Advertisement · 728 × 90

Posts by

Preview
Hunting for Missing AES in Active Directory In the world of Active Directory security, 2026 is the year the "Compatibility Tax" finally comes due.  For decades, Kerberos has quietly allowed a fallback to RC4 encryption. It was convenient, it was compatible, and, by modern standards, it is a massive security hole.  With CVE-2026-20833, Microsoft has officially pulled the plug. We are currently in the final "Enforcement Phase."  If an account in your domain doesn’t have its…

Hunting for Missing AES in Active Directory #Kerberos #rc4

37 minutes ago 0 0 0 0
Quantum Computing Think of traditional computers as a massive library where every book is written in a simple code of 1s and 0s. To find a specific word, a librarian has to walk down every aisle, one by one, checking every page. It’s reliable, but slow.  Quantum Computing isn't just a faster librarian; it’s a librarian who can exist in every aisle at the exact same time.

Quantum Computing

1 day ago 0 0 0 0
Preview
Tool Overview: h8mail h8mail is an open-source intelligence (OSINT) and password breach hunting tool written in Python. It is designed to help security professionals identify if specific email addresses have been compromised in data breaches. By aggregating data from multiple leak-checking services and local databases, h8mail provides a centralized way to audit credential exposure for individuals or entire organizations. Core Functionality…

Tool Overview: h8mail

h8mail is an open-source intelligence (OSINT) and password breach hunting tool written in Python. It is designed to help security professionals identify if specific email addresses have been compromised in data breaches. By aggregating data from multiple leak-checking…

2 days ago 0 0 0 0
Preview
The 10-Minute Philadelphia Style Vanilla Ice Cream Sometimes, you don’t want to mess with tempering eggs or waiting for a cooked base to cool for hours. Enter: Philadelphia-Style Ice Cream. This is the quickest way to get from "I want ice cream" to "I’m eating ice cream."  Because this recipe isn't cooked, the quality of your ingredients really matters. Use the best cream and vanilla you can find—you’ll taste the difference in every spoonful!

The 10-Minute Philadelphia Style Vanilla Ice Cream

2 days ago 0 0 0 0
Preview
Beyond nslookup with .NET Sockets This article introduces a professional-grade PowerShell script that identifies Domain Controllers using native .NET sockets, bypassing the overhead of standard administrative cmdlets.  Most internal reconnaissance starts with finding the Domain Controllers. While a simple nslookup -q=srv _ldap._tcp.dc._msdcs.domain.local works, it has three major flaws: Hard-coding: It assumes you already know the domain name. Parsing: It returns a wall of text that is difficult to pipe into other tools.

Beyond nslookup with .NET Sockets
#dns #DomainController

4 days ago 0 0 0 0
Preview
Tool Overview: theHarvester theHarvester is an open-source tool designed for the reconnaissance phase of a penetration test or security audit. Developed by Christian Martorella, it is written in Python and serves as a framework for gathering open-source intelligence (OSINT). Its primary function is to collect emails, subdomains, hosts, employee names, open ports, and banners from various public data sources. Core Functionality…

Tool Overview: theHarvester
#osint #tool #recon

4 days ago 0 0 0 0
Preview
The Digital Panopticon » tmack If we continue to value the elusive feeling of security over the tangible reality of freedom, we may find that the glass house we've built is actually a prison where the guards are always watching, but no one is truly safe.

I am writing about Automated License Plate Readers (ALPR) and the concept of the "Vehicle Fingerprint." We’re looking at how this technology shifts the balance between community safety and individual privacy.

wp.me/pgUqIh-VG?utm_... #Privacy

#ALPR #FlockSafety #CyberSecurity

6 days ago 0 0 0 0

and now traveling to a city near you

6 days ago 0 0 0 0
Preview
Tool Overview: Maigret Maigret is an open-source intelligence (OSINT) tool designed to automate the process of username reconnaissance. Developed as a fork of Sherlock, Maigret expands upon the concept of searching for a specific identifier across a vast array of websites to build a profile of an individual’s digital footprint. Core Functionality Maigret operates by taking a single username as input and querying thousands of platforms—including social media, professional networks, forums, and niche websites—to determine if an account with that name exists.

Tool Overview: Maigret
#osint #tool #security

1 week ago 0 0 0 0
Preview
Automating the Audit Stop Staring at DNS Records If you are new to Information Security, you’ll quickly learn that visibility is your best friend. One of the first things I look at when assessing a domain’s posture is its DMARC (Domain-based Message Authentication, Reporting, and Conformance) record.  DMARC tells the world how to handle emails that claim to be from your domain but fail authentication.

Automating the Audit

1 week ago 0 0 0 0
Advertisement
Preview
A Powerful OSINT Tool for Username Discovery The ability to gather intelligence efficiently is a foundational skill. One effective tool for early stages is Sherlock. Named after the legendary detective, Sherlock is an open-source, Python-based tool designed to help security professionals and researchers locate a specific username across hundreds of different websites and social media platforms simultaneously. How Sherlock Works Sherlock operates on the principle of Open-Source Intelligence (OSINT).  

A Powerful OSINT Tool for Username Discovery

1 week ago 0 0 0 0
Preview
SPA – Single-Page Application Modern Web Architecture and Security This was a new term for me as I started putting together my most recent study guide. SPA, which stands for Single-Page Application.  While it sounds like a simple website, an SPA represents a fundamental shift in how web applications function, bringing unique challenges to the world of information security.  Understanding SPAs is critical because they are the primary reason tools like PKCE and OIDC became industry standards.

