Prabh Nair

Prabh Nair

Prabh Nair is a cybersecurity podcaster covering cyber risk, ransomware, incident response, SOC operations, GRC, AI security, threat intelligence, digital forensics, ISO 27001, CISSP, CISM, and security leadership. Built for SOC analysts, auditors, cybersecurity professionals, students, and business leaders, each episode delivers simple explanations, practical lessons, and real-world examples to help you stay ahead in the fast-changing cyber world. #CyberSecurity #InformationSecurity #CyberRisk #GRC #SOC #IncidentResponse #Ransomware #ThreatIntelligence #AISecurity #DigitalForensics

  1. 2 days ago

    Practical Purple Teaming in Action 2026

    What is Purple Teaming in Cybersecurity? In this podcast episode, Aditya Rai explains purple teaming in a practical, easy-to-understand way through real-world demonstrations using Splunk, Caldera, Atomic Red Team, Windows logging, and Sysmon.If you want to understand how red team and blue team collaboration improves threat detection, security monitoring, and detection engineering, this episode is for you. Aditya shares his journey into cybersecurity, explains why purple teaming matters, and shows how organizations can identify logging gaps, validate detections, and improve visibility across their environment.Resourceshttps://controlcompass.github.io/threat-modelhttps://www.securityblue.team/blog/posts/windows-logging-enhanced-visibility-guidehttps://caldera.mitre.orghttps://www.atomicredteam.ioIn this episode, you will learn: What purple teaming means in real-world cybersecurityThe difference between red team, blue team, and purple team activitiesHow Splunk helps with log collection, analysis, and alerting Why Windows logging and command-line visibility are critical for detectionHow PowerShell activity can be detected and analyzedHow Caldera and Atomic Red Team support adversary emulationWhy Sysmon is valuable for stronger detection and investigation How Windows event IDs and log codes support better threat analysisThis episode is valuable for:SOC analysts Blue teamersDetection engineers Cybersecurity students Security professionals learning Splunk, Sysmon, or MITRE ATT&CKTopics covered:Purple Teaming, Cybersecurity, Splunk, Windows Logging, Sysmon, PowerShell Detection, Atomic Red Team, Caldera, MITRE ATT&CK, Detection Engineering, Threat Detection, Security Monitoring, Red Team vs Blue Team, Adversary EmulationWatch till the end to understand how practical purple teaming can help defenders create better detections, validate security controls, and reduce blind spots in modern environments.Subscribe for more practical cybersecurity podcasts, blue team learning, SOC insights, and hands-on security content. Cyber Warfare Playlisthttps://www.youtube.com/watch?v=KKNtazH1qFs&list=PL0hT6hgexlYw8lc75YSbOts1GhOFl1Ofr&pp=sAgCSOC Playlisthttps://www.youtube.com/watch?v=zCLlrFZU0M8&list=PL0hT6hgexlYxd24Jb8OE7vZoas-iTcHAc&pp=sAgCThreat Intelligencehttps://www.youtube.com/playlist?list=PL0hT6hgexlYxb9mXpcgmEU-_AOmQdrZYO#PurpleTeaming #CyberSecurity #Splunk #BlueTeam #RedTeam #SOCAnalyst #DetectionEngineering #Sysmon #AtomicRedTeam #MITREATTACK #ThreatDetection #WindowsLogging

