Elastic Stack SIEM Homelab

Setting up Elastic SIEM[Elasticsearch + Kibana] with secured communication in a VM homelab for experimentation and learning. This guide walks through configuration and options to assemble a functional SIEM stack to expand upon.
Read more →

CISSP Legal & Knowledge Transfer

CISSP Testing Mindset

The mindset necessary to score well on the CISSP.
Read more →

Risk Definitions and Identification

Risk Definitions and Identification
Risk Management is the foundation for all security decisions. ISRM: Information Security Risk Management ISRM, or Information Security Risk Management is the process of managing risks associated with the use of information technology. It involves identifying, assessing, and treating risks to the confidentiality, integrity, and availability of an organization’s assets. Managing risks associated with the IT/CIA Triad Source Risk Definitions Lingo for identifying risk. For the CISSP, you need to be solid on definitions since organizations use of terms can shift a bit.
Read more →

GCP: Mitigating Security Vulnerabilities

Google Cloud Platform tools to mitigate various potential exploits and vulnerabilities. Dives into securing infrastructure, Network protections, Application Security, and Content vulnerabilities. Notes from Coursera course.
Read more →

Oh Mongo, where art thou?

Hello dear player! Won’t you please come help me get my wish! I’m searching teacher’s database, but all I find are fish! Do all his boating trips effect some database dilution? It should not be this hard for me to find the quiz solution! Find the solution hidden in the MongoDB on this system. Login Found Mongo’s hosted port with netstat -lntp Then connecto to the exposed port with:
Read more →

GCP: Managing Security Course

Notes from Coursera ‘Managing Security in GCP’ course.
Read more →

GCP: Core Services Notes

Notes from the early Coursera GCP Core part of Security in Google Cloud Platform course. Recording relevant terminology(buzzwords) and quotes from the video lectures. Not 100% complete, if there was a topic I’m very familiar with, I possibly skipped taking down long form notes. The course was useful reminder of what-does-what, so I’ll deem it worth keeping around for now. TTL=2years?
Read more →

Cloud Native Security

Notes from Steve White’s OWASP PDX talk on modernizing Security for cloud native platforms.
Read more →

How to Hack OAuth

BSides PDX talk by Aaron Parneki. How OAuth works, and various examples of how it has been breached.
Read more →