HolyGhost is an independent cybersecurity blog. Clear breakdowns of known vulnerabilities and attacks, plus practical lessons for people learning security the right way.
A 2026 wave of BitLocker bypasses all abuse the same weak spot, the Windows Recovery Environment. Here is how the trust boundary breaks, why the fixes keep failing, and what actually protects your data.
Any authenticated user in an Active Directory domain can ask for tickets that are effectively offline password hashes for service accounts. Here is how Kerberoasting works, why it is so reliable, and how to shut it down.
Server side request forgery turns a harmless looking URL input into a way to read a cloud instance's own credentials. Here is how the metadata endpoint becomes the prize, and why IMDSv2 changed the game.
A plain English primer on threat models: what BitLocker, FileVault, and LUKS defend against, what they quietly do not, and why 'encrypted' is not a yes or no answer.
Why storing passwords is harder than it looks, what a salt actually does, and why a fast hash like SHA-256 is the wrong tool for the job. A plain English primer for people learning security.
A plain English walk through of what happens when you load an https site: the TLS handshake, how certificates prove identity, and why the padlock does not mean a site is safe.
Encryption in everyday language: what it means to scramble data, the difference between symmetric and asymmetric keys, and where you already rely on it every day.
Cryptography is more than encryption. A beginner friendly guide to what it actually covers, and the difference between encrypting, hashing, signing, and encoding that trips almost everyone up.
The difference between an event, an alert, an incident, and a breach, plus the incident response lifecycle every team follows. A calm, beginner friendly explainer.
4 min read·#incident-response#blue-team#fundamentals
Four words used constantly in security, and constantly confused. A simple analogy that makes the difference between threat, vulnerability, risk, and exploit stick for good.