cybersecurity · hybrid cloud · grc
Computer enthusiast in Vancouver, BC. Enterprise infrastructure and security work, documented in public.
This site is my knowledge aggregator — a public record of explorations, experiments, and the occasional guide. Posts document what I was thinking at the time; some of it will age, all of it is a reference point.
Off the clock it's projects, time permitting — but mostly family.
How attackers get into enterprise environments — and how to keep them out. Defense in depth, endpoint protection, security posture over theory.
Enterprise infrastructure across on-premises and cloud. The unglamorous plumbing that keeps organizations running.
Translating security frameworks into operational reality — policies, audits, and risk decisions that hold up outside the binder.
A pre-auth stack overflow in Windows Netlogon, CVSS 9.8, exploited in the wild. Here is what it actually does, why the popular Defender hunt watches the wrong port, and KQL that matches the real CLDAP attack path.
The site you are reading is now fully Cloudflare-native: Astro prerendered to static HTML, served as Worker assets from the edge, with a live API route in the same deployment. No third-party hosting anywhere in the chain.
XDISK benchmarks of an IBM Power9 9009-22G driving an all-NVMe Flash System 7200 — traditional RAID 10 versus Distributed RAID 6 (DRAID6).