← Topics03 essays · 00 labs
Vulnerability Management
Scanner coverage, hardening, exposure visibility, and the operational side of finding and fixing risk.
Writing
All writing →- Agent-Based vs. Network-Probe Scanners: A Coverage Case Study · 13 min
A POC pitted an agent-based compliance scanner against an active network scanner on the same Windows domain controller. They disagreed about whether it was vulnerable to BEAST. The disagreement is the whole story.
- The Schannel Registry Trap · 9 min
Windows TLS configuration is split across a registry tree, a per-process .NET override, and a runtime cache. Each layer reports the truth about itself and lies about the others. A short field note on how teams convince themselves a domain controller is hardened when it isn't.
- I Built a Security Scanner, Then Pointed It at Myself · 7 min
I built a small security lab to teach the failure modes I see most often in client work. The first real test was running it against my own production site.