<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
  <channel>
    <title>HolyGhost</title>
    <link>https://holyghost.sh</link>
    <description>HolyGhost is an independent cybersecurity blog. Clear breakdowns of known vulnerabilities and attacks, plus practical lessons for people learning security the right way.</description>
    <language>en</language>
    <item>
      <title>Breaking BitLocker Again: How WinRE Became the Skeleton Key to Encrypted Windows</title>
      <link>https://holyghost.sh/blog/breaking-bitlocker-again</link>
      <guid>https://holyghost.sh/blog/breaking-bitlocker-again</guid>
      <pubDate>Tue, 30 Jun 2026 00:00:00 GMT</pubDate>
      <description>A 2026 wave of BitLocker bypasses all abuse the same weak spot, the Windows Recovery Environment. Here is how the trust boundary breaks, why the fixes keep failing, and what actually protects your data.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>SolarWinds: When the Trusted Update Was the Attack</title>
      <link>https://holyghost.sh/blog/solarwinds-supply-chain</link>
      <guid>https://holyghost.sh/blog/solarwinds-supply-chain</guid>
      <pubDate>Sat, 27 Jun 2026 00:00:00 GMT</pubDate>
      <description>Attackers did not break into thousands of networks one by one. They compromised a single software vendor's build process and let the trusted updates carry the backdoor in. A breakdown of the SolarWinds supply chain attack.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>From a URL Field to Cloud Keys: SSRF and the Metadata Endpoint</title>
      <link>https://holyghost.sh/blog/ssrf-cloud-metadata</link>
      <guid>https://holyghost.sh/blog/ssrf-cloud-metadata</guid>
      <pubDate>Tue, 23 Jun 2026 00:00:00 GMT</pubDate>
      <description>Server side request forgery turns a harmless looking URL input into a way to read a cloud instance's own credentials. Here is how the metadata endpoint becomes the prize, and why IMDSv2 changed the game.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Is Threat Modelling? Thinking Like an Attacker, on Purpose</title>
      <link>https://holyghost.sh/blog/what-is-threat-modelling</link>
      <guid>https://holyghost.sh/blog/what-is-threat-modelling</guid>
      <pubDate>Sat, 20 Jun 2026 00:00:00 GMT</pubDate>
      <description>Threat modelling is the habit of asking what could go wrong before it does. A beginner friendly guide to the four questions and a simple framework for spotting weaknesses early.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Log4Shell: How a Logging Library Became the Internet's Worst Day</title>
      <link>https://holyghost.sh/blog/log4shell-explained</link>
      <guid>https://holyghost.sh/blog/log4shell-explained</guid>
      <pubDate>Sat, 13 Jun 2026 00:00:00 GMT</pubDate>
      <description>A single string written into a log file could run attacker code on millions of servers. Here is how Log4Shell (CVE-2021-44228) worked, why it spread so far, and what it taught the industry about dependencies.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>Kerberoasting: Turning One Domain Account into a Pile of Service Passwords</title>
      <link>https://holyghost.sh/blog/kerberoasting-explained</link>
      <guid>https://holyghost.sh/blog/kerberoasting-explained</guid>
      <pubDate>Tue, 09 Jun 2026 00:00:00 GMT</pubDate>
      <description>Any authenticated user in an Active Directory domain can ask for tickets that are effectively offline password hashes for service accounts. Here is how Kerberoasting works, why it is so reliable, and how to shut it down.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Full Disk Encryption Actually Protects You From, and What It Does Not</title>
      <link>https://holyghost.sh/blog/what-disk-encryption-protects</link>
      <guid>https://holyghost.sh/blog/what-disk-encryption-protects</guid>
      <pubDate>Sat, 06 Jun 2026 00:00:00 GMT</pubDate>
      <description>A plain English primer on threat models: what BitLocker, FileVault, and LUKS defend against, what they quietly do not, and why 'encrypted' is not a yes or no answer.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Spectre and Meltdown: When the CPU's Cleverness Became a Leak</title>
