🧠Educational· 6 min read
Year in Review: M Square 2025 Wins & Lessons
Reflecting on M Square LLC's first year: what we accomplished, what we learned, and where we're headed in 2026.
company newsyear in reviewreflection
Read →
2025 Archive
61 posts from this period
Back to full archive
🧠Educational· 5 min read
Speaking at DEF CON 32 – Local Village Talk
Excited to announce I'll be presenting at DEF CON 32 on practical security for small businesses.
company newsspeakingconferenceDEF CON
Read →
📣Company News· 2 min read
Welcome to the M Square LLC Blog
Introducing our blog—your resource for practical cybersecurity insights, tutorials, and industry perspectives.
announcementwelcome
Read →
🧠Educationalbeginner· 5 min read
Common SMB Cybersecurity Mistakes (and How to Avoid Them)
The most common cybersecurity mistakes small and mid-sized businesses make—and practical steps to fix them without breaking your budget.
security basicsSMB securitybest practiceseducation+1
Read →
🧠Educationalbeginner· 5 min read
Free vs Paid Security Tools – What's Worth It for SMBs
A practical guide to choosing between free and paid security tools for small and mid-sized businesses—what's worth the investment and where you can save.
security toolsbudgetingSMB securityeducation+1
Read →
🧠Educationalbeginner· 4 min read
How to Read a Pentest Report Like a CEO
A practical guide for executives on how to read and understand penetration test reports—what matters, what doesn't, and how to take action.
penetration testingexecutiverisk managementSMB security+1
Read →
🧠Educationalbeginner· 5 min read
MFA: Why It's Critical and How to Enforce It
A practical guide to multi-factor authentication for SMBs—why it's essential, how to implement it, and how to get your team on board.
MFAauthenticationsecurity basicsSMB security+1
Read →
🧠Educationalbeginner· 5 min read
Setting Up a Pentest Lab at Home (Free Tools Edition)
A step-by-step guide to building a penetration testing lab at home using entirely free tools—perfect for learning and practicing ethical hacking safely.
pentest labethical hackinghands-on learningfree tools+1
Read →
🧠Educationalbeginner· 4 min read
What Is Phishing? Real-World Examples and Defenses
A practical guide to phishing attacks—what they are, real-world examples targeting SMBs, and how to defend your business against them.
phishingsecurity awarenesssocial engineeringSMB security+1
Read →
🧠Educationalbeginner· 5 min read
Password Security 101: How to Train Your Team
A practical guide to training your team on password security—including diceware passphrases, real-world breach examples, and best practices.
password securitysecurity awarenesstrainingSMB security+1
Read →
🧠Educationalbeginner· 6 min read
Security Risk Assessment: Explained for SMBs
A practical guide to security risk assessments for small and mid-sized businesses—what they are, what's involved, and why they matter.
risk assessmentsecurity basicscomplianceSMB security+1
Read →
🧠Educationalbeginner· 3 min read
The Difference Between IT Support and Cybersecurity
Why your IT guy isn't a security expert—and why that's okay. Understanding the distinct roles of IT support and cybersecurity professionals.
IT supportcybersecuritysecurity basicsSMB security
Read →
🧠Educationalbeginner· 4 min read
HIPAA, GDPR & Cybersecurity Basics
A practical guide to HIPAA and GDPR compliance for small and mid-sized businesses—what they mean, what's required, and how cybersecurity fits in.
complianceHIPAAGDPRsecurity basics+2
Read →
🧠Educationalbeginner· 3 min read
How to Secure Your Healthcare Clinic in 7 Days
A practical week-long action plan for healthcare practices to improve security posture and move toward HIPAA compliance.
healthcareHIPAAaction plancompliance
Read →
🧪Writeups & Researchadvanced· 2 min read
HTB: Corporate Machine Writeup
Full walkthrough of the Corporate machine on Hack The Box. Covers API exploitation, Active Directory lateral movement, and privilege escalation.