    1hr 29min
  2. 5 days ago

    Practical Active Directory Pentesting Masterclass 2026

    In this episode, Prabh hosts Siva for a deep, practical masterclass on Active Directory (AD) security — covering how AD works, why it becomes the single biggest “blast radius” in most enterprises, and how attackers exploit misconfigurations to compromise an entire organization.What You’ll Learn in This SessionActive Directory components explained (Domain Controllers, LDAP, NTDS.DIT, trusts, OUs)Why AD compromise usually equals full enterprise compromiseReal-world AD attack vectors and how attackers gain initial accessLLMNR poisoning and NTLM authentication abuseNTLM hash cracking with Hashcat (and why cracking “hash → hash” matters)BloodHound for AD security mapping and privilege path discoveryAD Certificate Services (ADCS) vulnerabilities (ESC-style misconfigs)Certificate-based impersonation of Domain AdminsDCSync, DACL abuse, GenericAll permissions, and persistence techniquesKerberos attacks: Golden Ticket, Silver Ticket, KerberoastingWhy Active Directory Security MattersActive Directory is the identity backbone for most enterprises.If AD is compromised, attackers can gain:Domain-wide credentialsAdmin privileges across systemsLateral movement capabilityLong-term persistenceThis masterclass focuses on understanding how the attack works, not just “which command to run.”Active Directory Fundamentals (Quick Breakdown)We cover core AD concepts including:Forest & Domain (security boundaries)Trust relationships (especially during mergers & acquisitions)Organizational Units (OUs) for policy enforcementDomain Controller role and directory servicesLDAP as the protocol used for AD interactionNTDS.DIT and why it’s one of the most dangerous files to loseNTDS.DIT: The “Crown Jewel” RiskSiva demonstrates how extracting NTDS.DIT can reveal:User accountsPassword hashesTrust relationshipsDomain secretsOne compromised file can lead to credential exposure across the entire organization.LLMNR Poisoning & NTLM Attacks (Hands-On)A major portion of this episode focuses on the classic but still deadly chain:Broadcast name resolution (LLMNR)Attacker responds as the “fake resolver”Captures NTLM authentication hashesHashes are cracked for credentials or reused for accessWe also clarify key concepts:LM Hash vs NT Hash vs NTLMWhy cracking NTLM is often the real gateway to exploitationNTLM Hash Cracking With Hashcat (Real Practical)Siva demonstrates:Why Hashcat is preferred for crackingHow password list choice matters (e.g., WeakPass)A powerful technique: cracking NTLMv1 → converting to NT hash for broader attack coverageThis is one of those “real pentesting tricks” many people miss.BloodHound: Visualizing AD Attack PathsSiva demonstrates BloodHound to:Identify Domain AdminsMap group membershipsDiscover privilege escalation pathsUnderstand why local admin access can quickly become domain admin compromiseWe also discuss best practices such as limiting local admin privileges and following Microsoft’s tiering model.AD Certificate Services (ADCS): Domain Compromise in MinutesThis is one of the most critical sections of the session.Siva explains how ADCS misconfigurations can allow attackers to:Request certificates for other usersImpersonate domain adminsAuthenticate using certificate-based logonExtract hashes and elevate privilege rapidlyWe cover how dangerous “Supply in the request” + client authentication permissions can be in certificate templates.DCSync, DACLs, GenericAll & PersistenceWe explore advanced but realistic misconfigurations that don’t always show up as CVEs:DCSync (replication permissions abuse)DACL vulnerabilities (outbound permissions that let you control other objects)GenericAll leading to shadow credentials and persistent accessHow persistence can survive password changes without changing passwords directlyKerberos Attacks ExplainedSiva breaks down Kerberos concepts and vulnerabilities including:Golden TicketSilver TicketKerberoasting

    2h 37m
  3. 20 Mar

    AI Revolution: Navigating the Offensive and Defensive Digital Divide

    In an era where artificial intelligence (AI) is revolutionizing the way we live and work, ensuring the security of generative AI technologies is paramount. Join Mr. Harshil in "Enable Secure Generative AI" as he dives deep into the world of AI, offering expert insights on leveraging AI for enhancing security measures and mitigating risks.Harshil Shahhttps://www.linkedin.com/in/harshil-shah-004/?originalSubdomain=ae🔍 What You'll Learn:The Fundamentals of Generative AI: Understand what generative AI is and how it's transforming industries.Offensive Uses of AI: Explore how AI can be used as a tool for offensive strategies, including cybersecurity attacks and data breaches.Defensive AI Strategies: Discover how AI can defend against threats, secure data, and protect digital infrastructures.Best Practices for Secure AI Deployment: Gain valuable knowledge on deploying AI technologies securely to avoid vulnerabilities.Future of AI Security: Mr. Harshil shares his predictions on the evolution of AI security measures and technologies.Whether you're a tech enthusiast, an IT professional, or someone curious about the potential of AI, this video will provide you with a comprehensive overview of how to harness AI for security purposes, along with the ethical considerations and challenges faced in the field.🔗 Stay Connected:For more insights on AI and security, subscribe to our channel and hit the notification bell.Follow us on [Social Media Platform] for updates and more content on AI technologies.✍️ We Want to Hear from You!Share your thoughts on AI security in the comments below. Have you encountered any challenges or successes in implementing AI strategies? Let's start a conversation!

