All CosmicBytez Labs articles tagged #Security, across news, security advisories, how-to guides, and projects.
Deploy Falco on a Docker host to monitor container syscalls at the kernel level, write custom homelab detection rules, and route real-time alerts through.
GitHub has rolled out new security controls for npm including staged publishing with 2FA approval requirements and package install policies, giving...
Apple has revealed it blocked more than $11 billion in fraudulent App Store transactions over the past six years, including $2.2 billion in 2025 alone,...
Apple's annual transparency report reveals the company blocked over 2 million App Store submissions, 1.1 billion accounts, and $2.2 billion in potentially...
Install and configure CrowdSec on Linux to detect and block attacks using crowdsourced threat intelligence, custom scenarios, and iptables/nftables bouncers.
Deploy a fully self-hosted, Bitwarden-compatible password manager using Vaultwarden on Docker with Caddy reverse proxy, automatic TLS, WebSocket...
Build a self-hosted WireGuard VPN server on Ubuntu for secure remote access — with NAT masquerading, DNS leak protection, QR-code client provisioning, and...
Learn how to use Trivy to scan container images, Dockerfiles, Kubernetes manifests, and Terraform for vulnerabilities and misconfigurations — then...
Deploy CrowdSec on a Linux server to get community-powered intrusion prevention — block brute-force attacks, credential stuffing, and vulnerability...
Deploy Keycloak with Docker Compose and PostgreSQL to build a centralised single sign-on platform for your homelab services, with OIDC integration for...
Comprehensive DC hardening guide covering tier model implementation, LDAP signing, NTLM restrictions, Kerberos hardening, AdminSDHolder, DSRM security,...
Step-by-step Windows Server hardening covering CIS benchmarks, attack surface reduction, service hardening, firewall rules, credential protection, and...
Complete IT offboarding checklist for departing employees. Covers account deactivation, access revocation, device recovery, data management, and...
Organizations face security risks from unauthorized applications, malware disguised as legitimate software, and shadow IT installations that bypass...
This document provides a comprehensive comparison between SentinelOne Singularity Control and Singularity Complete SKUs to help MSP teams understand the...
SentinelOne exclusion policies allow security teams to prevent false-positive detections and performance issues by excluding specific files, folders,...
Organizations using SentinelOne Singularity Complete receive 14-365+ days of Deep Visibility EDR data retention by default. This historical telemetry...
Deep Visibility is SentinelOne's EDR telemetry engine that provides comprehensive endpoint data collection for threat hunting, incident investigation, and...
Manual SentinelOne agent installation is used when automated deployment methods (GPO, RMM, SCCM) are unavailable or when installing on standalone...
Deploying SentinelOne agents across Windows endpoints at scale using Active Directory Group Policy Objects (GPO) enables centralized, automated agent...
Deploy, manage, and validate SentinelOne security policies across your endpoint estate using the SentinelOne Management API. This automated workflow supports:
USB drives, external hard drives, and Bluetooth peripherals represent significant security risks in enterprise environments. Malicious actors use USB...
During threat investigations, security analysts need to retrieve suspicious files from endpoints for deeper forensic analysis. Traditional methods...
Traditional endpoint protection focuses on file-based malware, but network-based attacks (lateral movement, command-and-control callbacks, port scanning,...
This document provides comprehensive procedures for forensic evidence collection, ransomware rollback, and threat remediation using SentinelOne Complete...
Organizations deploying SentinelOne endpoint protection require continuous monitoring of agent health to ensure comprehensive threat coverage across their...
Proactive threat hunting is essential for identifying sophisticated threats that evade automated detection systems. This script automates the process of...
The MITRE ATT&CK framework catalogs 14 tactics and 200+ techniques used by adversaries. Security teams need to proactively hunt for these techniques in...
This runbook provides a standardized process for onboarding new MSP clients to SentinelOne Singularity Complete. Following this methodology ensures...
This guide provides comprehensive best practices for configuring SentinelOne policies in MSP environments managing multiple client sites with Singularity...
The SentinelOne Management Console REST API enables automation of administrative tasks, reporting, threat response, and integration with existing security...
This document provides a comprehensive library of production-ready PowerShell scripts for automating SentinelOne operations in an MSP environment. These...
Security Operations Centers (SOCs) face overwhelming alert volumes, complex threat investigations, and resource constraints. Analysts spend hours writing...
