Rocky Linux version 10 is today's Linux OS of choice and part of the Zero Trust implementation for the home lab. The steps in this blog detail the implementation of IPSec between a Windows Domain and Linux using Strongswan.

Smart cards store cryptographic certificates that enable two-factor authentication (2FA). Unlike passwords, these credentials cannot be easily stolen or reused, making it significantly harder for attackers to gain access and will be implemented as part of Zero Trust

Zero Trust - This blog will provide an in-depth explanation of the AD delegation model that has been delivered by PowerShell for a Zero Trust Network

Zero Trust assumes the network is hostile, even internal traffic can't be trusted without verification. Every connection must be authenticated, authorized, and encrypted. IPSec (Internet Protocol Security) is a key enabler. In this article, I'll implement IPSec in a Domain with certificates using the Microsoft Platform Crypto Provider is the Key Storage Provider (KSP) that allows certificates and their private keys to be stored in the TPM.

Let's set up 802.1X authentication on the pfSense 4200 using FreeRADIUS and a Windows Certificate Authority (CA) as part of Zero Trust.

This post outlines how to build a segmented, secure network using pfSense on a Netgate 4200, a budget-friendly managed switch, and VLANs with point-to-point firewall rules. The objective is to use 802.1Q VLAN tagging to create isolated network zones and enforce access control with pfSense’s built-in firewall.

This Zero Trust series starts with core principles, identity, segmentation, and least privilege. I’ll cover real-world tools like pfSense, 802.1X, IPsec, firewalls, smartcards, and certificate-based authentication. We’ll first explore the theory behind Zero Trust, followed by its practical implementation, the fun part. Although the theory is wordy and a bit.... boring, it's important to understand the principles and how they apply to the implementation of the tech.

To enable VLAN tagging on a Raspberry Pi, install the vlan package with sudo apt install vlan, then load the 8021q kernel module using sudo modprobe 8021q. This setup allows your Raspberry Pi to support 802.1Q VLAN interfaces for use with managed switches and segmented networks.

Thousands of files, no structure, let's get them organised into months and years with PowerShell. Duplicates are moved to another directory for review.

Creating a simple web report with PowerShell doesn't need to be a chore, there are limitations and it's definitely not a proper HTML editor. It doesn't mean the output should look shoddy. Like many, I'm using PowerShell to analyse Windows and display the results. The screen grab below is a section of a report I'm currently working on and soon to be published. The script is a comprehensive vulnerability assessment written entirely in PowerShell and made to look pretty