IPsec Main Mode Crypto Sets: PowerShell Hardening Guide
A financial services client we took on last year had been running IPsec between their domain controllers and application servers for three years. Solid concept. The execution was a different…
Docker Container Security: 15-Checkpoint Audit
It is 2:47 AM. Your SIEM fires a privilege escalation alert on a production Linux host. You pull the process tree and find the origin: a Docker container launched six…
Backup Encryption and Ransomware: A Post-Mortem
The alert came in at 2:47 AM. File shares encrypted. Domain controllers unreachable. The backup server — also encrypted. The client’s IT lead called it a total loss. Twenty minutes…
DevSecOps Best Practices: A Pipeline Walkthrough
The Deployment That Shouldn’t Have Gone Live During an incident response engagement last year, we pulled the deployment logs for a mid-sized financial services company and found something that should…
Microsoft Defender for Office 365: Configuration Audit Checklist
The Audit Starts Before You Open the Console A financial services client came to us after a compliance review flagged an eleven-day gap in their Office 365 threat detection. They…
Cloud Security Posture Management: What Your SIEM Misses
We inherited an environment where an S3 bucket had been publicly readable for 14 months. The client ran monthly vulnerability scans. They had a SIEM. They had endpoint detection and…
Zero Trust Architecture: A Real Deployment Walkthrough
A financial services firm we work with had a problem they didn’t know they had. Their perimeter firewall was clean. Antivirus showed no alerts. The SOC hadn’t received a priority…
Digital Forensics for Incident Response: Field Guide
Three weeks into a ransomware investigation at a mid-size logistics firm, the IR team handed me what they called a “forensic copy” of the infected server. It had been rebooted…
Threat Hunting Techniques: A SOC Readiness Audit
Your SIEM generated zero critical alerts during the four-hour window on Tuesday night. Your first instinct is to call it a quiet shift. But three of the most damaging incidents…
Active Directory Security: Harden Your AD Environment
In March 2023, Cl0p operators compromised a regional financial services company and reached their domain controllers in 87 minutes. The initial vector was a spearphishing email. From there, the attack…