      <link>https://holyghost.sh/blog/spectre-meltdown-explained</link>
      <guid>https://holyghost.sh/blog/spectre-meltdown-explained</guid>
      <pubDate>Tue, 02 Jun 2026 00:00:00 GMT</pubDate>
      <description>Modern processors guess ahead to go faster. Spectre and Meltdown showed that guessing leaves traces an attacker can read. A plain explainer of speculative execution side channels.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>Pass the Hash: Why Stealing the Password Is Optional</title>
      <link>https://holyghost.sh/blog/pass-the-hash-explained</link>
      <guid>https://holyghost.sh/blog/pass-the-hash-explained</guid>
      <pubDate>Sat, 30 May 2026 00:00:00 GMT</pubDate>
      <description>In Windows networks an attacker often does not need your password, just its hash. Here is how pass the hash works, why it powers lateral movement, and how to break the chain.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Is a Security Incident? Events, Incidents, Breaches, and What to Do</title>
      <link>https://holyghost.sh/blog/what-is-a-security-incident</link>
      <guid>https://holyghost.sh/blog/what-is-a-security-incident</guid>
      <pubDate>Fri, 22 May 2026 00:00:00 GMT</pubDate>
      <description>The difference between an event, an alert, an incident, and a breach, plus the incident response lifecycle every team follows. A calm, beginner friendly explainer.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>EternalBlue: The Leaked Exploit That Powered WannaCry</title>
      <link>https://holyghost.sh/blog/eternalblue-explained</link>
      <guid>https://holyghost.sh/blog/eternalblue-explained</guid>
      <pubDate>Tue, 19 May 2026 00:00:00 GMT</pubDate>
      <description>How a flaw in an ageing file sharing protocol, weaponised by a leaked intelligence exploit, spread ransomware across the world in hours. A breakdown of EternalBlue and MS17-010.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>Heartbleed: When Asking Nicely Leaked the Server's Secrets</title>
      <link>https://holyghost.sh/blog/heartbleed-explained</link>
      <guid>https://holyghost.sh/blog/heartbleed-explained</guid>
      <pubDate>Fri, 15 May 2026 00:00:00 GMT</pubDate>
      <description>A missing length check in OpenSSL let anyone read chunks of a server's memory, including private keys and passwords. Here is how Heartbleed (CVE-2014-0160) worked and why it was so serious.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Is a VPN? What It Really Protects, and What It Does Not</title>
      <link>https://holyghost.sh/blog/what-is-a-vpn</link>
      <guid>https://holyghost.sh/blog/what-is-a-vpn</guid>
      <pubDate>Tue, 12 May 2026 00:00:00 GMT</pubDate>
      <description>VPNs are sold as magic privacy shields. A clear headed beginner guide to what a VPN actually does, the legitimate uses, and the things it cannot do that the ads imply.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Shellshock: The Bash Bug Hiding in an Environment Variable</title>
      <link>https://holyghost.sh/blog/shellshock-explained</link>
      <guid>https://holyghost.sh/blog/shellshock-explained</guid>
      <pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate>
      <description>For years, Bash would run code smuggled into the end of an environment variable. Shellshock (CVE-2014-6271) turned that into remote code execution across a huge slice of the internet.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>Directory Traversal: Escaping the Folder You Were Meant to Stay In</title>
      <link>https://holyghost.sh/blog/directory-traversal-explained</link>
      <guid>https://holyghost.sh/blog/directory-traversal-explained</guid>
      <pubDate>Mon, 27 Apr 2026 00:00:00 GMT</pubDate>
      <description>By adding ../ to a file path, an attacker can climb out of the intended directory and read files the application never meant to expose. Here is how path traversal works and how to block it.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>Cross Site Request Forgery: Making Your Browser Act Against You</title>
      <link>https://holyghost.sh/blog/csrf-explained</link>
      <guid>https://holyghost.sh/blog/csrf-explained</guid>
      <pubDate>Fri, 24 Apr 2026 00:00:00 GMT</pubDate>
