Blog
Writing
Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.
AllDevOpsCybersecurityCI/CDDevSecOpsAWSMSc CybersecuritySOCAnsibleinfrastructurecybersecuritypipeline securityIncident ResponsePenetration TestingIaCAzureSecurity OnionSIEMdevopsidempotencyLinuxsecurityDigital ForensicsAutopsyVolatilityInsider ThreatDMIDockerMicroservicesSpring BootObservabilityWeb SecurityOWASPBurp SuiteFile UploadSecrets ManagementCloud SecurityGitHub ActionsAzure DevOpsMITRE ATT&CKRed TeamSecurity AssessmentTerraformState ManagementZeekSuricataAutomationNginxlinuxubuntupythonmigrationautomationcareer transitionbuilding in publiccloud infrastructureportfolioproductionhardeningSSHauditdfail2bandefence in depthshift-left securitycloud securitycareersystems-thinkinglearningcloudCloudArchitectureSecurityLab
Latest Post
5 min read
The Difference Between Finding a Vulnerability and Exploiting It Responsibly
Nmap returned the service version. I already knew the CVE. The exploit was in Metasploit. I did not run it yet. Here is what comes between finding a vulnerability and proving it is real.
CybersecurityPenetration TestingMITRE ATT&CKRed Team
Read Post