Activity
Mon
Wed
Fri
Sun
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
What is this?
Less
More

Owned by Jonathan

The Gemini AI Mastery Lab

120 members โ€ข Free

THE #1 community for mastering the Google AI ecosystem. Automate workflows, prompt like a pro & build your Second Brain.

Memberships

The Stack & Shift Lab

79 members โ€ข Free

AI Online Educators & Coaches

3k members โ€ข Free

AI for Beginners

1.3k members โ€ข Free

DaVinci Resolve for Beginners!

16.3k members โ€ข Free

Grow With Evelyn

3.5k members โ€ข $7/month

Digital Marketing 4 Beginners

66 members โ€ข $11/month

Skoolers

165.6k members โ€ข Free

Cybersecurity BootCamp

146 members โ€ข Free

Skool Secrets: Growth Boost

282 members โ€ข $9/month

4 contributions to Cybersecurity BootCamp
๐Ÿ—“๏ธ Monday Check-In โ€” New Week, New Reps. What Are You Working On?
G'day legends! Happy Monday โ€” the week is wide open and the reps are there for the taking. ๐Ÿ’ช Whether you're grinding through cert prep, spinning up a new lab, working through a module, or just trying to carve out 30 minutes of learning todayโ€”this is your thread. I'll go first: This week I'm putting together a full walkthrough on responding to CVE-2026-0498 (the SAP S/4HANA RCE vuln we flagged in SOC Ops) โ€” covering patch validation, privilege auditing, and what a defender's incident response playbook should look like for a CVSS 9.1 in an ERP environment. It's the kind of real-world scenario that bridges cert knowledge and actual job skills. Your turn โ€” drop a comment below: ๐Ÿ”ง What's on your bench this week? ๐Ÿ“š Studying for a cert? Which one and where are you up to? ๐Ÿงช Got a lab goal or tool you're finally going to tackle? ๐Ÿ’ฌ A question you've been sitting on? Ask it here. Mondays set the tone. Let's make this one count. ๐Ÿ” โ€” @Aussie Mr Cyber
1 like โ€ข Apr 20
Happy Monday! I have two main tasks for this week. Service Principal auth option for my DevOps app and read chapters 3 and 4 in the CISSP Study Guide. Iโ€™m part of a study group for the cert. Has anyone here tried to go for that one?
๐Ÿ”ฌ Walkthrough: Setting Up Wazuh in Your Home Lab (From Zero to First Alert)
One of the most valuable things you can build in a home lab is a working SIEM. Wazuh is free, open source, and genuinely enterprise-grade โ€” the same platform used in real SOC environments. This walkthrough takes you from a blank VM to your first real security alert. ๐Ÿ’ป WHAT YOUโ€™LL NEED - A hypervisor (Proxmox, VirtualBox, or VMware) - Wazuh Server VM: Ubuntu 22.04 LTS, minimum 4GB RAM, 2 vCPUs, 50GB disk - Windows 10 VM: your monitored endpoint (agent machine) - Both VMs on the same internal network ๐Ÿ› ๏ธ PART 1: INSTALL THE WAZUH SERVER Step 1 โ€” Boot your Ubuntu VM and run updates: sudo apt update && sudo apt upgrade -y Step 2 โ€” Download and run the Wazuh installer: curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh sudo bash wazuh-install.sh -a The -a flag installs the full stack: Wazuh Manager, Indexer, and Dashboard. This takes 10โ€“15 minutes. Step 3 โ€” Once complete, the installer will display your admin credentials. SAVE THESE. They wonโ€™t be shown again. Step 4 โ€” Access the Wazuh Dashboard by opening a browser and navigating to: https://[your-ubuntu-vm-ip] Log in with the admin credentials from Step 3. You should see the Wazuh dashboard โ€” empty for now, but thatโ€™s about to change. ๐Ÿ“ฒ PART 2: ENROL YOUR WINDOWS VM AS AN AGENT Step 1 โ€” In the Wazuh Dashboard, click โ€œAgentsโ€ then โ€œDeploy new agentโ€ Step 2 โ€” Select Windows as the OS, enter your Wazuh server IP, give the agent a name (e.g. โ€œWIN10-LABโ€) Step 3 โ€” Copy the generated PowerShell command and run it on your Windows VM as Administrator. It will download and install the Wazuh agent, then register it back to your server automatically. Step 4 โ€” Start the agent service on Windows: Net start WazuhSvc Step 5 โ€” Back in the dashboard, refresh the Agents page. Your Windows VM should now show as Active. ๐ŸŽ‰ ๐Ÿšจ PART 3: TRIGGER YOUR FIRST REAL ALERT Now for the fun part. Letโ€™s make something happen.
1 like โ€ข Apr 19
I've been wanting to set this up in my home lab. Thanks for sharing!
๐Ÿšจ SOC Story: The Alert Nobody Wanted to Investigate
