blog.cdoherty.co.ukImmich Deployment on Windows Server Using Docker, WSL, and SMB-Based Persistent StorageIntroduction. Self-hosting applications on Windows servers can be deceptively complex when persistence, security, and reliability are required. This becomes especially true when deploying Linux-first 3h ago·15 min read
blog.cdoherty.co.ukClickFix Forensics: Proving Execution Beyond the BrowserThe Attack Explained. ClickFix, sometimes described as “fake CAPTCHA” execution, is a social engineering technique where the attacker deliberately moves the critical step of the intrusion onto the user. Instead of exploiting a vulnerability automatic...Dec 21, 2025·7 min read
blog.cdoherty.co.ukLAPS: The Local Administrator Password Solution For Windows Devices In Entra ID.Overview. Prerequisites. Join types. LAPS is only supported on: Microsoft Entra joined devices. Microsoft Entra hybrid joined devices. Microsoft Entra registered devices are not supported. License requirements. LAPS is available to all customers ...Nov 30, 2025·2 min read
blog.cdoherty.co.ukSOC Casefile: Microsoft 365 Account Compromise Investigation.Introduction. A SOC investigation following a compromised user typically takes between 45 minutes and 3 hours, depending on the volume of user activity, the quality of available audit data, the complexity of the attacker’s behaviour and whether any s...Nov 30, 2025·1 min read
blog.cdoherty.co.ukDeploying Level RMM Using A Microsoft Intune Platform Script.Overview. Level is a lightweight remote monitoring and management platform for Windows devices. It can be deployed manually, although most organisations prefer to automate installation through device management tooling. This article explains how to d...Nov 30, 2025·3 min read
