Security
Honeypot Diaries: SSH Authorized Keys
Analyzing threat actor activity and malware observed in geographically dispersed honeypots.
Managing Password Hygiene
Reviewing the current state of password hygiene and why unique, long, and complex passwords are more important than ever.
Honeypot Diaries: Masscan
A honeypot observations post documenting a threat actor attempting to install and use the masscan port scanner on a compromised host to scan for RDP and SSH targets, with SSH hardening mitigations.
Setup and Securing Winlogbeat
Setting up Winlogbeat 8.0 with TLS communication and keystore-based credential management, following the principle of least privilege with role-based API keys.
Blue Team Tactics: Honey Tokens Pt. II
Part two of the honey tokens series covering PowerShell-based token deployment, validating audit ACL settings, and testing adversary interaction detection via PowerShell remoting, RDP, and Meterpreter process injection.
Mounting NFS Shares in Windows Using Identity Mapping
A guide to mounting NFS shares on Windows 10 with read/write access using UID/GID identity mapping via local passwd and group files, improving on the less secure anonymous mount approach.
Raspberry Pi Centralized Log Server
A guide to configuring a Raspberry Pi as a centralized syslog server using rsyslog with per-host log files, log rotation, and forwarding configuration for syslog, rsyslog, and syslog-ng clients.