Stop Staring at DNS Records If you are new to Information Security, you’ll quickly learn that visibility is your best friend. One of the first things I look at when assessing a domain’s posture is its DMARC (Domain-based Message Authentication, Reporting, and Conformance) record. DMARC tells the world how to handle emails that claim to be Read More …
Category: Computers
A Powerful OSINT Tool for Username Discovery
The ability to gather intelligence efficiently is a foundational skill. One effective tool for early stages is Sherlock. Named after the legendary detective, Sherlock is an open-source, Python-based tool designed to help security professionals and researchers locate a specific username across hundreds of different websites and social media platforms simultaneously. How Sherlock Works Sherlock operates Read More …
SPA – Single-Page Application
Modern Web Architecture and Security This was a new term for me as I started putting together my most recent study guide. SPA, which stands for Single-Page Application. While it sounds like a simple website, an SPA represents a fundamental shift in how web applications function, bringing unique challenges to the world of information security. Read More …
Connecting Code to Capital: Understanding EPS
In the IT sector, we often measure success through “per unit” metrics: requests per second, cost per gigabyte, or tickets per agent. In the world of public markets and executive leadership, the ultimate “per unit” metric is EPS, or Earnings Per Share. For an IT professional aiming for a managerial role, EPS is the bridge Read More …
Cloud Formation Example
Imagine you’re a System Administrator tasked with setting up a new environment. Traditionally, this involves a long checklist: log into the console, click through menus to create a VPC, spin up three VMs, configure storage, attach security groups, and set up a load balancer. If you need a second environment for testing, you have to do Read More …
Fine-Tuning an AI
We’ve talked about grounding (giving an AI a textbook to look at) and prompting (giving an AI clear instructions). But sometimes, you don’t just want the AI to look at a book; you want the AI to become an expert in its bones. This is called Fine-Tuning. Generalist vs. Specialist Think of a standard AI Read More …
IaC – Infrastructure as Code
The Recipe for Modern IT In the traditional world of IT, setting up a server was a craft. A sysadmin would log in, click through menus, install packages, and tweak settings until everything worked. I know, I did this job for much of my early career. But much like a chef cooking a complex signature Read More …
OIDC – OpenID Connect
Adding Identity to the Authorization Layer In the journey through information security, you will frequently encounter OAuth 2.0. While OAuth is excellent at authorization, it was never actually designed for authentication. To solve this, OIDC, or OpenID Connect, was created. Think of it this way: OAuth 2.0 is the key to a hotel room, while OIDC Read More …
Automating Infrastructure Visibility with dig
In modern cybersecurity, you cannot protect what you don’t know exists. Traditional DNS tools often give you fragmented data. You get an A record here, an SPF record there, but connecting those to an owner (WHOIS) or a risk profile (Shodan) usually requires manual effort. A Solution: One Script to Rule Them All I’ve consolidated Read More …
THE SOUND AND THE SURGE
A FRAGMENT OF THE UNCONQUERED DARK By William Faulkner It was not the machine but the wanting of the machine, the cold, calculated, and inexorable expansion of a thing that had no blood but possessed a terrible, circulating hunger for the lightning. Kevin sat there. He was a small man, a man of Tiers and Read More …