HTBActive DirectoryAPI exploitationprivilege escalation
Read →
🧠Educationalbeginner· 4 min read
7 Signs Your Business Has Been Breached (and What To Do)
How to recognize the warning signs of a security breach and take immediate action to minimize damage.
incident responsebreach detectionsecurity basicsSMB security
Read →
🧠Educationalbeginner· 4 min read
MFA Explained Like You're 5
Multi-factor authentication doesn't have to be confusing. Here's the simplest explanation of MFA and why it's essential for your business.
MFAauthenticationsecurity basicspassword security
Read →
🧪Writeups & Researchintermediate· 3 min read
Analyzing a Real-World Phishing Campaign
Deep dive into a phishing campaign targeting financial institutions. Infrastructure analysis, kit reverse engineering, and IOC extraction.
phishingthreat intelligenceOSINTanalysis
Read →
🛠Hacking Techniquesintermediate· 3 min read
Mastering ffuf: A Web Fuzzing Deep Dive
Advanced ffuf techniques for web application testing. Custom wordlists, filter strategies, and real-world fuzzing workflows.
fuzzingweb testingffufenumeration
Read →
🧠Educationalbeginner· 6 min read
What Is Ransomware and How to Prepare
A practical guide to ransomware—what it is, real-world examples, and how to prepare your SMB before an attack happens.
ransomwaremalwaresecurity basicsincident response+2
Read →
🧠Educationalbeginner· 4 min read
What Is Network Segmentation (and Why It Matters)?
Network segmentation explained in plain English: why dividing your network into zones is essential for limiting breach damage.
network securitysegmentationsecurity basicsarchitecture
Read →
🛠Hacking Techniquesbeginner· 2 min read
Payload Crafting 101: Building Your First Reverse Shell
A beginner-friendly guide to understanding and creating reverse shell payloads. Learn the fundamentals before diving into advanced exploitation.
payloadsreverse shellsexploitationfundamentals
Read →
🧠Educationalbeginner· 4 min read
How to Build a Cybersecurity Policy in 1 Day
A practical guide to creating essential cybersecurity policies for your business—even if you're starting from scratch.
policycompliancesecurity basicsgovernance
Read →
🧠Educationalbeginner· 4 min read
Cybersecurity ROI: How It Saves You Money
How to think about cybersecurity as an investment that generates returns—and how to calculate the ROI for your business.
ROIbusiness strategysecurity investmentSMB security
Read →
📣Company News· 15 min read
Announcing M Square 2025 Training Workshops
New training programs for 2025 including hands-on workshops, executive briefings, and customized security awareness programs.
announcementtrainingworkshops
Read →
✍️Thought Leadership· 3 min read
Why Small Businesses Are Prime Targets for Cyberattacks
The uncomfortable truth about SMB security: why attackers prefer small businesses and what you can do about it.
SMB securitythreat landscaperisk management
Read →
🧠Educationalbeginner· 4 min read
Preparing for Cyber Insurance: What Underwriters Look For
What cyber insurance underwriters actually evaluate and how to position your business for better coverage and lower premiums.
cyber insurancecompliancerisk managementSMB security
Read →
🧠Educationalbeginner· 5 min read
How to Secure Your Startup From Day One
A practical security roadmap for startups: what to implement at each stage of growth without slowing down innovation.
startupsecurity basicsgrowthSMB security
Read →
🧠Educationalbeginner· 5 min read
Security for Remote Teams: Tools & Tactics
How to secure a distributed workforce: practical tools, policies, and tactics for remote and hybrid teams.
remote workwork from homesecurity toolsSMB security
Read →
🧠Educationalbeginner· 3 min read
HTB: Laboratory Walkthrough (Beginner Level)
A beginner-friendly walkthrough of the Hack The Box Laboratory machine, covering GitLab exploitation and privilege escalation.
Hack The BoxCTFGitLabprivilege escalation+1
Read →
🧠Educationalintermediate· 4 min read
HTB: Active Directory Lab (Intermediate)
An intermediate walkthrough covering Active Directory enumeration, Kerberoasting, and domain privilege escalation techniques.
