analyst@hack3rs:~/blog$ ls -R posts/
Blog (Monthly Network Security Learning Archive)
One long-form article per month for the last two years, each tied to a dated topic, practical mitigation guidance, tool workflows, and links into the learning program.
Dates shown here are the same source-of-truth dates used by the article pages, so archive and post pages stay consistent.
blog-structure
February 2026
- 2026-02-20 Insider Threat Monitoring and Access Review Discipline for Defendersopen article Read full post
A detailed insider-risk defender guide covering privilege misuse, sensitive action monitoring, evidence-based triage, and access-review workflows that reduce both malicious and accidental harm.
$ tag: Insider Risk / Access Governance
January 2026
- 2026-01-15 Cloud Identity Abuse Prevention Roadmap for New-Year Projectsopen article Read full post
A cloud-first defender roadmap for tightening IAM, monitoring control-plane changes, reducing privilege drift, and validating exposed services during project kickoff season.
$ tag: Cloud / IAM
December 2025
- 2025-12-04 Post-Incident Review and a Hardening Backlog That Actually Gets Doneopen article Read full post
A detailed method for post-incident review, evidence-based lessons learned, backlog prioritization, and converting findings into realistic hardening and detection improvements.
$ tag: IR Improvement / Governance
November 2025
- 2025-11-18 DDoS Runbook Testing and Dependency Mapping Before Peak Load Periodsopen article Read full post
How to test DDoS runbooks, map service dependencies, define escalation thresholds, and combine traffic telemetry with application health during availability incidents.
$ tag: Availability / Runbooks
October 2025
- 2025-10-07 DNS Tunneling Detection Baselines for Cybersecurity Awareness Monthopen article Read full post
A practical DNS defense article on building baselines, spotting high-entropy labels, validating resolver paths, and reducing false positives in tunneling detection.
$ tag: DNS / Detection
September 2025
- 2025-09-25 AD Privilege Path Review and Defensive BloodHound Usageopen article Read full post
How defenders use BloodHound and related telemetry to understand privilege paths, reduce admin sprawl, and detect lateral movement opportunity before an incident.
$ tag: AD / Privilege Paths
August 2025
- 2025-08-14 Packet Analysis Case Study: DNS + TLS + HTTP Triage in a Suspect Sessionopen article Read full post
A full packet-analysis walkthrough for defenders using Wireshark/TShark to reconstruct DNS resolution, TLS handshakes, HTTP behavior, and suspicious timing patterns.
$ tag: Packet Analysis
July 2025
- 2025-07-24 Wireless Rogue AP Drills and BYOD Segmentation Validationopen article Read full post
A defensive training article on running authorized wireless drills, detecting rogue AP behavior, and validating BYOD/guest segmentation using Kismet, captures, and network checks.
$ tag: Wireless / Segmentation
June 2025
- 2025-06-11 Zeek and Suricata Tuning for Noisy Environments (Without Losing Signal)open article Read full post
How to tune Zeek and Suricata in a controlled, evidence-based way: baseline traffic, document changes, reduce false positives, and preserve detection coverage.
$ tag: NSM / Tuning
May 2025
- 2025-05-22 Supply Chain Trust Paths and Vendor Remote Access Oversight for Defendersopen article Read full post
A detailed defender guide to third-party and supply-chain risk: vendor access inventory, session oversight, change correlation, and monitoring trusted channels.
$ tag: Third Party / Governance
April 2025
- 2025-04-09 ATT&CK Mapping for Lateral Movement Detections That Actually Help Analystsopen article Read full post
How to map lateral movement detections to ATT&CK behavior in a way that improves analyst triage, telemetry quality, and coverage-gap decisions.
$ tag: Detection Engineering / ATT&CK
March 2025
- 2025-03-18 VPN/RDP Exposure Drift and Remote Access Validation with Nmap + Ndiffopen article Read full post
A practical workflow for auditing remote access exposure, comparing drift, validating hardening, and tuning detections on authentication failures and probes.
