I'm a professional developer who has been developing projects for several years. I'm currently looking for people living in the US, Canada, or the UK who are interested in this type of business and would like to collaborate and generate revenue together. If you know of anyone who is interested, please contact me.

The wait is over, legends — Lesson 5 of Cybersecurity 101 is now complete and live in the Classroom! 📺 In Lesson 4 I promised you we’d tackle one of the most common questions I get from people just starting their cybersecurity journey — and here it is: 🛡️ "How do I actually choose the best antivirus for my device?" It sounds simple, but the answer is more nuanced than most people realise — and getting it wrong can leave you with a false sense of security (which is actually worse than no protection at all). In Lesson 5, we cover: ✅ What antivirus software actually does under the hood — and what it can’t protect you from ✅ The difference between free vs paid antivirus — is paying worth it? ✅ The key features to look for: real-time protection, behavioural detection, ransomware shields, and more ✅ Why running multiple antivirus tools at the same time is a bad idea ✅ Our top recommendations for Windows, Mac, and mobile — tested and explained ✅ The one thing that no antivirus can replace (spoiler: it’s you) Whether you’re protecting your personal laptop, helping a family member stay safe, or building foundational knowledge for your cybersecurity career — this lesson is for you. 📍 WHERE TO FIND IT: Head to the Classroom tab at the top of the page → Cybersecurity 101 → Lesson 5 It’s waiting for you right now. 👇 As always, drop your questions, thoughts, or wins in the comments below — and let me know what you’d like to see covered in Lesson 6! — @Aussie Mr Cyber

One of the most valuable things you can build in a home lab is a working SIEM. Wazuh is free, open source, and genuinely enterprise-grade — the same platform used in real SOC environments. This walkthrough takes you from a blank VM to your first real security alert. 💻 WHAT YOU’LL NEED - A hypervisor (Proxmox, VirtualBox, or VMware) - Wazuh Server VM: Ubuntu 22.04 LTS, minimum 4GB RAM, 2 vCPUs, 50GB disk - Windows 10 VM: your monitored endpoint (agent machine) - Both VMs on the same internal network 🛠️ PART 1: INSTALL THE WAZUH SERVER Step 1 — Boot your Ubuntu VM and run updates: sudo apt update && sudo apt upgrade -y Step 2 — Download and run the Wazuh installer: curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh sudo bash wazuh-install.sh -a The -a flag installs the full stack: Wazuh Manager, Indexer, and Dashboard. This takes 10–15 minutes. Step 3 — Once complete, the installer will display your admin credentials. SAVE THESE. They won’t be shown again. Step 4 — Access the Wazuh Dashboard by opening a browser and navigating to: https://[your-ubuntu-vm-ip] Log in with the admin credentials from Step 3. You should see the Wazuh dashboard — empty for now, but that’s about to change. 📲 PART 2: ENROL YOUR WINDOWS VM AS AN AGENT Step 1 — In the Wazuh Dashboard, click “Agents” then “Deploy new agent” Step 2 — Select Windows as the OS, enter your Wazuh server IP, give the agent a name (e.g. “WIN10-LAB”) Step 3 — Copy the generated PowerShell command and run it on your Windows VM as Administrator. It will download and install the Wazuh agent, then register it back to your server automatically. Step 4 — Start the agent service on Windows: Net start WazuhSvc Step 5 — Back in the dashboard, refresh the Agents page. Your Windows VM should now show as Active. 🎉 🚨 PART 3: TRIGGER YOUR FIRST REAL ALERT Now for the fun part. Let’s make something happen.

These two terms get thrown around interchangeably all the time — but they’re not the same thing. Understanding the difference will make you a sharper tester, a better blue teamer, and a more credible professional. Let’s break it down. 🔍 PENETRATION TESTING A pentest is a time-boxed, scope-defined engagement where the goal is to find as many exploitable vulnerabilities as possible within an agreed boundary. Think of it like this: you’re given a map, told which buildings you’re allowed to enter, and asked to find every unlocked door and broken window. Key traits: - Focused on vulnerability discovery and exploitation - Usually follows a methodology (OWASP, PTES, OSSTMM) - Deliverable is a report listing findings by severity - Scope is typically technical — specific IPs, apps, or networks - Often performed annually or for compliance (PCI-DSS, ISO 27001) Best for: Finding known weakness classes. Answering "are we patched?" and "are our controls configured correctly?" ⚔️ ADVERSARY EMULATION Adversary emulation goes a level deeper. Instead of just finding vulns, you’re impersonating a specific, real-world threat actor — replicating their exact Tactics, Techniques and Procedures (TTPs) based on threat intelligence. Think of it like this: you’re not just looking for unlocked doors — you’re roleplaying as the specific criminal gang that has historically targeted this type of organisation, using the exact tools and methods they’ve been observed using in the wild. Key traits: - Threat-intelligence driven — based on real actor TTPs (MITRE ATT&CK framework) - Focuses on whether specific, known adversary behaviour would be detected and stopped - Tests the FULL kill chain: initial access → persistence → lateral movement → exfil - Measures detection and response capability — not just prevention - Often runs over weeks, not days Best for: Mature security teams. Answering "would we detect and stop APT29 if they came after us?" 🧠 THE MITRE ATT&CK CONNECTION Adversary emulation is built on the MITRE ATT&CK framework — a publicly available knowledge base of real adversary behaviours mapped to tactics and techniques.

Let me tell you about the alert that changed the way I approach triage. It was a Tuesday night shift. The queue had 47 open alerts and this one kept getting pushed to the bottom. It looked boring. Severity: Low. Rule: "Repeated failed login attempts — internal host." Same thing that fires a hundred times a week across the environment. Most of them are users who forget their passwords after a long weekend. So it sat there. For six hours. When I finally opened it, something felt off. The failed logins weren’t from a user workstation. They were coming from a server in the DMZ — a web application server that had no business authenticating against internal Active Directory accounts. And the account it was hammering? A service account. Not a user. Service accounts don’t forget their passwords. I pulled the raw logs. 847 failed attempts in 40 minutes against 12 different service accounts. Methodical. Sequential. Not random. This wasn’t a lockout. This was credential stuffing — someone had foothold on that web server and was quietly trying to move laterally into the domain. We isolated the server within the hour. Forensics found a PHP webshell that had been sitting there for 11 days. ELEVEN DAYS. The initial access had flown completely under the radar. What tipped us off wasn’t a flashy alert — it was a boring, low-severity, easy-to-skip log that one tired analyst almost ignored for an entire shift. 💡 THE LESSONS I TOOK FROM THIS: ✅ Low severity ≠ low importance. Context is everything. Always ask: does this behaviour make sense for this asset? ✅ Know your environment. That alert only stood out because I knew DMZ servers shouldn’t be touching AD auth. Asset knowledge is a superpower. ✅ Service accounts behaving like users is always suspicious. They don’t fat-finger passwords. ✅ Alert fatigue is a real threat. If your queue is so full that low-severity alerts sit for 6 hours, your detection strategy needs review — not just your analysts. ✅ The attacker’s best friend is the alert nobody investigates. Don’t give them that gift.