Hey,
Chiderah here. Welcome to the first issue of SecurityTide.
If you're reading this, you found me through the launch post, LinkedIn, or because someone forwarded you. Thank you. There's a longer post pinned at the top of the site that explains why I'm building this, but the short version is: I wanted a cybersecurity publication written by someone actually doing the work, not just summarizing other people's reporting. So I'm making it.
Here's issue one.
This week in cyber
The Sterling Bank → Remita breach is the story Western press is undercovering.
In March, a threat actor known as ByteToBreach exploited an unpatched vulnerability in Sterling Bank's systems. Standard so far. What happened next isn't standard. The attacker moved laterally and reached Remita, the platform that processes Nigeria's Treasury Single Account, federal salary payments, and revenue collections for more than a thousand government agencies. Approximately 3 terabytes of data allegedly exfiltrated. Hundreds of thousands of identity documents, employee records, transaction histories. The MD of Sterling Bank's own personal details published as proof of access.
Shortly after, Nigeria's Corporate Affairs Commission, the body that maintains the registry of every company operating in the country, confirmed unauthorized access too.
Two thoughts.
First: this is not a technology failure. It's a governance failure. The vulnerability was known and unpatched. The Sterling-to-Remita pivot worked because trusted internal networks weren't segmented from sovereign infrastructure. The Nigeria Data Protection Commission has been sitting on a related petition for nine months. None of these are exotic problems. They are the basics.
Second: this is exactly the kind of story I started SecurityTide for. When the Treasury infrastructure of Africa's most populous country gets compromised, it should not take a specialized blog to find the analysis. It should be on the front page of every cybersecurity publication. It wasn't. That gap is the beat.
I'll be writing a longer piece on this for The Field in the coming weeks. If you want it when it drops, you're already on the list.
What I'm learning: RHCSA, week of May 12
Three things tripped me up this week, sharing them in case they save you the same time.
1. systemctl vs chkconfig reflexes. If you came up on RHEL 6 or any older Linux training, your fingers still want to type chkconfig service on. RHCSA 9 is fully systemd. The command is systemctl enable --now service. The --now flag matters: it enables on boot and starts immediately. Without it you've only done half the job and the exam grader is unforgiving about that.
2. Permissions math under the gun. I know chmod 755 cold. I know chmod u+x file cold. What I did not know cold was setting setuid/setgid/sticky in numeric form under exam pressure. chmod 4755 (setuid), chmod 2755 (setgid), chmod 1755 (sticky). Practicing this until it's reflex, because the exam doesn't give you time to look it up.
3. The objectives lie about LVM. The RHCSA objectives say you need to "manage" logical volumes. What the exam actually tests is whether you can extend an existing LV, grow the filesystem on top of it, and survive a reboot with everything still mounted. The objectives version is a sentence. The exam version is a 15-minute task with three places to make a fatal mistake. I'm finding the gap between what RHCSA says it tests and what it actually tests is the real curriculum.
More notes incoming as I get closer to the exam. I'll publish a full breakdown post-exam, pass or fail.
Tool of the week: ss (and why netstat should retire)
If you still type netstat -tulpn to see what's listening on a box, I have good news for you. The replacement is shorter, faster, and shipped on every modern Linux distro: ss.
ss -tulpn
Same flags, same output shape, except ss reads directly from kernel space instead of parsing /proc/net/* files. On a busy server it's noticeably faster. On a container it works when netstat might not even be installed.
A few I use weekly:
ss -tan state established # All established TCP connections
ss -tan state listening # Everything listening
ss -tp # Show the process holding each socket
ss dst 10.0.0.5 # Filter by destination IP
netstat was deprecated years ago and most distros stopped shipping it by default. If your muscle memory is netstat, retraining to ss is one of those small upgrades that pays back forever. Five minutes of rewiring, lifetime of speed.
That's issue one.
If this was useful, forward it to one person who'd benefit. That's the only way this thing grows.
Hit reply and tell me one thing you're working on or struggling with in cyber right now. I read every reply.
See you next Saturday.
— Chiderah
SecurityTide is a publication about practical cybersecurity, written from the field. Linux. Pentesting. Certifications. The African cyber landscape.
Founded and written by Chiderah Ikocha. Based in London. Currently chasing the RHCSA.