$ tag: Remote Access / Exposure
February 2025
- 2025-02-13 Business Email Compromise, Session Theft, and Mailbox Abuse: What Defenders Missopen article Read full post
A defender-focused BEC deep dive covering credential theft, session abuse, mailbox rules, payment fraud indicators, and cross-team containment workflows.
$ tag: Identity / Email
January 2025
- 2025-01-16 KEV Prioritization Reset for the New Year: Rebuilding a Patch Queue That Mattersopen article Read full post
How to restart patch prioritization using a KEV-style workflow, asset criticality, exposure mapping, and remediation validation instead of severity-only reporting.
$ tag: Patching / Prioritization
December 2024
- 2024-12-12 Backup Restore Validation and Year-End Response Drills (Before You Need Them)open article Read full post
A year-end resilience playbook for defenders: validate backups, review recovery priorities, drill response decisions, and improve evidence handling before incidents happen.
$ tag: Resilience / IR
November 2024
- 2024-11-21 Holiday Commerce Surface Hardening and Web Telemetry Reviewopen article Read full post
How to harden web-facing systems before traffic peaks: review exposure, validate app paths, monitor logs, and tie findings to remediation and alerting workflows.
$ tag: Web Exposure / App Defense
October 2024
- 2024-10-10 Phishing-Resistant MFA and Identity Hardening: Building Better Defaultsopen article Read full post
A practical identity hardening deep dive focused on MFA quality, session hygiene, prompt fatigue defense, and how to teach users what secure sign-in actually looks like.
$ tag: Identity / MFA
September 2024
- 2024-09-17 Segmentation and DDoS Readiness for High-Traffic Seasonsopen article Read full post
A detailed guide to DDoS and service exhaustion readiness: traffic characterization, dependency mapping, segmentation, and runbook preparation for availability-focused defense.
$ tag: Availability / Segmentation
August 2024
- 2024-08-08 DNS Anomaly Hunting for Quiet Command-and-Control Activityopen article Read full post
How to baseline DNS, detect tunneling-like patterns, validate suspicious domains, and use Zeek/TShark for DNS-focused threat hunting without overreacting to noise.
$ tag: DNS / NSM
July 2024
- 2024-07-19 Public Wi-Fi During Travel Season: VPN Use, Wireless Trust, and Defensive Habitsopen article Read full post
A white-hat training article on travel-season wireless risk, evil twin scenarios, VPN hygiene, DNS visibility, and how defenders should teach safe habits without fear-driven messaging.
$ tag: Wireless / User Security
June 2024
- 2024-06-06 Cloud Identity Drift and Control-Plane Visibility: Catching Risk Before Breachopen article Read full post
A defender guide to cloud identity abuse prevention, focusing on IAM drift, control-plane logging, role scope, and fast incident triage for suspicious admin actions.
$ tag: Cloud / IAM
May 2024
- 2024-05-14 Ransomware Pre-Positioning Signals: What to Catch Before Encryption Startsopen article Read full post
How to detect ransomware operations before impact by focusing on lateral movement, backup tampering, credential abuse, and service changes rather than waiting for encryption alerts.
$ tag: Ransomware / Detection
April 2024
- 2024-04-23 Internet-Facing Edge Audit and KEV Prioritization Before Change Windowsopen article Read full post
How to run a defender-grade edge audit: inventory exposed services, compare drift, prioritize by exploited vulnerabilities, and validate remediation with evidence.
$ tag: Exposure / Patch Prioritization
March 2024
- 2024-03-11 Tax Season Phishing and Credential Harvesting: A Defender Playbookopen article Read full post
A detailed defender guide to handling tax-season phishing and credential harvesting: what attackers do, how to detect early signals, how to triage accounts safely, and how to reduce repeat incidents.
$ tag: Identity / Phishing