Writing · 19 posts
Blog
Lab writeups and technical deep dives.What I learned, written down so I'll remember it.

Network Discovery and Service Enumeration with Nmap: ARP Sweeps, Version Detection, and NSE Against an Exposed MongoDB
A hands-on SEC504 Nmap reconnaissance walkthrough across a 172.30.0.0/24 lab subnet: contrasting unprivileged and privileged ARP host discovery, full-range TCP scanning and version detection that unmasks Dropbear SSH on a non-standard port, and NSE scripts that surface an unauthenticated MongoDB 5.0.27 and an SMB server (FILESTOR) not requiring message signing.

AI-Assisted Incident Handling: Deobfuscating Malware, Generating PowerShell Tooling, and Drafting an IR Playbook with a Self-Hosted gpt-4.1
A hands-on SEC504 workflow using a self-hosted gpt-4.1 (OpenWebUI/Docker) as an incident-handling force-multiplier: deobfuscating a variable-fragmented malicious batch script and extracting its IOCs, generating a PowerShell baseline-collection tool for Compare-Object diffing, and drafting a MITRE ATT&CK-mapped incident-response playbook, all on a local model so malware and IOCs never leave the environment.

Malware Analysis with Strings, Regshot, and Process Monitor: Profiling AnalyticsInstaller.exe from Hash to Wiper Payload
A hands-on SEC504 malware-triage walkthrough on Windows: hashing AnalyticsInstaller.exe with Get-FileHash, pulling IOCs with Sysinternals Strings (a www1-google-analytics.com typosquat C2, an HKCU Run key, an encoded PowerShell payload, and a destructive AnalyticsBackup.bat), then detonating it under Regshot and Process Monitor to confirm the 'Analytics Backup' scheduled-task persistence and the cmd.exe to powershell.exe -EncodedCommand execution chain.