> Projects. Investigations. Certification journals. All documented.
The purple-gradient hero. The floating glass cards. The same 4 stock-photo testimonials. Claude builds these by default — not because it's bad, but because nobody told it what good looks like. Here's the exact stack and the 7-step framework that changes that.
A real-world incident response walkthrough from my home Mini-SOC. Wazuh detected encoded PowerShell execution attempting to download a remote payload and establish persistence via scheduled tasks. This writeup documents the complete investigation from initial alert through containment — including Base64 decoding, log correlation across multiple sources, threat intelligence enrichment, MITRE ATT&CK mapping, and lessons learned for improving detection capabilities.
Read Full Investigation →Deployed a Pi-hole DNS sinkhole on Raspberry Pi Zero 2 W to block ads, trackers, and malicious domains across the entire home network. Documents the full installation, static IP config, router DHCP changes, and security hardening steps.
Full home Security Operations Center built on Raspberry Pi. Suricata IDS running 30,000+ ET Open rules feeding logs via rsyslog to Splunk Enterprise SIEM. Includes architecture diagram, dashboards, and threat detection capabilities.
Automated threat intel bot built with n8n and Docker. Queries AbuseIPDB, VirusTotal, and AlienVault OTX in parallel, calculates a weighted risk score (0–100), and delivers formatted reports to Telegram in real-time.
Evolved from a basic port scanner into a full security platform. v1: threaded TCP scanner. v2: CVE intelligence via NVD API with CVSS scoring and 95% cache hit rate. v2.1: AI-assisted analysis with OpenClaw orchestration.
AI security automation tool combining OSINT, log correlation, and Google Gemini AI for expert-level threat assessment. Reduces investigation time from 15+ minutes to under 60 seconds. Three modes: Quick (30s), Deep (60s), Full (90s).
Full incident response walkthrough from my home Mini-SOC. Wazuh detected encoded PowerShell execution attempting payload download and scheduled task persistence. Documented triage, Base64 decode, log correlation, threat intel enrichment, and MITRE ATT&CK mapping.
Deep-dive into both exams including the Incident Response Lifecycle, IOC types (network/host/application), HTTP status codes, Nmap scan types, firewall evasion, CVSS scoring, syslog levels, and exam strategy. 6–8 hours/day for 3 weeks.
Five-week study path for both Azure exams. AZ-900 covered cloud fundamentals, Azure architecture and governance. SC-900 focused on Zero Trust, identity management, Microsoft Defender suite, and Sentinel SIEM. Passed both on first attempt.
Currently deep in study for Linux+ certification — system administration, security hardening, shell scripting, automation, and exam prep. Full writeup coming once complete. Active since January 2026.
01
If it's not written down, it didn't happen. Every command, every finding, every lesson.
02
Don't just follow steps — know why they work. Deep understanding beats memorization.
03
Test in home lab before applying anywhere else. Breaking your own stuff is how you learn.
04
Every project has a v2, every writeup has lessons learned. Continuous improvement.