Personal Security Blog
A UK-based enthusiast's space for threat intelligence, penetration testing, CTF write-ups, privacy deep-dives, and everything in between. No fluff — just the craft.
Latest Post
A deep-dive into the infrastructure, tooling, and TTPs behind a recent ransomware campaign targeting UK-based organisations — how it unfolded, what defenders missed, and what the forensics revealed.
Read Post →Archive
How to systematically map privilege escalation paths in enterprise AD environments using BloodHound and custom Cypher queries.
Full write-up for the Forest machine — covering Kerberoasting, AS-REP roasting, and DCSync to achieve domain compromise.
Breaking down the common misconceptions around privacy tooling and building a realistic, layered approach to digital privacy in 2025.
Coverage
Focused, technical writing across the key disciplines of modern offensive and defensive security.
Tracking threat actor TTPs, infrastructure pivots, and intelligence cycle discussions from an analyst's perspective.
Methodology, tooling, and case studies across network, web application, and Active Directory assessments.
Static and dynamic analysis breakdowns — unpacking droppers, loaders, and stealers using open toolchains.
Detailed solutions for HackTheBox, TryHackMe, and seasonal CTF competitions — with technique explanations.
Practical operational security, anonymisation techniques, and no-nonsense privacy guidance beyond the basics.
SIEM tuning, detection rule writing, incident response notes, and log analysis from a defender's viewpoint.