Bash Functions: Defining, Calling, and Returning Values
Last quarter a client’s deployment script hit 900 lines with zero bash functions. Just a massive wall of sequential commands. When something broke at 2 AM, nobody could figure out…
Kubernetes Secrets Management: Encryption at Rest Audit
A Base64 String Is Not a Security Strategy Last year we were brought in to assess a mid-sized fintech company’s Kubernetes environment after a failed compliance audit. Their security team…
AD Server Parameter: FQDN vs NetBIOS Name Explained
While scripting a bulk user migration for a client last quarter, I hit one of those issues that wastes an hour before you realize what happened. Half the Get-ADUser calls…
Ransomware Encryption Analysis: Attack Mechanics on Windows
Forty-Seven Alerts at 2 AM and One of Them Was Real A managed services client called our SOC at 2:14 AM on a Tuesday. Their file server was throwing access…
PowerShell Module Management: Install, Import, and Update
A client called us on a Monday morning because half their admin team couldn’t run Exchange management commands. The other half could. Same servers, same accounts, same Group Policy. Turned…
Automating ODBC DSN Management with PowerShell Remove-OdbcDsn
Orphaned DSNs and the Ticket That Started It All The ticket read: “Application can’t connect to the database.” After remoting into the server, I ran Get-OdbcDsn and found seventeen ODBC…
vSphere 6.7 Fault Tolerance: VMDK and RDM Restriction Checklist
A Client Call That Could Have Gone Better One of our managed healthcare accounts called in after a failed attempt to enable Fault Tolerance on a production SQL VM. The…
Using Autoruns to Audit Every Windows Autostart Location
A Backdoor Hiding in Plain Sight During a quarterly security review for a client running a 200-seat Windows environment, we found a DLL registered under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls that had been…
AdExplorer: Browsing and Snapshotting Active Directory Offline
The Change Nobody Documented Three service accounts disabled in production. No change ticket. No record of who did it or when. The helpdesk was fielding calls for forty minutes before…
PowerShell For, ForEach, and While Loops Explained
Six Hours of Copy-Paste, Gone in One Loop Last quarter we inherited a client environment with 140 Windows servers. The previous admin had been manually checking disk space on each…