      <description>CSRF tricks a logged in user's browser into sending a real, authenticated request they never intended. Here is how it abuses the way browsers handle cookies, and how to shut it down.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Is Patching, and Why Is It the Boring Fix That Actually Works?</title>
      <link>https://holyghost.sh/blog/what-is-patching</link>
      <guid>https://holyghost.sh/blog/what-is-patching</guid>
      <pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
      <description>Most breaches exploit vulnerabilities that were already fixed. A beginner friendly guide to what patching is, why it matters so much, and how teams keep on top of it.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Command Injection: When Input Reaches the Operating System Shell</title>
      <link>https://holyghost.sh/blog/command-injection-explained</link>
      <guid>https://holyghost.sh/blog/command-injection-explained</guid>
      <pubDate>Fri, 17 Apr 2026 00:00:00 GMT</pubDate>
      <description>If an application builds a system command out of user input, an attacker can smuggle in their own commands. Here is how OS command injection works and how to design it out.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>Cross Site Scripting (XSS): Running Your Code in Someone Else's Browser</title>
      <link>https://holyghost.sh/blog/cross-site-scripting-explained</link>
      <guid>https://holyghost.sh/blog/cross-site-scripting-explained</guid>
      <pubDate>Fri, 10 Apr 2026 00:00:00 GMT</pubDate>
      <description>XSS lets an attacker run JavaScript in another user's browser session, in the context of a site they trust. Here are the three types, what they enable, and how to stop them.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Is a Firewall? The Checkpoint for Network Traffic</title>
      <link>https://holyghost.sh/blog/what-is-a-firewall</link>
      <guid>https://holyghost.sh/blog/what-is-a-firewall</guid>
      <pubDate>Tue, 07 Apr 2026 00:00:00 GMT</pubDate>
      <description>A firewall decides which network traffic is allowed and which is blocked. A beginner friendly guide to how firewalls work, the main types, and what they can and cannot protect.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>SQL Injection: When Your Input Becomes the Database's Command</title>
      <link>https://holyghost.sh/blog/sql-injection-explained</link>
      <guid>https://holyghost.sh/blog/sql-injection-explained</guid>
      <pubDate>Fri, 03 Apr 2026 00:00:00 GMT</pubDate>
      <description>SQL injection turns a login box or search field into a way to read, change, or destroy a database. Here is how it works, the flavours it takes, and the one fix that actually stops it.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Is Malware? A Field Guide to the Types</title>
      <link>https://holyghost.sh/blog/what-is-malware</link>
      <guid>https://holyghost.sh/blog/what-is-malware</guid>
      <pubDate>Mon, 30 Mar 2026 00:00:00 GMT</pubDate>
      <description>Virus, worm, trojan, ransomware, spyware, rootkit. A beginner friendly guide to what malware is, the main families and how they differ, and the habits that keep it out.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>What Is Phishing? The Attack That Targets People, Not Computers</title>
      <link>https://holyghost.sh/blog/what-is-phishing</link>
      <guid>https://holyghost.sh/blog/what-is-phishing</guid>
      <pubDate>Fri, 27 Mar 2026 00:00:00 GMT</pubDate>
      <description>Most breaches start with a message, not a hack. A beginner friendly guide to phishing and social engineering: the common types, the warning signs, and how to not take the bait.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>What Is Multifactor Authentication? The Single Best Habit for Your Accounts</title>
      <link>https://holyghost.sh/blog/what-is-multifactor-authentication</link>
      <guid>https://holyghost.sh/blog/what-is-multifactor-authentication</guid>
      <pubDate>Thu, 19 Mar 2026 00:00:00 GMT</pubDate>
