A practitioner's guide to AI in security operations, grounded in OWASP's Vendor Evaluation Criteria and the Moltbot security debacle. Dos, don'ts, and what good AI red teaming actually looks like.
Deployed Action1 RMM for Windows endpoints - free 200 endpoint tier, 2-minute agent install vs hours of WinRM config. Handles patching, software deployment, and remote scripting without the Ansible Windows pain.
Deployed Ansible control node managing 14 hosts across 9 groups. Integrated Ludus cyber range for VM provisioning. Built custom roles with Docker, UFW, and systemd integration. Optimized with fact caching and SSH pipelining.
Deployed CSI Linux with 50+ forensic tools across 9 categories. Integrated with centralized evidence share and zero-trust upload portal. Four access methods ensure reliable connectivity for investigations.
Deployed Wazuh 4.14.2 across 16 hosts with 60+ custom detection rules for C2 beaconing, DNS tunneling, DGA, port scanning, and honeypot alerts. Includes active response automation and critical Wazuh gotchas.
Fixed persistent SMB evidence share mount using systemd automount, resolved IP conflicts, and established a web upload portal behind Cloudflare Access for external investigators.
Audited 67 firewall rules and disabled 21 dangerous WAN rules. Reduced Zeek false positives by 90%. Fixed broken Wazuh SIEM rules. Cleaned up SIEM agent inventory from 21 to 16 active agents.
First log entry. The lab is open. Also, I saw something in the woods.
A tool that masks your sensitive data before it goes into public AI. Because Bigfoot respects privacy, and so should you.