Technical writeups from CTF competitions, security research, and hands-on projects. Documenting the path from intelligence analyst to cybersecurity professional.
Lessons from the Cloud Security Alliance TAISE certification course, translated into practical guidance for homelab AI deployments.
Read more →Three ports accounted for 88% of all inbound traffic across 28 days. HTTPS, VNC, and an alternate HTTPS port dominated, with a concentrated SNMP burst hitting 1.3 million events in just 48 hours before going completely silent.
Read more →Three patterns from this deployment align with broader reporting from early 2026: a 2019-patched Fortinet flaw still leading by volume, IoT botnet scanning running every single day, and a critical RCE active within two months of disclosure.
Read more →Three CVEs, three distinct operational patterns. Burst scanning, steady botnet activity, and post-disclosure opportunistic scanning each point to different infrastructure behind the top threats in this dataset.
Read more →28 days of Cowrie credential logs show root as the top username and two IoT device defaults accounting for roughly 30% of global SSH brute-force attempts embedded in scanning tooling worldwide.
Read more →Three major cloud providers contributed 17.4 million events across 28 days, accounting for 18.1% of all inbound attack traffic. DigitalOcean alone was responsible for 14.3%.
Read more →Where attack traffic originated during a 28-day T-Pot honeypot deployment, and why cloud provider and VPN exit node usage limits attribution confidence.
Read more →A breakdown of the top Suricata signatures fired across 28 days, from 3.4 million VNC alerts to FortiOS exploitation attempts and DoublePulsar backdoor communication.
Read more →6,213 SIP scan events across just 3 days in February 2026, with 73.5% occurring on a single day.
Read more →321,116 RDP-related events in February 2026, with over 60% occurring in a single day on 2026/02/17.
Read more →13,522 events flagging DoublePulsar backdoor communication across February 2026, nearly a decade after the NSA implant was leaked.
Read more →28 days of declining RCE scanning targeting CVE-2025-55182, a critical flaw in React Server Components disclosed two months before this deployment.
Read more →28 days of flat, uninterrupted scanning tied to the ELEVEN11 botnet targeting TVT NVMS-9000 DVRs via CVE-2024-14007.
Read more →Analysis of 29,938 scanning events targeting CVE-2018-13379 across a 28-day T-Pot honeypot deployment on Google Cloud Platform.
Read more →Analysis of CVE-2026-24061, the most recently disclosed CVE observed in the February 2026 T-Pot honeypot deployment, including observed activity, scoring data, and defender guidance.
Read more →Pre-2017 CVEs that still generated inbound scanning activity during a 28-day honeypot deployment, and what the patterns suggest about long-unpatched systems.
Read more →Analysis of the three highest-volume CVEs observed across a 28-day T-Pot honeypot deployment on Google Cloud Platform, February 2026.
Read more →Exploring blockchain security by building and deploying an ERC-20 token on the Sepolia testnet. Understanding smart contract vulnerabilities, transaction security, and the fundamentals of decentralized systems.
Read more →Building a hands-on cybersecurity lab focused on blue team operations, threat detection, and enterprise environment simulation using clustered Proxmox nodes.
Read more →Reverse engineering a DNS exfiltration binary when every other escape route has been cut off. Complete protocol reconstruction from ARM64 assembly using Ghidra static analysis.
Read more →How I scored 95%+ on three GIAC exams and made the Advisory Board, and the exact system I used to build an index that works under test conditions.
Read more →Reflections on placing 2nd in the national cyber defense competition. What I learned working through both offensive and defensive scenarios, how it shaped my career transition, and the lessons I'm taking forward.
Read more →