Hack The BoxCTFActive DirectoryKerberos+1
Read →
🧠Educationalbeginner· 4 min read
THM: Basic Pentesting Walkthrough
A beginner walkthrough of TryHackMe's Basic Pentesting room, covering web enumeration, SMB exploitation, and Linux privilege escalation.
TryHackMeCTFbeginnerSMB+1
Read →
🧠Educationalbeginner· 4 min read
THM: Blue Box – EternalBlue Exploitation
A walkthrough of the TryHackMe Blue room demonstrating the infamous EternalBlue (MS17-010) vulnerability exploitation.
TryHackMeCTFEternalBlueWindows+1
Read →
🧠Educationalintermediate· 5 min read
THM: OWASP Top 10 Box Review
A comprehensive review of TryHackMe's OWASP Top 10 room, covering each vulnerability category with practical examples.
TryHackMeOWASPweb securityCTF+1
Read →
🧠Educationalbeginner· 5 min read
Case Study: Preventing a Ransomware Outbreak in a Law Office
How proactive security measures stopped a ransomware attack before it could spread through a mid-sized law firm.
ransomwarecase studylegalincident response
Read →
🧠Educationalintermediate· 6 min read
Whitepaper: Red Team vs. Blue Team — Why SMBs Need Both
Understanding the red team and blue team concepts and how small and medium businesses can benefit from both offensive and defensive security approaches.
red teamblue teamsecurity strategySMB security
Read →
🧠Educationalbeginner· 6 min read
Real-World Lessons from a HIPAA Compliance Audit
Key takeaways from conducting HIPAA compliance audits and the most common gaps found in healthcare organizations.
HIPAAcompliancehealthcareaudit
Read →
🧠Educationalintermediate· 6 min read
Writeup: Bypassing Broken Access Controls in a Legacy Web App
Technical writeup of identifying and exploiting broken access control vulnerabilities in a legacy web application during a penetration test.
access controlweb securitypenetration testingOWASP
Read →
🧠Educationaladvanced· 6 min read
Whitepaper: AI and Offensive Security – Practical Use Cases
Exploring how AI and LLMs are being used in offensive security operations, from reconnaissance to payload development.
AIoffensive securityautomationLLM+1
Read →
🧠Educationalintermediate· 6 min read
How to Use Burp Suite Like a Bug Bounty Hunter
Master Burp Suite with techniques used by professional bug bounty hunters: from basic interception to advanced automation.
Burp Suiteweb securitybug bountytools
Read →
🧠Educationalintermediate· 7 min read
How to Build a Custom Wordlist with CeWL & Crunch
Create targeted wordlists for password attacks and content discovery using CeWL, Crunch, and other techniques.
wordlistspassword crackingCeWLCrunch+1
Read →
🧠Educationaladvanced· 7 min read
Walkthrough: Creating an Exploit in Python
Learn exploit development fundamentals by creating a simple buffer overflow exploit in Python, step by step.
exploit developmentPythonbuffer overflowsecurity research
Read →
🧠Educationaladvanced· 6 min read
DNS Rebinding Explained with Real Demos
Understanding DNS rebinding attacks: how they work, why they're dangerous, and how to demonstrate them in a lab environment.
DNSweb securitySSRFattack techniques
Read →
🧠Educationalintermediate· 5 min read
OWASP Top 10: Explained with Payloads
A practical guide to the OWASP Top 10 vulnerabilities with real payloads and examples for each category.
OWASPweb securitypayloadsinjection+1
Read →
🧠Educationaladvanced· 5 min read
Bypassing WAFs: Tricks from the Field
Techniques for bypassing Web Application Firewalls during authorized penetration tests, with practical examples.