Modern enterprise networks contain a complex mix of managed endpoints (workstations, servers), IoT devices (IP cameras, printers, smart building systems),...
Full Remote Shell is a SentinelOne Complete feature that provides authorized administrators with secure, native command-line access to managed endpoints...
This runbook provides comprehensive guidance for integrating SentinelOne Singularity Complete with NinjaRMM and other RMM platforms. Proper RMM...
SentinelOne detects suspicious files but automated malware analysis requires sandbox integration. Manually uploading files to VirusTotal, Joe Sandbox, or...
Security teams face the challenge of detecting organization-specific threats, insider threats, and policy violations that generic detection rules cannot...
Storyline Active Response (STAR) is SentinelOne's cloud-based automated hunting, detection, and response engine that allows security teams to create...
When SentinelOne detects a threat on an endpoint, security analysts must quickly investigate the alert to determine if it's a genuine malware infection,...
Understanding the complete attack chain requires correlating hundreds of events (process creation, network connections, file modifications, registry...
Complete IT onboarding checklist for new employee setup. Covers account provisioning, hardware deployment, security configuration, software installation,...
Comprehensive checklist for hardening Linux and Windows servers before production deployment. Covers OS configuration, network security, access controls,...
Step-by-step incident response checklist following NIST SP 800-61 framework. Covers preparation, detection, containment, eradication, recovery, and...
Samsung's February 2026 update roadmap removes Galaxy S21 lineup from support, while S22 series moves to quarterly updates.
Harden your Microsoft 365 tenant with security baselines, conditional access policies, data loss prevention, audit logging, and compliance configurations...
Implement Zero Trust security with Microsoft Entra ID Conditional Access. Covers named locations, device compliance, risk-based policies, and...
Deploy and manage BitLocker encryption at scale using PowerShell, with automatic TPM validation, recovery key backup to Azure AD and NinjaRMM, and...
Automate FortiGate firewall policy creation, backup, and auditing using PowerShell and the FortiOS REST API. Includes bulk rule deployment, change...
Securely manage Kubernetes secrets using External Secrets Operator. Covers ESO installation, SecretStore configuration, syncing from Azure Key Vault and...
Deploy and manage SentinelOne EDR agents across your environment. Covers manual installation, verification, troubleshooting, and best practices.
A practical recipe book of Deep Visibility hunts — encoded PowerShell, LOLBin abuse, lateral movement, persistence mechanisms. Each recipe is a copy-paste S1QL.
Deploy enterprise-ready Azure environment with hub-spoke network, Azure Firewall, Log Analytics, Defender for Cloud following Microsoft CAF best practices.
Build a secure CI/CD pipeline with GitHub Actions deploying to Azure. Covers build, test, security scanning (SAST/DAST), and deployment with OIDC...
This week: FortiGate SD-WAN deployment, new CVEs affecting critical infrastructure, and Azure Sentinel implementation tips.
Learn how to set up a production-grade homelab with proper network segmentation, monitoring, and security controls. Perfect for IT professionals and...
Secure your SSH servers with essential hardening techniques including key-based authentication, fail2ban configuration, and advanced security measures.
Deploy a modern, high-performance VPN using WireGuard. Covers server setup, client configuration, and security best practices for secure remote access.
Welcome to the first issue of the CosmicBytez Labs newsletter! This week: major security vulnerabilities, Kubernetes best practices, and cloud...
Comprehensive guide to hardening Linux servers covering user management, service configuration, kernel security, and ongoing maintenance for production systems.
Learn essential Docker security practices including image scanning, runtime protection, network isolation, and secrets management for production environments.
Automate Windows security baseline checks using PowerShell. Validate configurations against CIS benchmarks for password policies, audit settings, and...
Learn to analyze Windows Security Event Logs to detect brute force attacks, lateral movement, privilege escalation, and other security threats using PowerShell.
Deploy Pi-hole for network-wide ad blocking and DNS security. Includes setup, configuration, upstream DNS options, and integration with encrypted DNS.
Design and implement a comprehensive backup strategy using the 3-2-1 rule. Covers backup types, automation, encryption, and disaster recovery testing.
Deploy a scalable log management solution using Grafana Loki. Learn to aggregate, search, and alert on logs from your entire infrastructure.
Learn how to set up effective network monitoring using open-source tools. Covers traffic analysis, alerting, and common indicators of compromise.
Deploy your own password manager with Vaultwarden (Bitwarden-compatible). Includes secure configuration, SSL setup, and backup procedures.