Let me tell you about the alert that changed the way I approach triage. It was a Tuesday night shift. The queue had 47 open alerts and this one kept getting pushed to the bottom. It looked boring. Severity: Low. Rule: "Repeated failed login attempts โ€” internal host." Same thing that fires a hundred times a week across the environment. Most of them are users who forget their passwords after a long weekend. So it sat there. For six hours. When I finally opened it, something felt off. The failed logins werenโ€™t from a user workstation. They were coming from a server in the DMZ โ€” a web application server that had no business authenticating against internal Active Directory accounts. And the account it was hammering? A service account. Not a user. Service accounts donโ€™t forget their passwords. I pulled the raw logs. 847 failed attempts in 40 minutes against 12 different service accounts. Methodical. Sequential. Not random. This wasnโ€™t a lockout. This was credential stuffing โ€” someone had foothold on that web server and was quietly trying to move laterally into the domain. We isolated the server within the hour. Forensics found a PHP webshell that had been sitting there for 11 days. ELEVEN DAYS. The initial access had flown completely under the radar. What tipped us off wasnโ€™t a flashy alert โ€” it was a boring, low-severity, easy-to-skip log that one tired analyst almost ignored for an entire shift. ๐Ÿ’ก THE LESSONS I TOOK FROM THIS: โœ… Low severity โ‰  low importance. Context is everything. Always ask: does this behaviour make sense for this asset? โœ… Know your environment. That alert only stood out because I knew DMZ servers shouldnโ€™t be touching AD auth. Asset knowledge is a superpower. โœ… Service accounts behaving like users is always suspicious. They donโ€™t fat-finger passwords. โœ… Alert fatigue is a real threat. If your queue is so full that low-severity alerts sit for 6 hours, your detection strategy needs review โ€” not just your analysts. โœ… The attackerโ€™s best friend is the alert nobody investigates. Donโ€™t give them that gift.
1 like โ€ข Apr 19
Great story @Aussie Mr Cyber ! Alert fatigue has always been something big for me. I always fear the alert that falls through the cracks.
๐Ÿ—“๏ธ Sunday Check-In โ€” Last Chance to Win the Weekend!
G'day legends! Sunday's here โ€” and the question is, are you going out with a bang or leaving reps on the table? ๐Ÿ’ช Before the week fires back up, it's worth taking five to reflect on what you've learned, what you've built, and what's waiting for you Monday morning. I'll go first: Wrapping up the weekend with a focus on threat actor attribution โ€” specifically mapping TTPs from the SAP RCE CVE we've been dissecting back to known APT behaviours in MITRE ATT&CK. It's one thing to patch a vuln, it's another to understand who might be exploiting it and why. Your turn โ€” drop below: ๐Ÿ What did you actually get done this weekend? ๐Ÿง  What's one thing that clicked for you this week? ๐Ÿ”ญ What's your focus heading into next week? โšก Any wins โ€” big or small โ€” worth shouting out? Sunday reps count double. Finish strong ๐Ÿ” โ€” @Aussie Mr Cyber
1 like โ€ข Apr 19
Hi everyone! This is my first time posting here. I'm a Cloud Engineer with a passion for Cyber Security. This weekend I created a cool Google Cloud Function that created signed URLs for a Storage Bucket that expires after a certain time frame. One thing that finally clicked for me was the capabilities of Cloudflare Tunnels. I was able to use one to expose an application in my home labโ€™s K3 Cluster. I applied security polices โ€œat the edgeโ€ to only allow certain IP ranges to authenticate and access the application. Next week Iโ€™m focusing on a custom web app I wrote that scans Azure DevOps organizations for vulnerable package dependencies. It currently uses a Personal Access Token for authentication. I would like to add the ability to use a Service Principal account from Entra next.
1-4 of 4
Jonathan Ingram
1
1point to level up
@jonathan-ingram-4088
Architect of The Gemini AI Mastery Lab. Turning massive data into instant insights with NotebookLM. 1M+ token pro. Build your 2nd Brain. ๐Ÿง 

Active 15h ago
Joined Apr 18, 2026
Florida
Powered by