Written when I have something worth saying. These are writeups, not takes.
Signature-based AV was already outdated when I started in this field. Here's what a real detection stack looks like, and how you can replicate the important parts at home.
Read more →I went through the actual privacy policies and court cases for nine major VPN providers. The gap between what they claim and what they deliver is significant.
Read more →Microsoft buries the useful security controls under layers of UI that nudges you toward their cloud products. Here's what to actually change and why each one matters.
Read more →Enterprise-grade event monitoring doesn't require a budget. This is the exact setup I use for my home lab — the same principles apply to small business environments.
Read more →SUID binaries, writable paths, and misconfigured sudo rules show up in almost every pen test I've been part of. Here's what to look for and how to close the gaps.
Read more →I captured three live phishing kits and broke down how they were built. Once you've seen the infrastructure, spotting these sites becomes second nature.
Read more →