Kubernetes is a great choice for deploying resilient and scalable applications. In this post, I’ll walk through the process of building Docker images, pushing them to DockerHub, setting up a Kubernetes cluster, deploying the services, and enabling self healing mechanisms. This guide uses a Video Transcriber project with a frontend Read more
Docker Basics Key Concepts Start with Simple Commands Building and Running Containers Build an Image Run a Container Interacting with Containers Execute Commands Inside a Running Container Copy Files Attach to a Container Viewing Logs and Debugging Logs Stats Inspect Managing Images Image Commands Tagging and Pushing Docker Volumes Persistent Read more
Choosing the correct Software Development Life Cycle (SDLC) model is crucial for the success of any project. Different projects have unique requirements, timelines, and team dynamics that make certain models more suitable than others. This guide provides a structured approach to selecting the SDLC model that best fits your project. Read more
Quality assurance (QA) plays a vital role in the Software Development Life Cycle (SDLC), ensuring that the software meets defined requirements and performs reliably in various conditions. This post covers two essential quality frameworks within SDLC: the Software Testing Life Cycle (STLC) and the Defect Life Cycle. Software Testing Life Read more
1. Prototype Model The Prototype Model is used when project requirements are unclear or expected to evolve. It focuses on creating an initial version (prototype) that allows stakeholders to visualize the product early on and provide feedback. Characteristics: Use Cases: Advantages and Disadvantages: 2. Hybrid Model The Hybrid Model combines Read more
Introduction to SDLC The Software Development Life Cycle (SDLC) is a systematic process for building software with efficiency and quality. It organizes software development into stages that help manage planning, resource allocation, and quality assurance. SDLC Core Phases Phase Description Requirements Business Analysts gather and define project needs. Feasibility Study Read more
I’ve been running Cuckoo since it came out in 2011. The original project is no longer maintained, but the folks at CERT-EE have released Cuckoo3. Setting up Cuckoo has never been easy for me, but they’ve made it a breeze. By the end of this guide, you’ll have a fully Read more
Introduction As more organizations move to cloud environments, incident handling in platforms like AWS has become essential for SOC operations. This post will cover strategies for managing incidents in cloud environments, specifically AWS, and wrap up with comprehensive malware analysis techniques that apply across both on premise and cloud systems. Read more
Introduction One of the goals for incident response is not just stopping an attack but making sure attackers can’t get back in. Attackers often use persistence techniques to maintain access, setting up mechanisms that survive reboots or system updates. Powershell has also become a common vector for threats, especially for Read more
Introduction In a SOC environment, specialized incident handling skills are essential for managing complex attack types like phishing, malware, and network based intrusions. This post dives into practical approaches for handling phishing attempts, investigating malware alerts, and using network forensics to support incident response. Mastering these techniques enables SOC analysts Read more
Introduction For a SOC, using structured frameworks like MITRE ATT&CK enhances incident detection and provides a clear methodology for tracking and understanding adversarial behavior. This post will cover the basics of operationalizing MITRE ATT&CK in a SOC environment and handling high severity incidents (SEV0). We’ll explore how MITRE ATT&CK improves Read more
Here’s how to create a combined workflow in Mac Automator that first converts .pages documents to PDF, then merges the resulting PDFs into a single PDF file. Steps to Create a Combined Workflow in Automator First, brew install poppler Next, Open Automator: Set the Input Type: Add “Run AppleScript” to Read more
Introduction A well architected SIEM is one of the most valuable tools in a SOC, central to both detecting and responding to security incidents. This post will cover the essentials of setting up and configuring a SIEM, then move into effective log analysis techniques. For new analysts, this overview provides Read more
Introduction Starting out in a SOC requires a mix of technical and practical skills to handle a range of security incidents effectively. This post covers essential skills for SOC analysts, introduces core SOC playbooks, and explores basic automation within AWS environments. If you’re a new analyst, this guide will help Read more
I have trouble remembering all of these, so I’m stashing them here. 1. Risk Management Equations 2. System Reliability and Maintenance Metrics 3. Cryptography and Access Control Calculations 4. Probability and Bayesian Analysis 5. Quantitative Risk Metrics 6. Binary and Boolean Logic Operations 1. Risk Management Equations Annualized Loss Expectancy Read more
Introduction In incident response, following a structured approach is fundamental to maintaining clarity, control, and precision. This post covers the essential concepts in incident handling, breaking down the life cycle stages and key operations within a SOC. Using NIST 800-61 as the primary guide, I’ll walk through the basics of Read more
The goal of detection engineering isn’t just to identify potential threats but to take meaningful action based on those findings. After documenting and analyzing your results, it is time to determine which findings require escalation, how to initiate an effective response, and how to use what you’ve learned to continuously Read more
Git is more than just a tool for version control. It’s a core skill for any developer working in a collaborative environment. This guide will walk you through essential Git commands, concepts, and tips to make you effective in managing code and collaborating on projects. We’ll cover setup, basic operations, Read more
As you analyze and interpret detection results, effective documentation becomes essential. Documentation provides a clear record of what has been observed, what steps have been taken, and where the investigation is headed. In this post, we’ll discuss how to document findings, organize investigation steps, and expand the investigation by connecting Read more
Creating detection analytics is only part of the equation in detection engineering. Once you have analytics in place, the next challenge is to interpret their results accurately, distinguishing genuine threats from benign anomalies. In this post, we’ll go through how to evaluate results, identify malicious activity amid outliers, and navigate Read more