Weekly Post #2 - 09/01/2026
This week I’ve been focusing on reviewing multi factor authentication, particularly in a Microsoft environment. I’ve learnt a lot about session binding, and about how both Microsoft and Google and protecting users in the background. It’s cemented my belief that personal devices are the biggest weakness in an enterprise environment, and I’ll be looking for more support from management to try and minimise the use of them wherever possible.
I've got two more posts coming in the multi factor authentication series. One is as promised around configuring Azure (Entra ID) to require minimum standards of MFA for various user groups. The other is around using Grafana to analyse Azure sign-in logs for anomalies and intrusions. I really like Grafana, and have set up Azure Log Analytics as a data source. KQL is really powerful for sorting through the sign in logs, and Grafana is great for making the results look good.
I’ve also spent a bit of time working on the website this week, as is expected with any new venture. I’ve restructured the menu - I’ve decided to move away from a dedicated ethical hacking tag to a more general cyber security tag. This isn’t to say that I won’t be doing ethical hacking posts because I will, just that at the moment, and given there is limited content on here, it makes more sense to have a catch all tag rather than a specific one. I will be creating more tags over time, and will create some sort of index for people to find relevant posts once there is enough content to warrant it.
Which brings me nicely onto the drama I had getting search to work this week! For some reason, possibly that I’m using Publii on Linux, I did not have the default search plugin. I tried reinstalling, downgrading, swearing - it simply wasn’t there.
I did try the Google search plugin, but I do want to keep as much on the site as possible and not send too much data elsewhere (I am using Google Analytics; more on that in a bit). Eventually I found a search plugin online that queries the feeds.json file and returns results from there and I managed to get that working.
I appreciate the code is old but I don’t think I need anything further at the moment. It would be nice to have a proper index for the search to reference. Maybe I’ll get into writing Publii plugins!
There are things I really like about Publii so far. The CMS on the desktop is great; simple and intuitive. I don’t want a massive admin overhead for this site, I just want to be able to write posts and publish them easily and Publii is perfect for that. I suspect that if I need more features and flexibility in the future I might have to look elsewhere but for now, Publii is pretty solid.
As I said earlier, I am using Google Analytics. As it’s a new site, I want to be able to see reliably how many visitors are hitting the site, what they’re looking at. Nothing personal is collected. I am new to this and Google Analytics is the quickest, easiest way to get those metrics. When I have some time, I will do some proper research into how to track site metrics without client side scripting, so I can hopefully remove Google, and the cookie banner with it.
I have also signed up for Twitter, which you will see at the bottom of that page and on posts. I am literally using it just as a way to get posts out there. I have signed up for BlueSky as well (cipherjournal.bsky.social) but Publii doesn’t have native links for that yet so I haven’t added it in. Of the two, I’m more likely to be active on BlueSky.
Anyway, that’s enough for one post. I’m off to order some YubiKeys!