Halloween 2000: more scary log entries
Continuing last year's Halloween tradition. Five log entries from this year that, on first reading, cost me an hour of stomach-clenched investigation. The lessons each one taught.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged incident response — 5 results.
Forensic readiness — what I learned from a friend's incident
A friend at a small consultancy had a serious compromise this month. Helping them with the response taught me three lessons about forensic readiness that I have not been applying to my own infrastructure. Time to fix that.
Halloween: the scariest log entries I have read this year
An off-cadence post for the season. Five log entries from this year that, on first reading, cost me an hour of stomach-clenched investigation. The lessons each one taught are durable.
The week after Melissa: what actually changed
A week after Melissa took down major mail servers, I have spent some time talking to admins who lived through it. The fixes that stuck are smaller than the headlines, and the lessons are mostly about pre-existing assumptions.
Logfile rotation, retention, and the things you only learn after losing logs
I lost important logs last week because I had not thought about retention. The lesson is more general than you would think, and the cure is mostly process rather than tooling.