HTB Imagery walkthrough: HackTheBox machine solution with locked content for security. Overview of machine details and walkthrough structure for the Imagery penetration testing challenge with restricted access per HTB policy.
HTB AirTouch walkthrough: HackTheBox machine solution with locked content for security. Overview of machine details and walkthrough structure for the AirTouch penetration testing challenge with restricted access per HTB policy.
SNMP reconnaissance technique walkthrough: How poor SNMP configuration leads to credential disclosure and system compromise. Learn enumeration methods, MIB walking, and defensive hardening strategies for network management protocols.
HTB monitorsfour walkthrough: HackTheBox machine solution with locked content for security. Overview of machine details and walkthrough structure for the monitorsfour penetration testing challenge with restricted access per HTB policy.
HTB Browsed walkthrough: HackTheBox machine solution with locked content for security. Overview of machine details and walkthrough structure for the Browsed penetration testing challenge with restricted access per HTB policy.
An exploration of SMBv1's vulnerabilities, how EternalBlue exploited them, and the lasting impact on cybersecurity practices.
Reflections on my first three months with the NSW State Emergency Service, training and responding as part of a Road Crash Rescue unit.
DFIR analysis of a compromised MongoDB server to investigate MangoBleed vulnerability exploitation, identify attacker activity, and perform rapid triage analysis of collected artifacts.
DFIR analysis of Sysmon logs to detect and investigate an UltraVNC-based intrusion campaign, focusing on file creation events, process execution, and network indicators.
Proof-of-Concept demonstrating binary planting vulnerability through insecure executable search path in Notepad++ installer, leading to arbitrary code execution with elevated privileges.
Microsoft is integrating Sysmon directly into Windows 11 and Windows Server 2025, eliminating manual deployments and giving defenders richer telemetry, simpler reporting, and faster threat visibility.
A walkthrough of the HTB TwoMillion machine, covering API enumeration, ROT13 decoding, privilege escalation, command injection, and CVE-2023-0386 kernel exploit.
ISM-0534 implementation guide: Disable unused physical ports on network devices. Complete configuration guidance for switches, routers, and network infrastructure. Step-by-step instructions for blue team security implementation and compliance.
Explore the fundamental principles of secure by design and secure by default methodologies. Learn how to build security into systems from the ground up, implement defense in depth, and create inherently secure architectures that protect against modern cyber threats.
Bit of fun in the Holmes CTF.
HTB Previous walkthrough: HackTheBox Medium Linux machine solution with locked content for security. Overview of machine details, difficulty level, and walkthrough structure for the Previous penetration testing challenge with restricted access.
A comprehensive walkthrough of the HTB BountyHunter machine, demonstrating XXE vulnerability exploitation and web application security testing. This guide covers enumeration, exploitation, and privilege escalation techniques for cybersecurity professionals.
A comprehensive walkthrough of the HTB CodeTwo machine, covering enumeration, exploitation, and privilege escalation techniques. This guide provides step-by-step instructions for cybersecurity professionals and penetration testing enthusiasts.
Career highlights at CrowdStrike: My experience working in the Falcon Complete Team, interview process, onboarding, daily responsibilities, and career growth in cybersecurity SOC operations.
A comprehensive guide to NTFS Alternate Data Streams (ADS), covering exploitation techniques, detection methods, and blue team strategies. Learn how attackers hide malicious payloads and how defenders can identify and mitigate these stealthy techniques.
Analysis and details of CVE-2025-29927 vulnerability. This post covers the security implications, affected systems, and mitigation strategies for this cybersecurity vulnerability.
A hands-on honeypot project combining web-exposed servers with CrowdStrike EDR for cybersecurity skill development. This project demonstrates deception techniques, threat detection, and SOC monitoring through practical honeypot implementation.
Learn how to implement comprehensive logging and monitoring policies that meet Australian Government ISM requirements, including control implementation, log management, and security monitoring best practices.
ISM-1717 security.txt implementation guide: Complete requirements for hosting security contact files at /.well-known/security.txt. RFC 9116 compliance, web server configuration, and security policy implementation for organizations and cybersecurity compliance.
System Monitor (Sysmon) is a Windows system service and device driver that monitors and logs system activity to the Windows event log, providing detailed information about process creation, network connections, and file changes.
An introductory guide to cybersecurity fundamentals, covering essential concepts like the CIA triad, common threats, and security best practices. This beginner-friendly resource provides a solid foundation for understanding digital security principles and protecting against cyber threats.
XXE attacks guide: Learn XML External Entity vulnerabilities, exploitation techniques, file disclosure, SSRF, and mitigation strategies. Comprehensive coverage of XXE attack vectors, real-world examples, and security best practices for web application security.
Learn how to assess systems against the Australian Government Information Security Manual (ISM) controls, including methodology, tools, and best practices for compliance evaluation.
ISM-0657 implementation guide: Manual data import scanning for malicious content control. Implementation guidance, requirements, and testing procedures for ISM cybersecurity controls and data security scanning for blue team security.
Windows Event ID 4624 guide: Complete analysis of successful logon events, logon types (interactive, network, RDP), security monitoring, and blue team detection techniques for Windows authentication events and security monitoring.
Learn about OSQuery, the open-source operating system instrumentation framework for monitoring and querying system information across multiple platforms.
System Alpha is a baseline reference system used across multiple blog posts and implementation guides to demonstrate ISM compliance, security configurations, and practical cybersecurity implementations.
Learn about Trusted Platform Module (TPM) technology, its role in hardware-based security, and how it enhances system protection through cryptographic functions and secure key storage.
A personal journey through OSCP certification preparation, sharing the study methods, resources, and timeline that led to success. This guide covers PWK labs, Proving Grounds practice, HackTheBox machines, and the proven methodology that helped achieve 110 points in 7 months.