Security Guides
Security documentation tends to fall into two failure modes: written for security professionals who already know what they're doing, or written for beginners who need everything explained. Both are useless if you're a DevOps engineer who needs to harden a server before a deadline.
These guides target the middle ground: practical hardening based on CIS benchmarks, what headers to add and why, what TLS settings fail compliance, and how frameworks like the Cyber Kill Chain apply to real defense decisions.
The goal is to make you a harder target without requiring a security certification — just careful, deliberate configuration backed by understanding what the attacker is actually doing.
11 articles
Log Analysis for Security Investigations: Windows Event Logs and Web Server Access Logs
A practical guide to log analysis for security investigations — Windows Event Viewer, critical Event IDs, Apache access log parsing, and the Linux command-line tools that make manual log analysis fast and effective.
Diamond Model of Intrusion Analysis: 4 Core Components Explained (2026)
A technical breakdown of the Diamond Model of Intrusion Analysis — adversary, victim, capability, and infrastructure — with real attack examples, meta-features, and how it compares to the Cyber Kill Chain and MITRE ATT&CK.
Cyber Kill Chain: All 7 Phases Explained with Real Attack Examples (2026)
A technical deep-dive into the Cyber Kill Chain — all 7 phases mapped with real attacker techniques, detection indicators, and defensive controls. Includes a full real-world attack walkthrough and Kill Chain vs MITRE ATT&CK comparison.
iptables Block IP: Practical Examples for Linux
Block IPs with iptables — block single IP, IP range, port-specific rules, make rules persistent, and use ipset for large block lists. Real production examples.
How to Check Firewall Status in Linux: iptables, firewalld, ufw
Check firewall status in Linux using iptables, firewalld, and ufw — see active rules, verify port access, and diagnose whether firewall is blocking traffic.
Linux Security Hardening Guide: CIS Benchmarks for Production
Complete Linux security hardening guide using CIS benchmarks — Ubuntu, RHEL, and Windows Server. SSH hardening, auditd, filesystem restrictions, firewall configuration, and production pitfalls to avoid.
CIS RHEL Level 1 Hardening: What Actually Breaks in Production
CIS RHEL Level 1 hardening guide for production Red Hat systems — what breaks, what to apply first, and how to avoid SSH lockouts, auditd disk exhaustion, and PAM-related service outages.
CIS Windows Server Level 1 Hardening: What Actually Matters in Production
CIS Windows Server Level 1 hardening in production — what breaks, what to apply first, and how to avoid NTLM lockouts, audit log disk exhaustion, and service account outages.
CIS Level 1 Ubuntu Hardening: A Field-Tested Production Guide
CIS Level 1 Ubuntu hardening guide covering filesystem, SSH, sysctl, and audit logging — with real production pitfalls, configs, and a compliance checklist. Tested in enterprise environments.
NGINX SSL Hardening: From C Grade to A+ on SSL Labs
A step-by-step walkthrough of the NGINX TLS configuration changes that take you from a mediocre SSL rating to a perfect score — without breaking compatibility.
Replacing iptables with nftables: A Practical Migration Guide
iptables is showing its age. nftables is the modern replacement — cleaner syntax, better performance, and already the default on most distros. Here's how to migrate.