T-Pot is an open-source honeypot framework designed to emulate multiple attack surfaces and gather data on malicious activities. This blog post walks through the installation process on an Ubuntu 20.04 server, and demonstrates how to test its capabilities. Setting Up T-Pot System Requirements Installation Steps Follow the official installation steps Read more…
Tailscale is a Zero Trust Network Access (ZTNA) solution that simplifies secure connectivity via a mesh VPN with Wireguard. It’s insanely easy to setup and get working. You get 3 devices with the free version. https://tailscale.com/pricing Setting Up Tailscale Inviting Users Configuring Access Controls Setting Up Applications and Services sudo Read more…
Security breaches will continue to increase in sophistication. Microsegmentation addresses this by enabling granular controls over network traffic, enforcing intent based, workload aware policies at the application layer. This ensures that only the necessary communication between services can happen. Think least privilege/least access for network communications. In this post, I’ll Read more…
These days, implementing Zero Trust principles is a necessity. Teleport is an open source solution that offers seamless and secure access to applications, servers, and other critical resources. In this guide, I’ll walk through setting it up. What I’m Using Step 1: Add DNS Records Ensure your DNS records are Read more…
Introduction This cheatsheet showcases essential VIM commands and practical examples. These commands help you navigate, edit, and manipulate code or configuration files efficiently. Navigation Commands Command Description Example Use w Jump to the start of the next word Fast word to word movement e Jump to the end of the Read more…
In this blog post, I’ll walk through how to build, deploy, and host an AI image detector. The project classifies images as either AI generated or real using a pre trained model, containerized with Docker, and deployed locally. You can find the complete source code on GitHub. Overview This project Read more…
The CISSP exam covers a broad range of topics on laws, regulations, and compliance, which are integral to managing cybersecurity in a global, interconnected world. In this post, we’ll guide you through the essentials of current laws, regulatory frameworks, and compliance best practices, along with exam focused tips to help Read more…
In this guide, I’ll walk you through how I deployed and managed a Kubernetes based application using ArgoCD on macOS with Docker Desktop. The goal was to automate the deployment of a video transcription service with a frontend and backend, all while utilizing ArgoCD for GitOps management. This allows changes Read more…
Kubernetes is a great choice for deploying resilient and scalable applications. In this post, I’ll walk through the process of building Docker images, pushing them to DockerHub, setting up a Kubernetes cluster, deploying the services, and enabling self healing mechanisms. This guide uses a Video Transcriber project with a frontend Read more…
Docker Basics Key Concepts Start with Simple Commands Building and Running Containers Build an Image Run a Container Interacting with Containers Execute Commands Inside a Running Container Copy Files Attach to a Container Viewing Logs and Debugging Logs Stats Inspect Managing Images Image Commands Tagging and Pushing Docker Volumes Persistent Read more…
Choosing the correct Software Development Life Cycle (SDLC) model is crucial for the success of any project. Different projects have unique requirements, timelines, and team dynamics that make certain models more suitable than others. This guide provides a structured approach to selecting the SDLC model that best fits your project. Read more…
Quality assurance (QA) plays a vital role in the Software Development Life Cycle (SDLC), ensuring that the software meets defined requirements and performs reliably in various conditions. This post covers two essential quality frameworks within SDLC: the Software Testing Life Cycle (STLC) and the Defect Life Cycle. Software Testing Life Read more…
1. Prototype Model The Prototype Model is used when project requirements are unclear or expected to evolve. It focuses on creating an initial version (prototype) that allows stakeholders to visualize the product early on and provide feedback. Characteristics: Use Cases: Advantages and Disadvantages: 2. Hybrid Model The Hybrid Model combines Read more…
Introduction to SDLC The Software Development Life Cycle (SDLC) is a systematic process for building software with efficiency and quality. It organizes software development into stages that help manage planning, resource allocation, and quality assurance. SDLC Core Phases Phase Description Requirements Business Analysts gather and define project needs. Feasibility Study Read more…
I’ve been running Cuckoo since it came out in 2011. The original project is no longer maintained, but the folks at CERT-EE have released Cuckoo3. Setting up Cuckoo has never been easy for me, but they’ve made it a breeze. By the end of this guide, you’ll have a fully Read more…
Introduction As more organizations move to cloud environments, incident handling in platforms like AWS has become essential for SOC operations. This post will cover strategies for managing incidents in cloud environments, specifically AWS, and wrap up with comprehensive malware analysis techniques that apply across both on premise and cloud systems. Read more…
Introduction One of the goals for incident response is not just stopping an attack but making sure attackers can’t get back in. Attackers often use persistence techniques to maintain access, setting up mechanisms that survive reboots or system updates. Powershell has also become a common vector for threats, especially for Read more…
Introduction In a SOC environment, specialized incident handling skills are essential for managing complex attack types like phishing, malware, and network based intrusions. This post dives into practical approaches for handling phishing attempts, investigating malware alerts, and using network forensics to support incident response. Mastering these techniques enables SOC analysts Read more…
Introduction For a SOC, using structured frameworks like MITRE ATT&CK enhances incident detection and provides a clear methodology for tracking and understanding adversarial behavior. This post will cover the basics of operationalizing MITRE ATT&CK in a SOC environment and handling high severity incidents (SEV0). We’ll explore how MITRE ATT&CK improves Read more…
Here’s how to create a combined workflow in Mac Automator that first converts .pages documents to PDF, then merges the resulting PDFs into a single PDF file. Steps to Create a Combined Workflow in Automator First, brew install poppler Next, Open Automator: Set the Input Type: Add “Run AppleScript” to Read more…