Notes from the Blue

Independent IT blog · Security & Infrastructure

What you learn
when you actually dig in.

Tutorials, field notes and write-ups on detection engineering, homelab builds and general IT. By a practitioner, for practitioners.

Browse articles Explore topics
All articles
1 post
Tutorials
Step-by-step guides
Homelab
Proxmox · OPNsense · Docker
Detection
SOC · SIEM · Sigma

Latest articles

Core topics covered

01 //
Detection Engineering
Building detection logic that works — from threat modelling to alert tuning, log quality, and rule lifecycle management.
02 //
Homelab & Self-Hosting
Running a serious lab at home: Proxmox, OPNsense, n8n, Docker, Traefik, NetBird and everything in between.
ProxmoxOPNsensen8nDockerTraefikNetBird
03 //
General IT
Networking fundamentals, Linux internals, tooling picks, and topics that don't fit a neat category but are worth understanding.
"Dwell time is the window between intrusion and detection. What happens inside that window is the whole game." — Editorial philosophy of the lab
Site live
Newsletter — planned
--:--:-- UTC+1