Audit
Network Security
Detecting Tor communication
A guide to creating inverse Suricata IDS rules from Proofpoint Emerging Threats Tor signatures using sed and regex, enabling detection of outbound connections from internal hosts to Tor relays.
Automation
Blue Team Tactics: Honey Tokens Pt. II
Part two of the honey tokens series covering PowerShell-based token deployment, validating audit ACL settings, and testing adversary interaction detection via PowerShell remoting, RDP, and Meterpreter process injection.
Home Lab
Raspberry Pi Centralized Log Server
A guide to configuring a Raspberry Pi as a centralized syslog server using rsyslog with per-host log files, log rotation, and forwarding configuration for syslog, rsyslog, and syslog-ng clients.