Skip to main content

Blog

Writing

Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.

AllDevOpsCybersecurityCI/CDDevSecOpsAWSMSc CybersecuritySOCAnsibleinfrastructurecybersecuritypipeline securityIncident ResponsePenetration TestingIaCAzureSecurity OnionSIEMdevopsidempotencyLinuxsecurityDigital ForensicsAutopsyVolatilityInsider ThreatDMIDockerMicroservicesSpring BootObservabilityWeb SecurityOWASPBurp SuiteFile UploadSecrets ManagementCloud SecurityGitHub ActionsAzure DevOpsMITRE ATT&CKRed TeamSecurity AssessmentTerraformState ManagementZeekSuricataAutomationNginxlinuxubuntupythonmigrationautomationcareer transitionbuilding in publiccloud infrastructureportfolioproductionhardeningSSHauditdfail2bandefence in depthshift-left securitycloud securitycareersystems-thinkinglearningcloudCloudArchitectureSecurityLab
Latest Post
5 min read

The Files Were Deleted. The Evidence Wasn't.

Deleted files, cleared history — digital forensics rebuilt the insider threat timeline from NTFS artefacts, memory, and Windows registry entries.

CybersecurityDigital ForensicsIncident ResponseAutopsy
Read Post
4 min read

What a Network Intrusion Actually Looks Like in Security Onion

The alert fired. Here is what came next — a walkthrough of the investigative process behind a ransomware intrusion investigation in Security Onion, from IDS alert triage through log correlation to a coherent incident timeline.

CybersecuritySOCSecurity Onion
Blog | Sonny Enchill