      <description>Passwords get stolen constantly. Multifactor authentication is the cheap, powerful layer that keeps an attacker out even when they have your password. Here is how it works and which types to trust.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>What Is a Password Manager? Stop Reusing Passwords for Good</title>
      <link>https://holyghost.sh/blog/what-is-a-password-manager</link>
      <guid>https://holyghost.sh/blog/what-is-a-password-manager</guid>
      <pubDate>Mon, 16 Mar 2026 00:00:00 GMT</pubDate>
      <description>The one tool that fixes the biggest everyday security problem: reused and weak passwords. A beginner friendly guide to what a password manager is, how it works, and why to trust one.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>How HTTPS Actually Works: TLS, Certificates, and What the Padlock Really Means</title>
      <link>https://holyghost.sh/blog/how-https-works</link>
      <guid>https://holyghost.sh/blog/how-https-works</guid>
      <pubDate>Thu, 12 Mar 2026 00:00:00 GMT</pubDate>
      <description>A plain English walk through of what happens when you load an https site: the TLS handshake, how certificates prove identity, and why the padlock does not mean a site is safe.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Password Hashing Explained: Salts, Slow Hashes, and Why Argon2 Beats SHA-256</title>
      <link>https://holyghost.sh/blog/password-hashing-explained</link>
      <guid>https://holyghost.sh/blog/password-hashing-explained</guid>
      <pubDate>Mon, 09 Mar 2026 00:00:00 GMT</pubDate>
      <description>Why storing passwords is harder than it looks, what a salt actually does, and why a fast hash like SHA-256 is the wrong tool for the job. A plain English primer for people learning security.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>What Is DNS? The Internet's Address Book, Explained</title>
      <link>https://holyghost.sh/blog/what-is-dns</link>
      <guid>https://holyghost.sh/blog/what-is-dns</guid>
      <pubDate>Thu, 05 Mar 2026 00:00:00 GMT</pubDate>
      <description>Every website visit starts with a lookup you never see. A beginner friendly guide to how DNS turns a name like holyghost.sh into an address, and why it matters for security.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>How the Web Works: What Happens When You Load a Page</title>
      <link>https://holyghost.sh/blog/how-the-web-works</link>
      <guid>https://holyghost.sh/blog/how-the-web-works</guid>
      <pubDate>Thu, 26 Feb 2026 00:00:00 GMT</pubDate>
      <description>From typing an address to seeing a page, a lot happens in a second. A beginner friendly walk through of clients, servers, requests, and responses, the mental model the rest of web security builds on.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Networking Basics: IP Addresses, Ports, and Protocols</title>
      <link>https://holyghost.sh/blog/networking-basics-ip-ports-protocols</link>
      <guid>https://holyghost.sh/blog/networking-basics-ip-ports-protocols</guid>
      <pubDate>Mon, 23 Feb 2026 00:00:00 GMT</pubDate>
      <description>The three ideas that make computer networking click: what an IP address is, what a port is, and what a protocol is. A beginner friendly foundation for everything else in security.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>The CIA Triad: The Three Words Behind Every Security Decision</title>
      <link>https://holyghost.sh/blog/cia-triad-explained</link>
      <guid>https://holyghost.sh/blog/cia-triad-explained</guid>
      <pubDate>Thu, 19 Feb 2026 00:00:00 GMT</pubDate>
      <description>Confidentiality, integrity, availability. A beginner friendly guide to the model that quietly sits behind almost every security control, attack, and trade off.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>What Is Encryption? A Plain English Introduction</title>
      <link>https://holyghost.sh/blog/what-is-encryption</link>
      <guid>https://holyghost.sh/blog/what-is-encryption</guid>
      <pubDate>Sun, 15 Feb 2026 00:00:00 GMT</pubDate>
      <description>Encryption in everyday language: what it means to scramble data, the difference between symmetric and asymmetric keys, how real systems combine both, and where you already rely on it every single day.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>What Is Cryptography? Encryption, Hashing, Signing, and Encoding Untangled</title>
