Blog
Writing
Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.
AllDevOpsCybersecurityCI/CDDevSecOpsAWSMSc CybersecuritySOCAnsibleinfrastructurecybersecuritypipeline securityIncident ResponsePenetration TestingIaCAzureSecurity OnionSIEMdevopsidempotencyLinuxsecurityDigital ForensicsAutopsyVolatilityInsider ThreatDMIDockerMicroservicesSpring BootObservabilityWeb SecurityOWASPBurp SuiteFile UploadSecrets ManagementCloud SecurityGitHub ActionsAzure DevOpsMITRE ATT&CKRed TeamSecurity AssessmentTerraformState ManagementZeekSuricataAutomationNginxlinuxubuntupythonmigrationautomationcareer transitionbuilding in publiccloud infrastructureportfolioproductionhardeningSSHauditdfail2bandefence in depthshift-left securitycloud securitycareersystems-thinkinglearningcloudCloudArchitectureSecurityLab
Latest Post
5 min read
The Files Were Deleted. The Evidence Wasn't.
Deleted files, cleared history — digital forensics rebuilt the insider threat timeline from NTFS artefacts, memory, and Windows registry entries.
CybersecurityDigital ForensicsIncident ResponseAutopsy
Read Post
4 min read
The File Upload That Looked Safe — Until I Changed One Request Header
The file upload form had validation. It checked the file type, rejected anything that wasn't an image, and showed a helpful error message. The check ran entirely in the browser.
CybersecurityPenetration TestingWeb Security
5 min read
The Difference Between Finding a Vulnerability and Exploiting It Responsibly
Nmap returned the service version. I already knew the CVE. The exploit was in Metasploit. I did not run it yet. Here is what comes between finding a vulnerability and proving it is real.
CybersecurityPenetration TestingMITRE ATT&CK