about

postinstall is a personal research log. The name comes from the moment right after a package manager finishes, after the installer reboots, after the vendor default configuration is in place and before anyone has started actually using the thing. That hour is where almost every documented security failure could have been prevented, and it is the hour this site is about.

Every post corresponds to a finding from a lab notebook. A finding is a control, a configuration, or a detection I studied in a VM I can rebuild from scratch, with before and after evidence and a validation method I can run again later. If it is not tested, I say so. If a control defeats one attack and not another, I say that too.

The scope is Windows, Active Directory, Linux, and Microsoft 365 security, with detection and validation as first-class parts of every hardening question. The audience is working practitioners in SMB and mid-market environments, where the tradeoffs and the tooling look different from the Fortune 500 case studies that dominate the available material.

This site and the research behind it are personal. Nothing here represents the views or work of any employer, client, or organization I am affiliated with.