Linux Security Auditing with Lynis

In this article, I cover how to use Lynis for Linux security auditing, system hardening, and practical vulnerability assessment.

🔗 https://denizhalil.com/2025/03/17/linux-security-auditing-with-lynis/

#CyberSecurity #LinuxSecurity #Lynis #SecurityAuditing #SystemHardening #BlueTeam #DevSecOps #InfoSec #Linux #ITSecurity #SecurityEngineering #DenizHalil

Linux Security Auditing with Lynis

In this article, I cover how to use Lynis for Linux security auditing, system hardening, and practical vulnerability assessment.

https://denizhalil.com/2025/03/17/linux-security-auditing-with-lynis/

#CyberSecurity #LinuxSecurity #Lynis #SecurityAuditing #SystemHardening #BlueTeam #DevSecOps #InfoSec #Linux #ITSecurity #SecurityEngineering #DenizHalil

Are you on the safe side yet? 🛡️

In an era of sophisticated phishing and data breaches, relying on passwords or SMS codes is like locking your front door but leaving the key under the mat. For a robust level of private security, I’ve integrated Yubico Yubikey into my daily routine as the ultimate hardware root of trust.

The true value of "Cold" Security

Hardware authenticators offer unparalleled security. Their physical nature means cryptographic keys are embedded directly, making them impossible to copy, extract, or steal remotely. No physical device, no access. Period.

My "Strict Security" Setup

I’ve minimized my attack surface by removing the weakest links:

1. Phone-Free: I have disabled phone number linkage and SMS authentication wherever possible to eliminate SIM-swapping risks.

2. Passwordless: Where supported, I use FIDO2/WebAuthn. No password means no password can be phished.

3. The Backup Rule: I use a minimum of two keys. My primary key is always with me, and a backup key is hidden in a secure, off-site location.

Hardware-Signed Workflow

I leverage the full multi-protocol potential of the key:

- GPG & Git: I use GPG primarily for signing git commits. When I push code, I am physically "touching" the hardware to sign that digital information.

- PIV/SSH: Secure access to servers without resident private keys on the machine.

- OTP & Static Passwords: Bridges for legacy services.

The Vault Strategy

For passwords and sensitive metadata, I rely on Bitwarden. Access to my vault is strictly locked behind my hardware keys.

> No, I'm not "that paranoid" ... yet. But I do keep an eye on the compromise of central servers. That’s why I’m planning to implement a fully self-hosted, self-controlled vault solution soon.

I’d love to hear your thoughts – what are your favorite self-hosted security stacks?

#CyberSecurity #YubiKey #Bitwarden #Infosec #Privacy #MFA #PGP #SSH #SecurityEngineering #SelfHosted

A kernel bug sat in plain sight for 8 years. AI found it in an hour.

Wrong takeaway: AI is making attackers faster.

Better takeaway: our security model assumes too much about patching.

Assume latent flaws exist.
Design around containment, isolation, and resilience.

AI isn’t changing vulnerability physics.
It’s exposing reality faster.

More thoughts here:
LinkedIn: 🔗 https://www.linkedin.com/posts/dinesh-mr_73-sounds-impressive-until-you-ask-what-activity-7458128840872349696-kpVc

#CyberSecurity #Linux #AISecurity #SecurityEngineering

Linux Privilege Escalation Cheat Sheet: Techniques and Prevention.

In this cheat sheet, I break down essential enumeration commands, common escalation paths, and practical techniques every security professional should know.
https://denizhalil.com/2025/06/30/linux-privilege-escalation-cheat-sheet/

#CyberSecurity #LinuxSecurity #PrivilegeEscalation #Pentesting #RedTeam #BlueTeam #InfoSec #ethicalhacking #SecurityEngineering #itsecurity

UDP Network Monitoring with C++: A Comprehensive Guide

In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/

#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil

Spoofing Packets with Scapy: A Comprehensive Guide

In this article, I cover how packet spoofing works with Scapy, practical use cases, and key security implications.
https://denizhalil.com/2025/07/22/spoofing-packets-with-scapy-a-comprehensive-guide/

#CyberSecurity #Scapy #PacketSpoofing #NetworkSecurity #Python #EthicalHacking #RedTeam #BlueTeam #Pentesting #InfoSec #SecurityEngineering #denizhalil

Cybersecurity Interview Questions and Answer Tips

In this article, I cover the most common cybersecurity interview questions and how to approach them effectively.

https://denizhalil.com/2025/12/08/cybersecurity-interview-questions-2025/

#CyberSecurity #InfoSec #CyberSecurityCareer #InterviewPrep #SOC #RedTeam #BlueTeam #ITSecurity #CareerDevelopment #EthicalHacking #SecurityEngineering #denizhalil