Posts
Deploying Splunk Universal Forwarders via GPO
A guide to deploying the Splunk Universal Forwarder across Windows endpoints using a Group Policy Object and an Orca-generated MST transform file containing the deployment server and credentials.
A Tale of an MSBuild In-Line Task
This post covers an incident response analysis of a malicious MSBuild in-line task file containing an embedded Cobalt Strike beacon DLL, including the method used to extract and statically analyze the payload.
Stack Smashing at Home
A practical guide to disabling GCC and Linux kernel security protections including SSP, ASLR, exec-shield, and SELinux to reproduce wargame buffer overflow challenges in a local lab environment.
Ansible User Account Provisioning
This post shows an Ansible playbook for automating new Linux host provisioning by creating user accounts, configuring sudoers, and deploying SSH public keys across home lab and cloud systems.
Replacing the Default Splunk Web SSL Certificate
A step-by-step guide to generating an OpenSSL CSR, signing it with a pfSense Root CA, and configuring Splunk Web to use the resulting certificate chain via web.conf.
Working with Raw LVM Disk Images
This post demonstrates how to mount and unmount raw disk images containing LVM partitions on Linux using udisksctl, vgchange, and dmsetup, useful for CTF and DFIR analysis scenarios.
Slackware LVM over LUKS
A step-by-step guide to installing Slackware with full disk encryption using LUKS over LVM, covering disk sanitization, partition setup, volume group creation, and initrd configuration for UEFI boot.
Using NetworkManager with DNSMasq and Slackware
This post describes recompiling dnsmasq with D-Bus support on Slackware 14.2 by patching the Makefile and SlackBuild, enabling NetworkManager to manage dnsmasq as its DNS backend.
Migrating and Upgrading Apache Guacamole to Docker
A walkthrough of migrating Apache Guacamole from a standalone install to a Docker Compose microservices setup with MariaDB, guacd, and guacamole containers, including database schema upgrade steps.
AutoFS with DHCP Classless Static Route Option
This post covers configuring AutoFS on Slackware to dynamically mount NFS and CIFS shares and using a Python script to generate RFC 3442 classless static route hex values for pfSense DHCP.