🛡️ Security Tutorials

Find every service listening on your machine or a remote host, understand what is exposing itself to the network, and close what should not be open.

Install fail2ban, understand how it works, and configure it to ban IPs that repeatedly fail SSH authentication — without locking yourself out.

Create a certificate and private key for local development, internal tools, and test environments where a CA-signed certificate is not necessary.

Why you cannot use SHA-256 for passwords, what makes bcrypt and argon2 the right tools, and how to implement them correctly.

The classic alg=none and algorithm confusion attacks both come from trusting what the token tells you. Here is how to verify JWTs the right way.