Hi there 👋

Google Cybersecurity Professional Course Security Audit Conduct a security audit Incident Report Use the NIST Cybersecurity Framework to respond to a security incident Linux Commands Use Linux commands to manage file permissions SQL Queries Apply filters to SQL queries Vulnerability Assessment Conduct a vulnerability assessment based on NIST SP-800-30 Incident Handler’s Journal Documenting of incident responses File handling in Python Using Python to maintain a security related file (allow-list_ How-to articles Wazuh XDR and SIEM ...

Deploying Large Language Models (LLMs) locally usually requires heavy, expensive desktop graphics cards. However, if you have an AMD-powered mini PC lying around—like the Minisforum UM690 featuring a Ryzen 9 6900HX and integrated Radeon 680M graphics—you can convert it into a quiet, efficient, dedicated AI server for your local network. Many developers try to host local models on an entry-level or older gaming laptop equipped with a dedicated NVIDIA card (like an RTX 3050 or 1650). However, these laptops are often crippled by a restrictive 4GB VRAM limit, which forces the LLM to overflow into system RAM, slowing generation speeds to an unusable crawl. By contrast, an AMD Mini PC utilizes a Unified Memory Architecture (UMA). By adjusting a simple BIOS setting, you can allocate 8GB or more of your system RAM directly to the integrated Radeon 680M iGPU. This provides a significantly larger, unified canvas capable of holding modern 3B and 8B models entirely in graphics memory without hitting local VRAM ceilings. ...

In A Philosophy of Software Design, John Ousterhout distinguishes between two approaches to software development: tactical programming and strategic programming. Tactical programming focuses on getting the next feature working as quickly as possible. It is short-sighted, leading to accumulated complexity and critical design flaws. Strategic programming focuses on great system design. It prioritizes long-term maintainability over immediate speed. However, real-world development is messy. Sometimes, business constraints force a tactical shortcut. The danger isn’t making a tactical concession; the danger is forgetting you made it. ...

T-Code-Engine is a project to build a Japanese IME for T-Code input method, which does: (Direct input) Takes key strokes and generates corresponding Japanese characters (e.g. kd => の and hj => 連) (Kanji composition) Combines multiple Japanese characters and provides combined characters based on rules (e.g. 工 + 頭 => 項) (Mixed conversion) Converts into phrases in Kanji/Kana from Kanji/Kana mixed segment (e.g. き者 => 記者) Also, T-Code-Engine is designed for multi platform, the abstraction is paramount. In this article, we will explore how to use the Cake pattern to achieve abstraction and ensure the ease of testing with working example, rather than classic example with service and repository. ...

Here is the complete Markdown article for your setup. It includes the updated path logic and the switch to pipx for better tool isolation. This guide walks you through a “hardened” credential setup: storing secrets in the Linux-native pass utility within WSL2, while leveraging Gpg4win/Kleopatra on Windows to handle secure graphical passphrase prompts. Why this setup? Safety: Secrets are encrypted at rest with GnuPG. Convenience: Uses the Windows GUI (Kleopatra) for passphrase entry. More robust than other pinentry setup, especially when you use pgp keys for different applications, such as magit on emacs -nw or sbt publishSigned, that asks passphrases in an async interactive session of a shell. 1. Prerequisites Windows: Gpg4win installed (includes Kleopatra). WSL2: A Linux distro (e.g., Ubuntu) installed. 2. Generate Your GPG Key Pair Before using pass, you need a GPG key pair to encrypt your secrets. Generate the key: ...

This post is continued from previous entry, Zero Cost Home Cybersecurity with WSL2 and Wazuh. We have installed Wazuh service on WSL2 and its agent on Windows. Now we are able to see various suggestions from the scan result. Where we are First, we want to know where we are. NIST Cybersecurity Framework defines following 5 steps to improve security posture. We want to address each steps with the activity with Wazuh. ...

There are many cybersecurity solutions for home usage in combination with endpoint security and network intrusion detection or prevention systems. Some of them are software packages such as McAfee and others may be provided by your ISP, such as Xfinity xFi Advanced Security which comes with ISP-specific hardware. However, it is unclear to the end users what they do, and sometimes pricy. It is also common to network enthusiasts to set up a white-box approach with plenty of hardware equipment for a home cybersecurity stack. For example, there are many YouTube videos about how to set up a router to mirror all the traffic into IDS in a virtual machine, so that all network traffic can be monitored. However, in my humble opinion, hosting a VM that can monitor all the network traffic in and out is a very much luxury for most people. ...

Back to index Project description This project describes an activity of updating a text file, based on the necessity of the business. It is designed for a process to maintain allow-list-based access control list. In order to restrict access of unauthorized users, businesses are required to review the list and remove access privileges on a need-to basis. With a given list of IP addresses, the program will remove them from the allow-list and write IP addresses back to the text file. ...

Back to index Entry 1: Analyzing ransomeware incident Entry 2: Analyzing phishing email Entry 3: Following up with playbook Entry 4: Review on incident final report Entry 5: Using Splunk to analyze malicious logins Entry 6: Using Chronicle to analyze phishing attempts Entry 1 Date: 07/19/2023 Description Ransomeware damaged a clinic. A small U.S. health care clinic experienced a security incident on Tuesday at 9:00 a.m. which severely disrupted their business operations. ...

Back to index NIST SP 800-30 Rev.1 (given) Vulnerability Assessment Report NIST SP 800-30 Rev.1 Guide to assessing risk NIST SP 800-30 is a publication that provides guidance on performing risk assessments. It outlines strategies for identifying, analyzing, and remediating risks. Organizations use NIST SP 800-30 to gain insights into the potential likelihood and severity of risks—helping them make informed decisions about allocating resources, implementing controls, and prioritizing remediation efforts. ...