This capstone post analyzes an end-to-end privacy attack pipeline: passive TLS metadata collection, behavioral modeling, live prediction, and mitigation impact using ECH. . Threat Model and Objective The attacker is passive on the victim network path and cannot decrypt TLS payloads. Objective: infer user intent and likely next destinations from observable handshake metadata. . […]
TLS and VPN Tunneling: Strong Encryption, Real-World Gaps, and Metadata Exposure
TLS and VPNs are foundational, but confidentiality of payloads does not eliminate all signal leakage. This post links handshake security, tunnel construction, and operational metadata exposure. TLS Security Objective TLS provides confidentiality, integrity, and endpoint authentication for data in transit. Modern deployments rely on authenticated key exchange, certificate validation, and AEAD ciphers. Handshake […]
DNS Security – Cache Poisoning, Resolver Weaknesses, and Hardening
DNS is a trust amplifier: one successful forged answer can redirect large volumes of traffic. This post connects DNS protocol behavior, cache poisoning mechanics, and practical defense controls. Why DNS Is a High-Value Target Applications usually trust DNS results implicitly. If an attacker can poison recursive cache state, downstream clients inherit malicious answers without […]
Cryptography, Symmetric Ciphers and PKI
This post connects cryptographic primitives to system-level trust. The core idea is simple: secure primitives are necessary but not sufficient; operational details determine whether those primitives actually deliver confidentiality, integrity, authentication, and non-repudiation. Why This Layer Matters Packet-level attacks show that identity can be forged at lower layers. Cryptography is the mechanism that upgrades […]
Packet-Level Foundations and Active Network Attacks
A technical deep dive into packet sniffing and spoofing from CS528, including ICMP attack mechanics, lab implementation details, and layered defenses.
Network Security – TCP IP Attacks
🔒 TCP/IP Attacks & Security 📑 Table of Contents Overview TCP/IP Protocols IP Security ICMP Attacks TCP Scanning & Spoofing DoS Attacks Countermeasures 📖 1. Overview and Context Learning Objectives Understand the fundamental architecture and vulnerabilities of the TCP/IP protocol stack Identify and analyze common network-layer attacks including spoofing, sniffing, and scanning Comprehend DoS […]
Cloud Microservice Security
Monolith Architecture Security Controls Below is a sample traditional monolithic architecture with various security controls. Microservices Microservices are an architectural approach. Decouple system into small, independent services Use well defined service APIs Each microservice is easy to change and deploy independently They fit naturally with containers – one microservice per container Consider the following […]
DevOps Security
These are some notes regarding DevOps and security The DevOps Tool Chain A measurement for successful DevOps (CALMS) Culture Accept failure Collaboration occurs widely Empower teams High levels of trust Automation Tools Continuously iterate Transparency Consistency Everything as Code Be very good at git scripts, runbooks, configurations, documentation, … Lean Confront bureaucracy Efficiency Leverage automation […]
XDR EDR SOAR and SIEM
Various topics related to Cybersecurity. XDR vs EDR vs SOAR vs SIEM Definitions on tools / services commonly used for cybersecurity. SIEM Combining security information management (SIM) and security event management (SEM), security information and event management (SIEM) offers real-time monitoring and analysis of events as well as tracking and logging of security […]
Federal Identity and Credentials
Federal Identity, Credential and Access Management F-ICAM There are 5 parts to Federal Identity, Credential and Access Management System. This is a combination of applications, tools, standards and policies. Identity Management Identity Management is how an agency collects, verifies, and manages attributes to establish and maintain enterprise identities for federal government employees, contractors, and authorized […]
Information Systems Government Compliance
Organizations DHS – Major US Government agency focused on cyber security is DHS. They focus on the physical and cyber threats to the nation. US-CERT (United States Computer Emergency Readiness Team) – coordinates cyber information sharing and manages national cyber risks. (www.us-cert.gov). They also distribute vulnerability and threat information to National Awareness System (NCAS) and […]
Azure Secure Data Solutions
The following is from Azure Developer Training lab for AZ-203 Encryption Encryption is the process of translating plain text data (plaintext) into something that appears to be random and meaningless (ciphertext). Decryption is the process of converting ciphertext back to plaintext. To encrypt more than a small amount of data,symmetric encryption is used. A symmetric […]
Azure implementing Access Control
The following is from Azure Developer Training lab for AZ-203 Claims Authorization is the process of determining which entities have permission to change, view, or otherwise access a computer resource. For example, in a business, only managers may be allowed to access the files of their employees. In the past, this was simple toaccomplish with […]
Azure Implementing Authentication
The following is from Azure Developer Training lab for AZ-203 Microsoft identity platform overview Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) identity service and developer platform. It allows developers to build applications that sign in all Microsoft identities, get tokens to call Microsoft Graph, other Microsoft APIs, or APIs […]
Azure Securing Identity
The following is from Azure Administrator Training lab for AZ-103 Azure MFA Concepts Azure Multi-Factor Authentication (MFA) helps safeguard access to data andapplications while maintaining simplicity for users. It provides additionalsecurity by requiring a second form of authentication and delivers strongauthentication through a range of easy to use authentication methods. For organizations that need to […]
Azure Governance and Compliance
The following is from Azure Administrator Training lab for AZ-103 Management Groups If your organization has several subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions.Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions […]
Azure Data Protection
The following is from Azure Administrator Training lab for AZ-103 Replication Options The data in your Azure storage account is always replicated to ensuredurability and high availability. Azure Storage replication copies your data sothat it is protected from planned and unplanned events ranging from transienthardware failures, network or power outages, massive natural disasters, andso on. […]
Azure Security
The following is from Azure Administrator Training lab for AZ-103 Some Azure Services related to Security, Privacy and Compliance. Azure Firewall – enforce, log application and network connectivity. Inbound and oubound filtering rules. Azure Monitor loggin. Different than Web Application Firewall (WAF) which is part of Application Gateway – it does only inbound protection […]
AWS Security and Monitoring
Topics covered in this post Shared Responsibility Model Risk and Compliance CloudWatch CloudTrail KMS Signature Version 4 Signing Process Trusted Advisor Config AWS has split responsibilities between them and users. Shared Responsibilities Model describes what customers of AWS need to follow. Customers / Users are responsible for patching, antivirus etc. It is recommended […]
SQL Server Account Types and Security
A quick reference to SQL Server Account Types and System Security Ports Clients connect to SQL Server through UDP 1434 SQL server responds with a TCP Port number to continue their connection Default TCP port is 1433 Server and System Security SQL Service runs under a service account, can be: Windows account […]
Encryption and Certificates
Some quick notes on doing encryption. Encryption is a process, by which information can be transformed (encoded) in such a format, that only authorized parties can read (decode) the information, and unauthorized parties cannot. The purpose of encrypting information is to protect the sensitive data from unauthorized use. Symmetric and Asymmetric Encryption In a symmetric […]