Access is an "easy" difficulty machine, that highlights how machines associated with the physical security of an environment may not themselves be secure. Also highlighted is how accessible FTP/file shares can often lead to getting a foothold or lateral movement. It teaches techniques for identifying and exploiting saved credentials.

    Box Lights Out Difficulty Easy OS Linux Lights Out is an easy Linux box themed around a fake server Li...

I noticed that fast.com reported my connection at around 620 Mbps while command line tools like speedtest-cli were reporting closer to 109 Mbps. That discrepancy bothered me, so I spent an evening ...

A simple script to discover the maximum MTU supported by every device on your LAN — so you can confidently enable jumbo frames without breaking connectivity. Why Most home and lab networks run at...

A lightweight, real-time download scanner that quarantines new files in ~/Downloads, checks their SHA256 hash against VirusTotal, and only releases them once verified clean. Why Every file you do...

Device Info Model: F6D4230-4D1 Type: Consumer N150 Wi-Fi router (802.11b/g/n, 2.4 GHz) Year: 2009 (FCC approved January 2009, retail ~June 2009) Status: End-of-life / obsolete This is ...

AFW — An Application Firewall That Actually Makes Sense on Linux I don’t like running systems I don’t understand. And for years, one thing bugged me about every Linux desktop I’ve set up: outbound...

The Neutrino exploit kit is a malicious tool kit, which can be used by attackers who are not experts on computer security. Threat actors can have zero coding experience and still use exploit kits l...

I built Sysmon Builder to solve a recurring problem: beginners struggle to adopt Sysmon effectively. Sysmon is one of the most powerful sources of Windows telemetry, but its value is entirely depe...

AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection.

XWorm is a .NET-based remote access trojan (RAT) commonly delivered through phishing campaigns and multi-stage infection chains. It enables remote control, credential theft, payload execution, and ...

I don’t like running systems I don’t understand. By default, most desktops allow all outbound traffic and only worry about inbound filtering. That model assumes trust. I wanted visibility and contr...

As I revisit my 10th Arch build and go to create what I always wanted 15 years ago. I am excited to share my experiences and what I have learned as I create this masterpiece.\ Browser I installed...

recommended prerequisites understanding of frameworks like mitre, lockeed martin, nist, cis 18 power user cert knowledge soc analyst triage splunk es 7.0+ vocabularary working in a soc ...

I completed the Splunk Admin certification in one week—but not because it was easy. It was fast because I already had five years as a Security Engineer and Detection Engineer. What stood out immed...

Working with Cribl fundamentally changed how I think about data before it ever reaches Splunk. Instead of treating logs as raw input, I learned to treat them as structured signals that need to be s...

I completed Splunk Power User on January 28, 2026. The purpose was simple: it was a required step toward Splunk Administrator. The course reinforced advanced use of SPL (Search Processing Language...

I completed the Splunk Core User certification on January 23, with only one day’s notice. This was not because the exam was trivial in isolation, but because the material aligned directly with five...

I had the opportunity to work directly with Cobalt Strike, which gave me exposure to how command and control frameworks operate. Seeing how operators interact with beacons and post exploitation wor...

GREM was the most demanding certification I have taken yet on my journey. I passed with an 80%. I felt exceptional walking out of the exam. It did required an entire year of consistent effort to re...