Practical, technical guides written by a security practitioner. No clickbait. No vague "use a strong password" advice. Only what actually makes a difference.
DNS sinkhole that blocks ads and trackers for every device on your network at once. Complete guide to Pi-hole v6: installation, OISD blocklist, router config, and fallback DNS.
More family-friendly than Pi-hole, with conservative defaults, built-in DoH, and parental controls that work with one click. Docker Compose installation from scratch.
Your own cloud on your own Pi. Files, calendar and photos, without Google or Microsoft seeing any of it. Docker Compose setup from scratch with MariaDB and Redis.
Expose your home services securely without opening a single port in your router. Cloudflare Tunnel, Docker and zero-trust access from scratch.
DNS-based ad blocking at the network level: all devices covered, no browser extension. Comparison of the two most popular options with Docker setup and an honest recommendation.
From ping-sweep to vulnerability scanning. Nmap is 27 years old and still the sharpest tool for mapping what actually runs on your network.
Run your own VPN server at home. WireGuard has been in the Linux kernel since 5.10, does 200–300 Mbit/s on a Pi 4, and is 4,000 lines of code vs OpenVPN's 70,000.
Password manager, MFA, 3-2-1 backup, patching and phishing recognition. No vague advice. Concrete steps with specific tools named.
32% of data breaches exploited known vulnerabilities with an available patch (Verizon DBIR 2024). Find and close them with VulnDetect and winget.
EU Directive 2022/2555 took effect in October 2024. Fines up to €10 million. Here's who it covers, what Article 21 requires, and what to do now.
From no firewall to a sensible ruleset in five minutes. SSH warning, LAN-only access, rate limiting and a complete Pi homelab setup with Pi-hole.
Key-based login, fail2ban, port change and UFW rules. The default settings on Raspberry Pi OS are not secure enough. Step-by-step guide for your homelab.
One entry point for all your Docker services with automatic SSL. Traefik v3, Let's Encrypt via Cloudflare DNS challenge and routing via container labels.
Protect SSH, Traefik and Nginx from automated attacks. Fail2ban bans IPs that rack up too many failed attempts, automatically and without ongoing maintenance.
Capture and analyse network traffic with Wireshark. Display filters, TCP stream following and practical examples — find hidden devices, DNS leaks and unencrypted HTTP.
No spam. Just new guides and security articles.
Sign up for notifications →See live security threats that could affect you and your home network.
Open SecIntel free →