WAFbypassweb securitypenetration testing
Read →
🧠Educational· 5 min read
Free Consultation Program – How It Works
Learn about our free 30-minute security consultation and what you can expect from the conversation.
company newsconsultationservices
Read →
🧠Educational· 6 min read
New Service: Virtual CISO for SMBs
Announcing our Virtual CISO service—executive-level security leadership for businesses that need expertise without the full-time price tag.
company newsvCISOservicesleadership
Read →
🧠Educational· 4 min read
Why I Started M Square LLC
The story behind M Square LLC: why I left corporate security to help small businesses protect themselves from cyber threats.
company newsabout usentrepreneurshipfounder story
Read →
🧠Educationalbeginner· 4 min read
What Is a Penetration Test?
A practical guide to penetration testing—what it is, why it matters, and how it helps protect your business from real-world cyberattacks.
penetration testingsecurity basicsSMB securityeducation
Read →
✍️Thought Leadership· 6 min read
The Problem with Checkbox Cybersecurity
Why compliance-driven security creates a false sense of protection and what actually makes businesses secure.
compliancesecurity culturerisk managementopinion
Read →
✍️Thought Leadership· 6 min read
AI in Cyber Offense: Tools, Tactics, and Ethics
Exploring how AI is changing offensive security: the tools emerging, how attackers use them, and the ethical considerations for defenders.
AIoffensive securityethicsemerging threats
Read →
✍️Thought Leadership· 6 min read
The Future of Cybersecurity for Healthcare Practices
Where healthcare cybersecurity is headed and how medical practices should prepare for emerging threats and opportunities.
healthcarefuture trendsHIPAAmedical security
Read →
✍️Thought Leadership· 6 min read
Why Security Awareness Training Is Failing
Security awareness training isn't working. Here's why the current approach fails and what actually changes behavior.
security trainingawarenesshuman factorsculture
Read →
✍️Thought Leadership· 7 min read
How to Create a Hacker-Resistant Business Culture
Building a security culture that makes your organization naturally resistant to attacks—beyond tools and training.
security cultureorganizational securityleadershiprisk management
Read →
🧠Educationalbeginner· 9 min read
Employee Security Training Without Losing Productivity
Learn how to deliver effective employee cybersecurity training that boosts your human firewall without slowing down your business. Practical strategies for engaging, bite-sized security awareness.
security trainingemployee awarenessphishingproductivity+2
Read →
🧠Educationalintermediate· 10 min read
Web Fuzzing for Bug Hunters: How It Differs from Traditional Fuzzing
Learn how web fuzzing differs from traditional binary fuzzing, and how bug hunters use it to find IDORs, hidden endpoints, and logic flaws in web applications.
fuzzingweb testingbug bountypenetration testing+2
Read →
🧠Educationalintermediate· 8 min read
Fuzzing Basics: What It Is and How It Finds Bugs
Learn the fundamentals of fuzzing—a powerful technique used by security researchers to find zero-day bugs and vulnerabilities through automated input testing.
fuzzingvulnerability researchbug huntingsecurity testing+2
Read →
🧠Educationalbeginner· 9 min read
What to Expect During a Penetration Test
A complete guide to the penetration testing process—from kickoff to final report. Learn what happens during a pentest and how to prepare your team.
penetration testingsecurity basicsSMB securityeducation+1
Read →
🧠Educationalintermediate· 6 min read
How I Use AI to Accelerate Recon Workflows
How I integrate AI into every stage of my reconnaissance workflows as a penetration tester. Practical examples, tools, and techniques for red teamers and bug bounty hunters.
AIreconnaissanceOSINTpenetration testing+3
Read →
🧠Educationalbeginner· 5 min read
Cybersecurity Policy Template for Small Teams
A ready-to-use cybersecurity policy template tailored for small businesses and lean teams. Includes implementation tips and best practices for protecting your digital operations.
policysmall businesssecurity basicstemplate+2
Read →
🧠Educationalbeginner· 5 min read
Recon 101: Tools, Targets, and Tips
Learn the fundamentals of reconnaissance in cybersecurity—what it is, why it matters, and how to perform it with free tools. Essential reading for SMBs, new security professionals, and curious tech teams.
reconnaissanceOSINTpenetration testingcybersecurity+2
Read →