    55 min
  4. 18 Mar

    OSCP Preparation (Step-by-Step Roadmap + Real Strategy)

    In this episode, Prabh sits down with Sérgio to break down a practical, no-fluff roadmap for preparing for the OSCP (Offensive Security Certified Professional) certification.This discussion is designed for anyone who feels overwhelmed by OSCP — and wants a structured approach that focuses on hands-on skills, repeatable methodology, and exam-ready habits.Sérgio’s Journey: From Hospitality to OSCPSérgio shares how he transitioned from being a restaurant shift supervisor into cybersecurity — and eventually earned the OSCP.Key takeaway: OSCP isn’t about being “naturally gifted.”It’s about practice, repetition, and building a personal methodology.What You Should Learn Before OSCPBefore buying OSCP material, Sérgio strongly recommends building fundamentals first:Linux fundamentals (file system, permissions, services, processes)Windows fundamentals (users, services, logs, privilege escalation basics)Basic networking & enumeration habitsComfort using terminals and troubleshootingHe suggests starting with platforms like Hack The Box or TryHackMe to build confidence before going into OSCP labs.Best Practice Platform for Exam ReadinessSérgio recommends training on Proving Grounds because it most closely matches OffSec-style machines and exam patterns.Why it matters:Practicing on OffSec-style labs builds the exact muscle memory needed for OSCP — especially under time pressure.The OSCP Notes System That Saves You in the ExamOne of the strongest lessons in this episode:Your notes and checklists are your real “weapon” in OSCP.Sérgio explains how he built an Excel-based tracking system to document:Machine difficulty rating (your own subjective scale)Steps takenKey learnings and takeawaysWhat worked / what failedRepeatable exploitation patternsThis helps you avoid repeating mistakes and creates a “playbook” you can use during the exam.OSCP Exam Methodology (How to Think Under Pressure)Sérgio stresses that OSCP success depends on a personal workflow:Start with full port scansRun targeted enumerationCheck common entry points (shares, web apps, creds, services)Always validate credentials across machinesBuild a repeatable process you can run like a scriptHe also highlights the value of becoming tool-flexible (not tool-dependent). Active Directory in OSCP (What to Focus On)The OSCP Active Directory portion is not about advanced enterprise AD topics.It’s about doing the fundamentals extremely well:Recon + enumerationCredential access and reuseLateral movement basicsTools like SecretsDump / Mimikatz (used correctly)Repeating the process across AD machines systematicallyTools, Tunneling & Not Overusing MetasploitSérgio shares realistic advice on tools OSCP candidates should understand:Privilege escalation basicsEnumeration scriptsPivoting/tunneling tools like Ligolo-NG and ChiselAvoid becoming dependent on MetasploitLearn to adapt when a tool failsOSCP Reporting: The Skill Most People IgnoreA big OSCP differentiator is report writing.Sérgio breaks down what matters in the exam report:Clean structureClear reproduction stepsScreenshots for proof (flags + key commands)A readable narrative (work backwards if needed)Make the examiner’s job easyHow to Know You’re Ready for OSCPSérgio suggests readiness looks like:You can solve boxes consistently in a limited timeframeYou’re comfortable with OffSec-style lab patternsYou have a repeatable checklist-driven methodologyYou can document everything clearly while hacking

