletter delivered every Sunday to your inbox
Join the Community
Subscribe and level up your offensive security skills
📰 Newsletter Archive
Explore all previous newsletter editions with weekly offensive security insights
XXE Injection: When XML Parsers Become Your Worst Enemy
From basic file disclosure to blind out-of-band exfiltration: a practical guide to finding and exploiting XXE vulnerabilities
NTLM Relay: Why Authentication in AD is Still Broken
How to force machines to authenticate to you, relay their credentials, and take over domains
CSP for Pentesters: Understanding the Fundamentals
Understanding the basics and spotting weak configurations
Hardware Security Modules: The Fortress Guarding Blockchain's Crown Jewels
How exchanges and institutions actually protect billions in crypto assets
Predictable Contracts: Understanding CREATE and CREATE2 in Ethereum
How deterministic addresses unlock powerful features and subtle attack vectors auditors should never overlook.
The Day an Email Broke Single Sign-On
Exploiting weak email validation in OAuth2 SSO
Taming the Beast: Practical Code Review with Security Tools
From endless lines of code to streamlined reviews with TruffleHog, CodeQL, and Trivy.
Bypassing Cloud Firewalls: Size Does Matter
Bypassing Akamai, CloudFront & Cloudflare with oversized requests.
ERC-20s in the Wild: Why Vanilla Assumptions Breaks
When ERC-20s Don’t Play Nice
Breaking Mobile-to-Device Logic: When BLE Access Falls Apart
Mobile apps that unlock doors might seem secure — until you replay a BLE packet, go offline, or bypass the logic entirely.
Reversing Android Apps: Bypassing Detection Like a Pro
Techniques to bypass root, Frida, and SSL protections in modern Android apps
When Web3 Withdrawals Meet Web2 Logic
How classic backend bugs like race conditions and IDORs still break Web3 withdrawal flows today
Cracking the iOS Keychain: What It Protects, Where It Fails
iOS Keychain 101: What It Is and How to Hack It
Android Keystore: Fort Knox or Glass Box?
Breaking and Defending Android’s Key Vault
Active Directory Enumeration: Mapping the Kingdom Before the Siege
Usernames, sessions and hidden privilege paths: uncovering the domain’s true structure
Biometric Authentication: Pretty Face, Weak Shield?
How biometric checks fool developers and how you can fool them back.
The Anatomy of a JWT Hack
JWTs: Small Tokens, Big Mistakes
🐙 Hacking GitHub – A Beginner’s Guide to Finding the (Not So) Hidden Stuff
Learn how exposed .git folders, sloppy commits, and forgotten tokens can turn a dev's mistake into your recon goldmine.
Inside the Request: From Basic SSRF to Internal Takeover
A practical guide to finding and exploiting SSRF vulnerabilities in modern applications.
Breaking Flutter: A Pentester’s Guide to Dart, Snapshots, and TLS Bypasses
Real-world techniques and tools for reversing Flutter apps, bypassing TLS pinning, and understanding how Dart code gets shipped in production.
Kerberos Tactics Every Pentester Should Know
A hands-on guide to the most effective Kerberos attacks in Active Directory environments
First Issue – Let’s Go
First Newsletter!
Frequently Asked Questions
Everything you need to know about Kayssel's newsletter
When is the newsletter published?
The newsletter is published every Sunday. You'll receive fresh offensive security content to start your week with updated knowledge.
What type of content does it include?
Each edition varies—it might cover hacking techniques I've been exploring, useful tips I've discovered, interesting tools, or insights that could be valuable for offensive security practitioners. Every newsletter brings something different based on what I'm learning and testing.
Is it free?
Yes, Kayssel's newsletter is 100% free. Just subscribe with your email and you'll start receiving quality content every Sunday.
Can I unsubscribe anytime?
Absolutely. Every email includes an unsubscribe link. You can opt out at any time with no hassle.
Who is this newsletter for?
For pentesters, bug bounty hunters, OSCP students, and anyone interested in offensive security who wants to stay updated with practical and actionable techniques.