SPA - Single-Page Application

1 week ago 0 0 0 0
An Example IT Budget To categorize a $10 million IT budget effectively, you need to think like a CFO. The goal is to separate the costs of "keeping the lights on for the product" (COGS) from the costs of "running the office and supporting employees" (SG&A). In a modern tech-driven company, here is how you would likely split that $10M to ensure you are maximizing the company’s…

An Example IT Budget

1 week ago 0 0 0 0
Maximizing the Machine: Understanding Return on Assets (ROA) In a technical environment, we often talk about "resource utilization." We monitor CPU load, memory usage, and disk I/O to ensure we are getting the most out of our hardware. In the executive suite, the financial equivalent of utilization is Return on Assets (ROA). For an IT professional looking to move into management, ROA is a vital metric. It reveals how efficiently a company uses its total assets—everything from office buildings and patents to the very servers and software you manage—to generate profit.

Maximizing the Machine: Understanding Return on Assets (ROA)

1 week ago 0 0 0 0
Connecting Code to Capital: Understanding EPS In the IT sector, we often measure success through "per unit" metrics: requests per second, cost per gigabyte, or tickets per agent. In the world of public markets and executive leadership, the ultimate "per unit" metric is EPS, or Earnings Per Share. For an IT professional aiming for a managerial role, EPS is the bridge between your technical efficiency and the company's stock price.

Connecting Code to Capital: Understanding EPS

1 week ago 0 0 0 0
Mastering the P&L: IT’s “Seat at the Table” In the technical world, we rely on dashboards—Grafana, SolarWinds, or Azure Monitor—to tell us if a system is healthy. In the business world, the ultimate health dashboard is the Profit and Loss (P&L) Statement. Also known as an Income Statement, the P&L summarizes a company’s revenues, costs, and expenses over a specific period (usually a quarter or a year).

Mastering the P&L: IT’s "Seat at the Table"

1 week ago 0 0 0 0
Preview
Cloud Formation Example Imagine you’re a System Administrator tasked with setting up a new environment.  Traditionally, this involves a long checklist: log into the console, click through menus to create a VPC, spin up three VMs, configure storage, attach security groups, and set up a load balancer. If you need a second environment for testing, you have to do it all over again, and hope you didn't miss a single checkbox. 

Think of Cloud Formation as a digital blueprint for your data center.

2 weeks ago 0 0 0 0
Preview
Fine-Tuning an AI We’ve talked about grounding (giving an AI a textbook to look at) and prompting (giving an AI clear instructions).  But sometimes, you don't just want the AI to look at a book; you want the AI to become an expert in its bones.  This is called Fine-Tuning. Generalist vs. Specialist Think of a standard AI as someone who just graduated with a general college degree. 

Fine-Tuning an AI

2 weeks ago 0 0 0 0
Advertisement
Preview
IaC – Infrastructure as Code The Recipe for Modern IT In the traditional world of IT, setting up a server was a craft.  A sysadmin would log in, click through menus, install packages, and tweak settings until everything worked.  I know, I did this job for much of my early career.  But much like a chef cooking a complex signature dish from memory, this manual approach has a fatal flaw: human variability. 

Why Infrastructure as Code is the Future of Stability

2 weeks ago 1 0 0 0
Preview
OIDC – OpenID Connect Adding Identity to the Authorization Layer In the journey through information security, you will frequently encounter OAuth 2.0. While OAuth is excellent at authorization, it was never actually designed for authentication. To solve this, OIDC, or OpenID Connect, was created.  Think of it this way: OAuth 2.0 is the key to a hotel room, while OIDC is the ID card that proves you are the person who booked it.

OIDC - OpenID Connect

2 weeks ago 1 0 0 0
Automating Infrastructure Visibility with dig In modern cybersecurity, you cannot protect what you don't know exists. Traditional DNS tools often give you fragmented data. You get an A record here, an SPF record there, but connecting those to an owner (WHOIS) or a risk profile (Shodan) usually requires manual effort. A Solution: One Script to Rule Them All I’ve consolidated several specialized enumeration scripts, originally designed for SOA tracking, SPF auditing, and endpoint discovery, into a single, high-performance Bash suite.

Automating Infrastructure Visibility with dig

3 weeks ago 1 0 0 0
Preview
THE SOUND AND THE SURGE A FRAGMENT OF THE UNCONQUERED DARK By William Faulkner It was not the machine but the wanting of the machine, the cold, calculated, and inexorable expansion of a thing that had no blood but possessed a terrible, circulating hunger for the lightning. Kevin sat there. He was a small man, a man of Tiers and Tickets, smelling faintly of old static and the desperate, synthetic hope of a break-room donut.

THE SOUND AND THE SURGE

3 weeks ago 0 0 0 0

Roku has been doing this for sometime now with Amazon

3 weeks ago 1 0 0 0
Preview
OCF – Operating Cash Flow In the technical world, we often distinguish between "allocated memory" and "active throughput."  A system might have plenty of resources reserved, but if the data isn't actually flowing through the pipes, the system just stalls.  In finance, Operating Cash Flow (OCF) is that throughput.  It is the actual cash moving into and out of the company from its core business activities.

OCF – Operating Cash Flow

In the technical world, we often distinguish between "allocated memory" and "active throughput."  A system might have plenty of resources reserved, but if the data isn't actually flowing through the pipes, the system just stalls.  In finance, Operating Cash Flow (OCF) is…

3 weeks ago 3 0 0 0