offgridtech.xyz

A Blog about IT, Security, Cloud and Off-Grid Technologies.

Category: Blog Posts

  • Cross-Site Scripting (XSS) Exploits Part 1: Unveiling Vulnerabilities with DVWA

    In the intricate web of security, threats come in various forms, each more cunning than the last. Following my deep dive into SQL Injections, I’ve turned my attention to another formidable challenge: Cross-Site Scripting, or XSS. My aim in this series is to shed light on XSS attacks, with a focus on those exploiting DOM-based…

  • Off-Grid IoT Part 1: Setting Up an IoT Server

    Introduction Well, I didn’t name this blog “Off-Grid Tech” for nothing. Although this platform serves as a professional portfolio highlighting my experiences in Cyber Security and Cloud Technologies, I also have a unique personal interest with lots of crossovers. My current off-grid living situation provides an outdoor-oriented and adventurous lifestyle, but it’s not without its…

  • SQL Injections Part 2: A Threat-Informed Defense

    SQL Injections Part 2: A Threat-Informed Defense In the first part of this series, I delved into the mechanics of SQL injections, using the OWASP Juice Shop—an intentionally vulnerable web app—to demonstrate how such attacks are executed. That discussion laid the groundwork for understanding both the execution and impact of SQL injections. Now, I turn…

  • SQL Injections Part 1: Exposing Vulnerabilities with OWASP Juice Shop

    In the complex fabric of web security, understanding the threat landscape is paramount. This series embarks on a detailed exploration of SQL injections, a notorious and enduring threat within the cybersecurity arena. Part 1 of this series focuses on exposing the vulnerabilities that make SQL injections not only possible but also dangerously effective. Through a…

  • Optimizing AWS Costs with Cost Explorer, Lambda, and S3 Lifecycle Policies

    Since the inception of this blog, I have been delving into AWS cloud services, exploring everything from compute and object storage to logging. Driven by curiosity, I ventured into various configurations to support my blog, aiming to expand my knowledge. As time went by, I not only amassed valuable insights but also a considerable bill…

  • Enhancing Endpoint Security with Wazuh and VirusTotal Integration

    In todays digital age, cyber threats are continually evolving, Endpoint Detection and Response (EDR) has emerged as a cornerstone of cybersecurity strategies. EDR solutions are crucial for monitoring, detecting, and responding to threats on endpoints, offering unparalleled visibility into the security state of each device within an organization. These solutions not only alert security teams…

  • Prepare for a Home Invasion

    The surge in car thefts across our nation has been alarming, and as a Canadian deeply concerned about this trend, I’ve delved into the tactics used by these modern-day thieves. One method that caught my attention is the CAN BUS (Controller Area Network) injection attack. This technique involves accessing a car’s CAN system and using…

  • Secure Remote Management in AWS: A Beginner’s Guide to AWS Systems Manager

    Introduction Cloud hosting has shifted remote management from a luxury to a necessity, given the physical distance from data centers. Traditional remote management tools, such as Remote Desktop (RDP) for Windows users and Secure Shell (SSH) for those on Unix-like systems, along with the strategic use of Bastion hosts for enhanced security, form the backbone…

  • From Paper Shredding to Cloud Peaks

    As a young Private in the Canadian Armed Forces, I found myself at the forefront of critical data lifecycle management. I had the privilege of working for my squadron HQ when, one day, the Operations Warrant Officer called. His message was clear, “Theo, the DCO (Deputy Commanding Officer) has a very important task for you,…

  • Securing My Blog: A Deep Dive into AWS WAF and Security Groups

    A Little Blog with Big Security As the proud owner of a modestly-sized blog – let’s just say it’s more of a cozy corner of the internet rather than a sprawling digital estate – ensuring its security is still top of the shelf. You might remember my previous post about the highly available architecture of…