Linux
Honeypot Diaries: SSH Authorized Keys
Analyzing threat actor activity and malware observed in geographically dispersed honeypots.
Honeypot Diaries: Masscan
A honeypot observations post documenting a threat actor attempting to install and use the masscan port scanner on a compromised host to scan for RDP and SSH targets, with SSH hardening mitigations.
Ingesting PCAP Files with Zeek and Splunk
How to safely ingest and analyze pcap files at scale using Zeek and Splunk.
Using DoD Root Certificates with Git
This post explains how to convert DoD root certificates from DER to PEM format and configure Git on Linux to use them for TLS verification when cloning from DoD-hosted repositories.
Stack Smashing at Home
A practical guide to disabling GCC and Linux kernel security protections including SSP, ASLR, exec-shield, and SELinux to reproduce wargame buffer overflow challenges in a local lab environment.
Ansible User Account Provisioning
This post shows an Ansible playbook for automating new Linux host provisioning by creating user accounts, configuring sudoers, and deploying SSH public keys across home lab and cloud systems.
Working with Raw LVM Disk Images
This post demonstrates how to mount and unmount raw disk images containing LVM partitions on Linux using udisksctl, vgchange, and dmsetup, useful for CTF and DFIR analysis scenarios.
Slackware LVM over LUKS
A step-by-step guide to installing Slackware with full disk encryption using LUKS over LVM, covering disk sanitization, partition setup, volume group creation, and initrd configuration for UEFI boot.
Using NetworkManager with DNSMasq and Slackware
This post describes recompiling dnsmasq with D-Bus support on Slackware 14.2 by patching the Makefile and SlackBuild, enabling NetworkManager to manage dnsmasq as its DNS backend.
Migrating and Upgrading Apache Guacamole to Docker
A walkthrough of migrating Apache Guacamole from a standalone install to a Docker Compose microservices setup with MariaDB, guacd, and guacamole containers, including database schema upgrade steps.
AutoFS with DHCP Classless Static Route Option
This post covers configuring AutoFS on Slackware to dynamically mount NFS and CIFS shares and using a Python script to generate RFC 3442 classless static route hex values for pfSense DHCP.
Handcrafting Linux Shellcode
A tutorial on writing 32-bit Linux shellcode from scratch using NASM assembly, covering execve system call conventions, stack-based string construction, bad character avoidance, and opcode extraction.
Raspberry Pi Centralized Log Server
A guide to configuring a Raspberry Pi as a centralized syslog server using rsyslog with per-host log files, log rotation, and forwarding configuration for syslog, rsyslog, and syslog-ng clients.
ELF Binary Disassembly
A detailed walkthrough of reverse engineering a 32-bit ELF binary by analyzing its objdump disassembly output in AT&T syntax, reconstructing stack frames, loops, and C source code from opcodes.