I'm Weston Raze. I work in cybersecurity as a practitioner, not a content creator. Everything here is stuff I've tested, run in production, or watched fail in a real environment. If it doesn't hold up, I won't put my name on it.
Not theoretical. Not "here is what RFC 1234 says." The things that come up in real IT and security jobs, explained by someone who deals with them daily.
Building detection pipelines that catch real threats — not generating noise. Wazuh, Elastic, writing Sigma rules, hunting inside your own data.
Event logs, Active Directory, Group Policy, PowerShell, Scheduled Tasks, Sysmon. How Windows actually works in a corporate domain environment.
Ubuntu, RHEL, Rocky, Debian. Permissions, services, networking, log forwarding. Running servers the way they are actually run in production.
TCP/IP, DNS abuse, TLS, Wireshark, firewall rules. Reading packet captures and identifying indicators that most people scroll past.
VPNs, DNS-over-HTTPS, browser fingerprinting, data brokers. The gap between what products claim and what they actually do.
The unsexy stuff that runs every organization — DHCP, DNS, domain management, scripting, backups. What you will actually spend your time on.
The security content space is full of people who have never actually worked in security. They regurgitate certifications, recommend tools they get paid to promote, and teach techniques that fall apart the moment you try them on real infrastructure.
This is not that.
Not theoretical attack scenarios. Actual patterns that show up in real IT and security work, over and over.
In smaller companies especially, everyone has local admin on their own machine because "it's easier." Every piece of malware they run now runs with admin rights. This is the single fastest way to go from phishing email to full domain compromise.
Default Windows audit settings log almost nothing useful. If something happened two weeks ago and you have no process creation logs, no logon events, no PowerShell logging — you are not doing incident response, you are guessing.
Expose port 22 to the internet with password authentication enabled and your auth logs will be full of brute force attempts within hours. Key-based auth only, disable passwords, change the default port. Takes ten minutes and eliminates an entire attack surface.
One VLAN for everything — workstations, servers, printers, cameras, IoT devices — all on the same subnet. Once an attacker is on any device, they can reach everything else directly. Segmentation is not optional, it is the difference between a contained incident and a full breach.
A VPN moves trust from your ISP to the VPN provider. That is it. It does not make you anonymous, it does not protect you from malware, and it does not hide you from sites you are logged into. Most VPN marketing is designed to make you feel protected, not to actually protect you.
Can not reach a domain-joined resource? Can not authenticate? Can not join a machine to the domain? Check DNS first, every time. Wrong DNS server, stale DNS cache, missing DNS record — these cause 80% of the "random" connectivity issues in Windows environments.
Four structured rooms covering the tools and systems that actually matter. Built around hands-on labs, real configs, and the kind of knowledge that transfers directly to a job.