Nmap: The Complete Guide to Network Scanning and Reconnaissance
What Nmap actually looks like from both sides of the wire — how each scan type works mechanically, how defenders detect it, and how to use it professionally. Covers OS fingerprinting, NSE auth and brute categories, firewall evasion, SCTP scanning, blue team detection signals, IPv6 dual-stack assessment, and continuous monitoring with ndiff. Nearly three decades of development in one reference, verified against Nmap 7.98.
Nmap: The Complete Guide to Network Scanning and Reconnaissance
All six port states, every major scan type, IPv6 scanning, firewall and IDS evasion, verbosity and debugging, 612 NSE scripts across 14 categories, and a six-phase professional assessment workflow. Commands verified against Nmap 7.98.
Security — Threat IntelligenceKadNap's Broken Kademlia: The Two Nodes That Gave Away a Botnet
KadNap hid its command-and-control infrastructure inside BitTorrent DHT traffic using a custom Kademlia implementation. Then it hardcoded two fixed relay nodes that never changed. Black Lotus Labs followed them straight to the infrastructure — and to the Doppelganger proxy service monetising 14,000 compromised ASUS routers.
Linux SecurityCSV Tooling on Linux: awk, csvkit, qsv, xan, and More
From coreutils primitives to Rust-powered pipelines -- a practical guide to processing CSV files on Linux using awk, cut, csvkit, q, qsv, and xan, including security considerations for CSV data from external sources.
Linux SecurityCommercial Surveillance Vendors on Linux: Exploit Chains, Kernel Escalation, and Browser Delivery
How CSVs like NSO Group and Intellexa build three-stage exploit chains targeting Linux -- V8 renderer RCE, seccomp-bpf sandbox escape, and kernel privilege escalation via nf_tables, vsock, and OverlayFS -- with detection rules and hardening guidance.
Security — Threat IntelligenceNew Linux Malware in 2026: What's Targeting Your Servers Right Now
PUMAKIT, perfctl, KadNap, SSHStalker, Goldoon, NerbianRAT, GTPdoor, and KrustyLoader -- eight active families with MITRE ATT&CK TTP mappings, container security implications, attribution analysis, incident response guidance, and a prioritized defensive action list.
Security — SSH / CryptographyGenerate an Ed25519 SSH Key Pair with a Passphrase
Why Ed25519 replaced RSA, how bcrypt KDF protects private keys at rest, the -a flag for hardened KDF rounds, OpenSSH 10.0's post-quantum default, hardware-backed keys, sshd_config lockdown, and full key lifecycle management.
Security — SSH / HardeningHow to Disable Root Login for SSH on Ubuntu
One directive in sshd_config closes one of the commonly exploited SSH attack vectors. Covers PermitRootLogin, drop-in config gotchas, cryptographic algorithm hardening, Match blocks, ForceCommand, SSH key setup, FIDO2 and TOTP MFA, authorized_keys hygiene, fail2ban, and lockout recovery -- with MITRE ATT&CK mappings throughout.
Security — CVSS 7.8CVE-2026-3888: How Ubuntu's systemd Cleanup Timer Became a Root Escalation Path
A timing gap between snap-confine and systemd-tmpfiles hands any local user a path to full root on Ubuntu Desktop 24.04 and later. Neither component is broken in isolation -- the vulnerability lives in how they interact. Exact mechanism, CVSS vector, patched versions, auditd detection rules, and the architectural reason code review cannot catch this class of bug.
Security — Linux GamingDo Not Run Your Game Server as Root on Linux
Running a game server as root on Linux is not a configuration choice -- it is a security decision with concrete consequences. Covers the real attack surface of game server plugins, the Fractureiser supply chain incident, CVE-2024-1086, dedicated service accounts, hardened systemd unit files, Linux capabilities, and exactly how to verify you are protected.
Security — CVSS 9.8CVE-2026-27944: How a Missing Middleware Line in Nginx UI Turned Your Backups Into a Free Download
One unregistered route and one HTTP response header that shouldn't exist handed any unauthenticated attacker a fully decryptable backup of your Nginx server. Root cause analysis, exploitation mechanics, forensic indicators, and full remediation for Linux sysadmins.
Security / Linux GamingWhy Security-Conscious Gamers Play Minecraft on Linux
A technical look at telemetry architecture, kernel security primitives, JVM sandboxing changes, and network controls that make Linux the more defensible platform for running Minecraft — from the Snooper's removal and return to Fractureiser's real-world blast radius and what the loss of the JVM SecurityManager actually means for mod safety.
Security / Linux GamingBlocking Cheaters on Your DayZ Server Running Linux
BattlEye configuration, RCON integration, firewall hardening, log analysis, spoofer threat modeling, DDoS resilience, automated crash recovery, mod supply chain risk, VPN detection, player reporting infrastructure, ban data privacy, community anti-cheat mods, and community ban strategy -- a technical guide for DayZ dedicated server administrators running Ubuntu 22.04 or 24.04 LTS that goes further than anything else you will find.
SecurityRecovering X-Forwarded-For Pivot Chains from Linux Web Server Process Memory
How to extract and validate multi-hop XFF chains from Apache, Nginx, and PHP-FPM heap artifacts on Linux -- using gcore, LiME, and process-aware scanning to reconstruct attacker pivot paths after disk logs are gone.
SecurityWireGuard on Linux: Setting Up a Minimal, Modern VPN
On modern Linux systems, WireGuard runs as an in-kernel module, spans roughly 4,000 lines of C, and is built on the formally analyzed Noise protocol framework. Learn how it actually works -- and how to deploy it correctly.
SecurityZero-Trust Security on Linux: A Practical Implementation Guide
Translate NIST SP 800-207 into concrete Linux configurations -- from SSH hardening and SELinux enforcement to nftables microsegmentation, systemd sandboxing, kernel sysctl tuning, and continuous audit logging.
SecurityWireshark with a Remote Linux Capture: tcpdump + SSH Piping
How to pipe a live kernel-resident packet stream from any headless Linux server directly into Wireshark's dissector engine -- using nothing but tcpdump, SSH, and BPF. Covers the libpcap wire format, mandatory flags, three capture methods, SSH performance tuning, and privilege hardening.
SecurityHow to Audit Linux User Permissions and Find Security Gaps
A comprehensive methodology for auditing Linux user permissions -- covering the tools available, the specific checks to run, what to look for, and how to document and remediate what you find.
SecurityHardening SSH: Beyond the Basics
Certificate-based authentication, jump hosts, port knocking, and fail2ban configurations that actually make a difference in production.
SecurityParamiko: A Deep Technical Reference for Python SSH Automation
From the SSH handshake to SFTP internals, port forwarding to connection pooling -- everything you need to master Python's most powerful SSH library.
SecurityLinux Trojans: How Attackers Compromise the OS the World Trusts
BPFDoor, Symbiote, XorDDoS, OrBit, Syslogk -- how Linux trojans get in, how they hide, how they persist, and how to find them. Includes a defense coverage matrix, detection commands, and a live incident classification quiz.