End-to-end macOS distribution pipeline — sign binaries and app bundles with codesign, notarize with notarytool, staple tickets with stapler, and verify Gatekeeper acceptance with spctl.
Deep-dive on macOS extended attributes — listing, reading, writing, and removing xattrs with xattr(1); the Gatekeeper com.apple.quarantine flag; Spotlight metadata attributes; ACLs via ls -le and chmod +a; preserving attributes on copy with cp -p and rsync -X.
The dual-purpose Windows CLI for certificate-store management and as the most reliable built-in tool for file hashing, base64 encoding, and CRL/CTL handling — no install required.
Inspect the Resultant Set of Policy that applied to a user and computer with gpresult, then force a refresh with gpupdate — including HTML reports, scope filtering, and the classic 'why didn't my GPO take effect?' workflow.
Launch a program in the security context of a different user account — elevate to Administrator, switch to a service account, or test application behaviour under a restricted identity.
Connect to remote hosts, transfer files, and forward ports over an encrypted channel using the OpenSSH client built into Windows 10 and later.
Transfer ownership of files and directories to the current user or the Administrators group from an elevated command prompt — a prerequisite for modifying ACLs on system-protected paths.
Query, export, clear, and manage Windows Event Log channels from the command line — the primary CLI for event log automation, log archiving, and scripted log analysis on Windows.
Display the current user name, SID, group memberships, and privileges from the Windows command prompt — essential for auditing security context in scripts and support scenarios.
TSO commands for RACF user, group, dataset, and general-resource profile administration on z/OS.
Control what Codex CLI can do — approval policies (untrusted, on-request, never), sandbox modes (read-only, workspace-write, danger-full-access), OS-native sandbox mechanics, and --full-auto.
Practical GnuPG cheat sheet — generate keys, sign and verify files, encrypt for a recipient, sign git commits and tags, and manage trust without the bureaucracy.
POSIX file permissions on Linux. Covers symbolic and octal chmod, ownership with chown, the meaning of r/w/x for files vs. directories, setuid/setgid/sticky bits, umask, ACLs, capabilities, and immutable attributes.
Local, remote, and dynamic SSH tunnels — port forwarding, SOCKS proxies, jump hosts, ssh_config directives, agent forwarding, autossh persistence, post-quantum key exchange, and operational recipes.
OS-level security primitives every operator should know: users and groups, file permissions, Linux capabilities, SUID/SGID, mandatory access control (SELinux, AppArmor), sandboxing concepts, least privilege, and encryption at rest vs in transit.
A practical guide to reviewing and authoring pull requests — small PRs, naming, control flow, error paths, security, performance, and GitHub PR conventions.
navigation
actions
cheat sheet pages
