Blog THAYOZ

Email Security

Thu, 25 Dec 2025 15:03:10 +0100

Ensuring Proper Email Security: A Deep Dive into SPF, DKIM, DMARC, and SPF Flattening

Email remains a critical communication tool for businesses and individuals alike. However, it’s also a prime target for cybercriminals who exploit vulnerabilities through phishing, spoofing, and impersonation attacks. To combat these threats, implementing robust email authentication protocols is essential. This blog post provides a comprehensive, detailed guide to setting up Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). We’ll also include a dedicated subchapter on SPF flattening—a technique to optimize SPF records when they become overly complex. Each section includes step-by-step instructions, code examples, and best practices to help you secure your domain effectively..

LLM+MCP+Kali-Linux = Pentesting

Fri, 10 Oct 2025 23:13:30 +0100

By integrating a local large language model (LLM) like Ollama running Mistral with the Model Context Protocol (MCP), we can connect to an MCP server that interfaces with a Dockerized Kali Linux instance. This setup allows the AI to execute penetration testing commands in a controlled environment, aiding in tasks like vulnerability scanning and CTF challenges.s

What is MCP and Why Use It for Pen Testing?

The Model Context Protocol (MCP) is an open standard for connecting AI models to external tools and data sources. It acts as a bridge, enabling LLMs to interact with systems securely. In penetration testing, MCP servers can expose tools like those in Kali Linux, allowing AI to assist in ethical hacking tasks without direct human intervention for every command.

Hiring with a CTF Challenge

Wed, 20 Aug 2025 22:03:10 +0100

In the ever-evolving landscape of cybersecurity, finding and hiring skilled security engineers has become one of the most complex tasks for organizations. With cyber threats growing in sophistication and frequency, companies need professionals who aren’t just book-smart but passionate and curious about many things. Traditional recruitment methods: resumes, interviews, study cases often fall short in identifying true talent. Enter the Capture The Flag (CTF) challenge: a gamified, hands-on approach that’s transforming how we scout for infosec wizards. In this blog post, we’ll dive deep into why recruiting security engineers is so tricky, how an online CTF with eight targeted challenges can serve as the ultimate first barrier, and practical insights on implementing this strategy to build a good security team.

NotPetya

Sun, 20 Apr 2025 07:31:01 +0100

Mistakes Were Made

Thu, 15 Aug 2024 21:23:01 +0100

Modern Vintage Gamer masterfully chronicles the epic history of how hackers systematically defeated the security protections of the original Xbox, Xbox 360, Sony PS1, PS2, PS3, PS4, Vita, PSP (plus GameCube, Wii, and Saturn). This while leveraging hardware modchips, swap tricks to kernel exploits and beyond.

IoT Everything

Mon, 22 Jan 2024 22:03:10 +0100

In the era of smart kitchens, WiFi-connected air fryers promise ultimate convenience: preheat your device from the office, monitor cooking progress via an app, or even integrate it with voice assistants like Alexa. Brands like Cosori, Xiaomi, and Aigostar offer models that let you control temperatures and timers remotely, turning a simple appliance into a “smart” hub. But from an information security standpoint, these devices introduce significant risks. While the convenience is tempting, connecting a high-heat appliance to your home network—and often the internet—opens doors to vulnerabilities that could compromise your privacy, network security, or even physical safety.

Time to start something

Sun, 19 Nov 2023 20:03:10 +0100

Hey! After years of jotting down ideas in scattered notes, vscode pages, and random files, I’ve decided to create a proper home for them: this public scratchpad. I work with tech daily—building, breaking, and exploring how things connect. My interests shift constantly: IoT projects and embedded systems one day, IT security, vulnerabilities, and threat modeling the next. This blog will capture it all:

Notes on IoT tinkering Thoughts on security topics, tools, and best practices Technical deep dives Half-baked ideas and random discoveries Quick gotchas or “wish I’d known this” moments

Mon, 01 Jan 0001 00:00:00 +0000

About

I’m a curious human currently based in Switzerland.

By day I manage cybersecurity, and in my spare time I love diving deep into iot, IT for kids.

What gets me excited right now

Cybersecurity — Protecting people, organizations, and infrastructure from evolving threats is what I do every day — and what keeps me up at night (in a good way). Whether it’s hunting for vulnerabilities, hardening environments, analyzing incidents, or building secure-by-design systems, I love the cat-and-mouse game of modern security. There is no routine and every day is a new challenge.
Technology in General — Especially the Bleeding Edge I’m endlessly curious about where tech is heading. Right now, large language models (LLMs) and the rapid wave of AI novelties have me hooked. The pace of change is insane — and I want to understand (and maybe even help shape) what’s coming next.
IoT and Embedded Systems — There’s something magical about making physical things smart. I tinker with microcontrollers, sensors and small embedded systems. From building custom home-automation gadgets to thinking about how to automate time consuming daily choires.

This blog is my corner of the internet where I share what I’m learning, building, and thinking about. Expect posts about mainy things — sometimes serious, often not.