Author Archives: lathif md

Check out this free masterclass I found on affiliate marketing — no cost, just real training to start earning online Want to start earning online WITHOUT a product?I just watched a free webclass that shows how affiliate marketing works (no tech skills needed).It’s beginner-friendly and 100% free to join.Watch it here ! https://millionairepartnership.com/webclass-d24#aff=lathif5566 Affiliate marketing… Read More »

Python Scripts for Vulnerability Management Automation Real-world Security Operations Use Cases Modern Vulnerability Management (VM) programs cannot scale with spreadsheets and manual tracking. To reduce risk, improve SLA compliance, and save operational hours, I built multiple Python-based automations covering the full VM lifecycle — from scan data ingestion to executive reporting. Below are real, production-grade… Read More »

What Is a Zero-Day Vulnerability & How Do You Address It? A zero-day vulnerability is a critical security flaw that is unknown to the software vendor and has no official patch available at the time of discovery. Because defenders have “zero days” to prepare or fix it, attackers can exploit the weakness before security teams… Read More »

What Is SELinux? Complete Guide to SELinux Configuration, Modes, Commands, and Advantages SELinux (Security-Enhanced Linux) is a kernel-level security framework that provides Mandatory Access Control (MAC) to protect Linux systems from unauthorized access, privilege escalation, and zero-day attacks. Unlike traditional Linux permissions, SELinux enforces security policies even if a user or service is compromised. In… Read More »

VULNERABILITY MANAGEMENT is a continuous security process where we identify, assess, prioritize, and remediate security weaknesses in systems, applications, and networks before attackers can exploit them. It involves regular scanning, risk-based analysis, patching, and continuous monitoring to reduce the organization’s attack surface. Vulnerability Management is the ongoing process of finding, fixing, and tracking security weaknesses… Read More »

What is SIEM? (Security Information and Event Management)- Example – Sentinel- SPLUNK SIEM is a centralized platform that collects, normalizes, correlates, and analyzes security logs/events from across an organization to provide:Real-time threat detection=Incident investigation=Compliance reporting=Forensics and root-cause analysis1. Log Sources =Endpoints (Windows Event Logs, Sysmon, Linux auditd)=Servers (Application logs, database logs)Network Devices (Firewall, switch, IDS/IPS)=Cloud… Read More »

EDR (Endpoint Detection & Response)- CLOUDSTRIKE-CARBONBLACK→ Secures endpoint devices only (laptops, servers, VMs).→ Focus is endpoint telemetry + detection + containment. Endpoint Detection and Response (EDR): EDR kicks in after a threat bypasses traditional defenses. It provides continuous monitoring, detection, and response capabilities for advanced threats and zero-days. • EDR helps in threat hunting, forensic… Read More »

What are your Daily EDR & SIEM Tasks for answering in Interviews On a daily basis, I monitor SIEM and EDR alerts and quickly triage them to separate real threats from false positives using process trees, log correlation, and user behavior. I respond to endpoint incidents by isolating infected machines, killing malicious processes, and supporting… Read More »