    53 min
  5. 16 Mar

    How to Build a SOC Home Lab (Elastic SIEM) | Practical Demo with Pratyush

    In this episode, Prabh sits down with Pratyush to break down SOC (Security Operations Center) architecture and the real skills needed to start and grow a career in SOC — with a live practical demo of building a basic SOC using open-source tools.https://www.linkedin.com/in/pratyush-joshi-3391a0230/Noteshttps://excalidraw.com/#json=uAQ-z09mY63gTK6w0-5uq,rnK-MWtIUPZDl41wHQx7eg🎯 What You’ll Learn in This Podcast✅ SOC architecture explained (end-to-end workflow)✅ How log collection, parsing, and visualization actually works✅ Building a basic SOC using Elastic Stack (ELK)✅ Setting up Windows logging using Sysmon + WinLogBeat✅ Creating detections and alerts inside Elastic✅ Simulating real attacks using Atomic Red Team (MITRE ATT&CK)✅ How SOC tiers work (L1 → L2 → escalation & reporting)✅ How freshers can build practical SOC skills at home for free✅ Why learning a SIEM is the fastest way to understand cybersecurity🧱 SOC Architecture (Simplified)Pratyush explains SOC architecture in a simple way:Endpoints / Servers → Log Forwarder → SIEM (Elastic) → Dashboards → Detection Rules → Alerts → Investigation → ResponseWe cover how a SOC works across:Indexing (storing logs)Visualization (dashboards & searches)Detection rules (logic + thresholds)Alerting (triage & escalation)Response (SOAR/XDR concepts)⚙️ Live Demo: Build a Basic SOC with Elastic Stack (ELK)Pratyush demonstrates how to set up:✅ Elasticsearch + Kibana + LogstashInstallation and configuration basicsYAML configuration (host IPs, ports, security options)Creating Kibana data views and searching logsUnderstanding how logs are indexed and queried🖥️ Windows Telemetry Setup (Sysmon + WinLogBeat)🚨 Detection Engineering: Create Rules + Generate AlertsPratyush shows how to:Write queries to filter suspicious behaviorCreate detection rules inside ElasticTrigger alerts and understand SOC alert pipelinesExample: PowerShell-based suspicious activity detection (concept-level demo)This section is a mini introduction to Detection Engineering for SOC analysts.📈 SOC Career Path (L1 to L2 and Beyond)Pratyush explains the SOC tiers in a simple way:Tier 1 (L1)Monitor alertsValidate true vs false positivesEscalate suspicious incidentsTier 2 (L2)Deep investigationCorrelation across logsReport writing and remediation suggestionsHe also shares why:✅ Programming helps but is not mandatory to start✅ SIEM knowledge is the “core engine” of SOC growth✅ Home labs + practice gives freshers a huge edge🧠 Practical Skills to Become SOC-ReadyWe also discuss how to build real-world SOC habits:Log triage mindsetWriting investigation notesReporting and escalation clarityPracticing rule creation using SigmaLearning from platforms like Let’s Defend (for SOC scenarios)💻 SOC Home Lab Requirements (Minimal Setup)You can run this lab with:✅ 8GB RAM minimum✅ 40–50GB storage✅ VirtualBox / VMware✅ Ubuntu VM + Windows VMNo paid tools needed.SOC Playlisthttps://www.youtube.com/watch?v=zCLlrFZU0M8&list=PL0hT6hgexlYxd24Jb8OE7vZoas-iTcHAcISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWvStudy with MeTelegram Grouphttps://t.me/Infoseclearning#SOC #ElasticSIEM #CyberSecurity #SecurityOperationsCenter #BlueTeam #Sysmon #AtomicRedTeam #MITREATTACK #socanalyst

    1hr 5min

About

Prabh Nair is a cybersecurity podcaster covering cyber risk, ransomware, incident response, SOC operations, GRC, AI security, threat intelligence, digital forensics, ISO 27001, CISSP, CISM, and security leadership. Built for SOC analysts, auditors, cybersecurity professionals, students, and business leaders, each episode delivers simple explanations, practical lessons, and real-world examples to help you stay ahead in the fast-changing cyber world. #CyberSecurity #InformationSecurity #CyberRisk #GRC #SOC #IncidentResponse #Ransomware #ThreatIntelligence #AISecurity #DigitalForensics