Real stories from real engagements. No theory — just what works.
EJBCA, Docker HA, mTLS, ACME, CRL, OCSP — the complete PKI stack deployed and documented in a weekend. Here's the architecture and what I learned.
DNS zone transfer, exposed admin panels, EOL software with 90+ CVEs, anonymous FTP. How a single VPS became a security case study.
From default Ubuntu to hardened server: auditd, SSH restrictions, kernel tweaks, CIS benchmarks. 68 to 77 in 15 minutes.
Mutual TLS authentication in practice. How I locked down every service with client certificates and eliminated password-based access.
I checked a client's email security. No DKIM, SPF softfail, DMARC on 'none'. Anyone could send emails as their domain.
My VPS honeypot captures thousands of brute-force attempts daily. Here's who's attacking, from where, and the usernames they try.