Debian-first defensive walkthroughs organized by attack type, suspicious behavior, and practical response workflow.
Detect & Defend is a practical library of Debian-based defensive guides built around real attack patterns, suspicious behavior, and common exposure points. Each guide focuses on what to look for, how to contain it, how to recover safely, and how to reduce future risk.
The goal is simple: if something suspicious shows up on a Debian-based system, this section should help explain what it is and what to do next.
These walkthroughs are written for Debian-based systems using common defaults such as systemd, UFW, and standard log locations.
If your setup differs, such as Docker, a different web server, or custom logging, use the commands as a reference and adjust paths or services accordingly.
The goal is to help you understand what to look for and what actions to take, not lock you into one exact configuration.
Manual Debian-based approaches come first. Optional tools may be mentioned later only when they make the workflow easier.
This library currently contains 25 live Debian-first guides covering reconnaissance, web attack patterns, authentication abuse, denial-of-service symptoms, post-compromise indicators, and persistence-related changes.
This section is intentionally practical. It is not meant to be a dashboard or awareness blog. The focus is on real detection, containment, recovery, and system hardening using Debian-based tools.