Posts

I finally got around to putting a honeypot on the public side of my home connection. I wasn’t trying to catch APTs. I wanted to see what hits a random residential IP when nothing is hiding it. This is a notes post about standing it up, how it’s contained, and what actually showed up in the logs after a month. Why bother Most threat intelligence I read describes the internet as a battlefield. Every unpatched device is five minutes from compromise. Every IP gets 30,000 probes a day. The numbers are usually correct. They aren’t useful unless you can map them to what your environment looks like. ...

I’ve started digging into RF, meaning anything noisy in the air that my SDR can see. This is a quick log of the first sessions using an RTL-SDR (cheap, RX-only) and a HackRF One (wider bandwidth, TX-capable, which stays off outside a legal setup). This isn’t a decoding write-up. The goal for now is observation: watch the spectrum, log activity, and build something useful. The kit RTL-SDR (RTL2832U + R820T): cheap receive, wide community support, good for learning. HackRF One: wider tuning range, bigger bandwidth, better lab potential. Antennas matter more than most people want to admit. A random wire will pick something up, but it’ll also mislead you. ...

Disclaimer: The examples below are anonymised and aggregated across multiple engagements. The goal is to highlight recurring patterns, not embarrass any specific organisation. Security Theatre: Field Notes from the Inside The Scene Most environments I assess are not wide open. They have firewalls, policies, and controls that look sensible on a slide deck. The same weaknesses keep showing up anyway. Security gets implemented as a compliance checklist rather than an adversarial system. ...

The Illusion of Security Most environments aren’t completely unsecured. Firewalls are enabled. Logging exists. Alerts are configured. From the outside it looks fine, maybe even responsible. Controls aren’t usually missing. They’re inactive. In recent work I’ve seen environments where security features were technically enabled but effectively useless. Logs existed but nobody read them. Alerts fired and nobody came. Things broke and the outcome was the same either way. An organisation’s security is only as strong as the people interacting with it. The tooling matters less than whether someone looks at it. The architecture diagram matters less than whether someone notices when something breaks. ...

Home Lab Overview: Alecto and Friends I’ve always enjoyed tinkering with operating systems and finding ways they improve day-to-day life. I’m not a cloud hater. Cloud services are useful and I still use them. I self-host because it’s fun. With most SaaS tools, you’re limited by design choices you had no part in. My biggest self-hosted system is a Plex machine. I watch what I want, how I want, for roughly the cost of electricity. There’s also been a serious learning component: networking, security, general IT practice. That alone has made it worth running. ...

1. Why This Camera? I came across this cheap IPC camera on a local marketplace here in South Africa. The price was perfect to mess around with the device and potentially break it. The device cost around R300, or roughly $10. My goal with this device was to go from zero to one hundred in terms of how I document findings, while also looking at every nook and cranny I could reasonably reach. ...

I work in cybersecurity with a strong focus on how systems actually behave once they leave the lab and hit the real world. Most of my time is spent breaking things apart , networks, embedded devices, cloud services, and poorly thought out assumptions , to understand how they fail, how they’re abused, and how they can be made better. I’m especially interested in areas where disciplines overlap like where hardware meets software, firmware meets networking, and theory meets reality. ...