      <link>https://holyghost.sh/blog/what-is-cryptography</link>
      <guid>https://holyghost.sh/blog/what-is-cryptography</guid>
      <pubDate>Thu, 12 Feb 2026 00:00:00 GMT</pubDate>
      <description>Cryptography is more than encryption. A beginner friendly guide to what it actually covers, and the difference between encrypting, hashing, signing, and encoding that trips almost everyone up.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Threat, Vulnerability, Risk, and Exploit: The Words Everyone Mixes Up</title>
      <link>https://holyghost.sh/blog/threat-vulnerability-risk-exploit</link>
      <guid>https://holyghost.sh/blog/threat-vulnerability-risk-exploit</guid>
      <pubDate>Sun, 08 Feb 2026 00:00:00 GMT</pubDate>
      <description>Four words used constantly in security, and constantly confused. A simple analogy that makes the difference between threat, vulnerability, risk, and exploit stick for good.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Buffer Overflows: Writing Past the Edge and Hijacking a Program</title>
      <link>https://holyghost.sh/blog/buffer-overflow-explained</link>
      <guid>https://holyghost.sh/blog/buffer-overflow-explained</guid>
      <pubDate>Wed, 04 Feb 2026 00:00:00 GMT</pubDate>
      <description>One of the oldest and most influential classes of vulnerability. How writing more data than a buffer can hold lets an attacker corrupt memory and seize control, and the defences that now stand in the way.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Is Zero Trust? Never Trust, Always Verify</title>
      <link>https://holyghost.sh/blog/what-is-zero-trust</link>
      <guid>https://holyghost.sh/blog/what-is-zero-trust</guid>
      <pubDate>Sat, 31 Jan 2026 00:00:00 GMT</pubDate>
      <description>The old model trusted anything inside the network. Zero trust throws that away and verifies every request, wherever it comes from. A beginner friendly guide to the idea and why it took over.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>Insecure Deserialization: Trusting a Blob of Bytes Too Much</title>
      <link>https://holyghost.sh/blog/insecure-deserialization-explained</link>
      <guid>https://holyghost.sh/blog/insecure-deserialization-explained</guid>
      <pubDate>Tue, 27 Jan 2026 00:00:00 GMT</pubDate>
      <description>Turning saved data back into live objects sounds harmless. When the data comes from an attacker, it can lead to remote code execution. Here is how insecure deserialization works and how to avoid it.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>Linux File Permissions: Reading rwx Without Fear</title>
      <link>https://holyghost.sh/blog/linux-file-permissions</link>
      <guid>https://holyghost.sh/blog/linux-file-permissions</guid>
      <pubDate>Mon, 19 Jan 2026 00:00:00 GMT</pubDate>
      <description>Those cryptic strings like rwxr-xr-x are simpler than they look. A beginner friendly guide to Linux file permissions, what the letters and numbers mean, and how to set them safely.</description>
      <category>Learn</category>
    </item>
    <item>
      <title>XXE: When an XML Parser Reads Files It Should Not</title>
      <link>https://holyghost.sh/blog/xxe-explained</link>
      <guid>https://holyghost.sh/blog/xxe-explained</guid>
      <pubDate>Thu, 15 Jan 2026 00:00:00 GMT</pubDate>
      <description>XML has a feature that lets a document pull in outside content. Point it at a local file or an internal server and a helpful parser becomes a data leak. Here is how XML External Entity attacks work.</description>
      <category>Analysis</category>
    </item>
    <item>
      <title>What Is a SOC? The Team That Watches While You Sleep</title>
      <link>https://holyghost.sh/blog/what-is-a-soc</link>
      <guid>https://holyghost.sh/blog/what-is-a-soc</guid>
      <pubDate>Mon, 12 Jan 2026 00:00:00 GMT</pubDate>
      <description>A Security Operations Centre is the people and tools that monitor, detect, and respond to threats around the clock. A beginner friendly guide to what a SOC does and who works in one.</description>
      <category>Learn</category>
    </item>
  </channel>
</rss>