CISA KEV-to-Asset Triage Playbook: How to Prioritize Real-World Exploitation Fast
If your patch queue is always full, your biggest risk is not “all vulnerabilities.” It is the subset already being exploited in the wild. That is exactly what CISA’s Known…
Most Useful Cybersecurity Commands in 2026 (Linux + Windows)
If you only keep one security runbook open during an incident, make it command-first and repeatable. This is a practical command pack for quick triage across Linux and Windows. 1)…
FTP Exposure in 2026: Practical Hardening Guide for Linux and Windows Server
FTP is still running in more environments than most teams expect. The real risk is usually not a complex zero-day. It is simple exposure: internet-facing services, weak transport settings, and…
Auto HDR Switcher Script for Steam Games (PowerShell)
If you game on Windows and switch between SDR desktop and HDR titles, manual toggling gets old fast. I built a lightweight PowerShell HDR Switcher that watches for Steam games…
GrapheneOS Deep Dive: Installation, Security Features, Challenges, and Practical Expectations
GrapheneOS is a hardened Android-based operating system focused on security and privacy while keeping Android app compatibility. This guide is technical and practical: installation paths, what security features matter, where…
Windows Security Triage Playbook with PowerShell (Step-by-Step)
When a security alert appears, a clear sequence matters more than speed alone. This playbook gives a practical step-by-step workflow you can run in authorized environments using native Windows +…
Weekly Command Pack: 12 PowerShell Commands for Security Ops
Use this pack weekly and compare outputs over time. Get-LocalGroupMember -Group "Administrators"`nSearch-ADAccount -LockedOut -UsersOnly`nSearch-ADAccount -AccountDisabled -UsersOnly`nGet-ADUser -Filter * -Properties LastLogonDate | Sort LastLogonDate`nGet-WinEvent -FilterHashtable @{LogName='Security';Id=4625;StartTime=(Get-Date).AddDays(-1)}`nGet-WinEvent -FilterHashtable @{LogName='Security';Id=4688;StartTime=(Get-Date).AddHours(-6)}`nGet-NetTCPConnection -State Established`nGet-Process |…
Incident Micro-Scenario: Locked Accounts Spike in 15 Minutes
Scenario: Multiple users report lockouts within 15 minutes. Step 1: Confirm lockout events Get-WinEvent -FilterHashtable @{LogName='Security'; Id=4740; StartTime=(Get-Date).AddMinutes(-30)} | Select TimeCreated,Message Step 2: Correlate failed logons Get-WinEvent -FilterHashtable @{LogName='Security'; Id=4625;…
Bad vs Better: 6 Security Config Patterns (Windows + PowerShell)
Small config decisions make huge differences. 1) Admin rightsBad: Broad permanent admin rights.Better: Just-in-time elevation with approval. 2) Credentials in scriptsBad: Plain text passwords.Better: Vaulted secrets. 3) LoggingBad: No centralized…
Windows Security Hardening Checklist (One Page)
Use this as a weekly or monthly baseline review. Enable MFA for all interactive users Restrict local admin membership Disable legacy protocols where possible Enable audit policy for process/account changes…