Hybrid Endpoint Identity Investigation – Windows 11 Study Understanding Normal Before Hunting Anomalies Security investigation is most effective when we first learn how normal behaviour looks. In this laboratory exercise using Windows 11 endpoint telemetry, audit signals were analysed to observe identity activity patterns on a managed workstation. The goal was not to search for … Read more

After stabilising my mid-range desktop and legacy hardware, I faced a recurring problem: how to build a lab that actually works, without getting buried under tools and logs. My goal was clear — a repeatable, verifiable environment that could support Blue Team, DFIR, and AWS security practice — lightweight, structured, and portfolio-ready. Part 1: Why … Read more

I needed a scalable, repeatable lab for SOC and AWS work — lightweight, structured, and portfolio-ready. I began by setting it up on an Intel i5 system with 16 GB RAM and a 1 TB SSD, providing enough capacity to run Windows, WSL2, and multiple security tools without performance bottlenecks. The goal was to apply … Read more

Introduction This Toshiba Satellite L500-13W was abandoned with Windows 7 and a failing Kali Linux install. Overheating, keyboard misconfiguration, and disk errors made it unsuitable for learning. By stabilising the hardware and installing MX Linux, I turned it into a reliable, quiet lab device — ideal for practising structured SOC methodology and preparing for AWS … Read more