Daniel Thiele IT - daniel@dproject.de

From Firewall to Mini-SOC   How I Used ChatGPT and Codex to Add a New Security Layer to My Homelab I already had a structured lab with segmentation, remote access, and a clear network design. What I wanted next was to add another layer of security : not another layer of blocking, but another layer of visibility . I am also heading toward the Security+ exam , so this project fit perfectly into what I want to learn anyway: not just how to install tools, but how to think about monitoring, visibility, architecture, and controlled rollout.  The target was a small but real detection pipeline: OPNsense firewall → Suricata intrusion detection → Syslog forwarding → Wazuh SIEM → searchable alerts in a dashboard This is the kind of chain you would find, in much larger form, in a Security Operations Center , usually shortened to SOC . A Security Operations Center is the part of an organization that watches security events, reviews alerts, and investigates suspicious activity. In a larg...

A troubleshooting tour through Linux bridges, Proxmox vmbr interfaces, and the moment “drops” stopped meaning “packet loss”.   This post is a real troubleshooting walkthrough from my homelab. I’m running Proxmox on a host called Athena and noticed scary-looking dropped packet counters on a Linux bridge ( vmbr0 ). What followed was a surprisingly deep dive into how Proxmox networking works under the hood: Linux bridges, bridge netfilter, per-interface counters, and a set of proprietary Layer-2 frames emitted by my FritzBox that Linux mostly ignores (but still counts as “dropped”). I’m keeping this conversational and command-heavy, because this got solved the only way these things get solved: one fact at a time, measured on the system. The scene: Proxmox bridges in plain terms On Proxmox, a vmbrX interface is usually a Linux bridge : A physical NIC (for example enp1s0 ) can be a port on that bridge. VM interfaces show up as tap… devices and are also ports on tha...

    So, that means I am now a certified Linux Administrator... I need to rest now. My brain is braining.... Honestly, I can say: with Codex installed recently, coding is now vibe coding . I personally can say I understand what the AI does—well, at least 80% of it—which is great actually, but I want to do more with it. What we need is a secure, compliant, and stable “coworker” who can do useful stuff. So when I find the time, I will step away from OpenAI and see what I can do locally, without relying on megacorps, and what agents can do that would help me organize my paperwork, not hallucinate, and all that stuff. As someone who worked in the design field, I can tell you the big tech companies steal all your data. You cannot trust them. So if you don't care, fine. If you have to work with lots of personal data, need to fulfill compliance rules and regulations, and want to make sure it does what you want—this is what everybody is thinking about. Unfortunately, I am now starting ...

We get plenty of cyber news in Germany. That’s why I focus on my area. Still, afaik we don’t get everything covered — or at least I don’t see everything all the time. But since the big blackout in Berlin a few weeks ago, I expect everyone to know that our infrastructure is built on thin ice. Cyberattacks, on the other hand, are still somewhat more niche, I feel. However, we do get frequent news and official warnings about ransomware attacks, like this one from earlier this month: https://www1.wdr.de/nachrichten/westfalen-lippe/cybersicherheit-handwerk-owl-100.html#:~:text=Der%20deutsche%20Mittelstand%20ist%20nur%20schlecht%20auf,kann%20den%20Weg%20f%C3%BCr%20Hacker%20in%20jeden In other news, something I see personally on my Google News feed is trading and investment ads about AI and other trading apps. As a 40-year-old who grew up with IT and who is “in the market” (financial markets), I see these ads regularly and I know how much fake stuff is going on. I mean, I even get emails fr...

The certificates I get are actually very theoretical. They are just to put them in a pdf and send that out along with my other references from school, uni and work. You can — and I did — install VMs and simulate stuff in Packet Tracer and the like for learning and practice, but a lot of it is just memorization of commands, terminology, and workflow steps on top of everything else. However, in order to memorize, learn, and demonstrate things better, I do have my homelab, documentation, Anki cards (flashcards), and whiteboards filled with notes and graphic-facilitation-style images. These are basically visual anchors and memory palaces that use the Loci and Major methods in ways I haven’t seen before.  For example I create a memorable image for rsyslog (the new rocket fast syslog)....  Syslog comes with priorities. I then create images that combine the Major method with Loci. For 0 I often use "sea". Syslog prio 0 is "emergency". So I combine the two and turn it into...

 The German tax government seems to be advancing in ways that are quite alright IMHO. I think that ELSTER-Online and the use of AI and algorithms in processing the data is just fine and shows how the government can do things right and make progress in their "digitization" endeavors. Bielefeld is facilitating new AI enhanced workflows: https://www.radioguetersloh.de/nachrichten/kreis-guetersloh/finanzamt-bielefeld-testet-ki-einsatz.html I live in Gütersloh though, so I might not be processed by their AI, but I contacted the tax office in Bielefeld for an internship and maybe I will get some more info about the matter.

It was a lot tougher than what I expected. A lot tougher than my programming classes at the university even... A lot tougher than actual programming with assembler. Not because of math or logic stuff. Simply because of so many tools and options and paths to memorize. I guess if you have work experience in Linux for a couple of years it's a lot easier though.  Anyways I got some great "learnings" and learning techniques implemented which should help me now with the second part.