No IT. No Docs. No Idea.

New year, total disaster. On January 1st, a promising Thai startup woke up to find its entire digital presence—website and app—dead. Not a single user could log in. The real punchline? There wasn’t a single IT person left in the company. Six months before, their IT manager quit. The core system had been built by an outsource team a year prior, with zero documentation, no ToR, no high-level diagrams, nothing. The downsizing wiped out any tech knowledge, any credentials, and any hope of a smooth recovery. When the outage hit, the management didn’t even know what language their backend used, what cloud provider hosted them, or where the code was. The startup was officially blind, lost in their own tech stack. Calls went out to software houses and every freelance dev they knew. Nobody wanted to touch it. Too risky, too messy, no information. Days passed. Customers left. Business froze. Hope faded. Nine days later, I—an independent software engineer—walked in, handed only a company laptop and the phone number of the CEO. No passwords, no system map, not even a clue. All I had was browser DevTools, Burp Suite, and a vague sense of curiosity. Time to start the digital autopsy...

Investigation Steps

• IT manager quit 6 months before the crisis.
• System built by outsource. No ToR. No docs. No architecture diagrams.
• No one in the company knew what tech or cloud was in use.
• January 1: Both website and app went offline. Zero access.
• All rescue attempts failed. No team dared to help.
• Nine days of total business freeze before anyone could even start troubleshooting.

Hunting for a Pulse in a Dead System

With no credentials, no handover, and no map, the only way forward was digital forensics. I started by firing up F12 DevTools and Burp Suite, tracking network requests from the frontend just to figure out where the system was deployed. Piece by piece, scraping whatever IPs, endpoints, or cloud hints I could find, I began to reconstruct what the company no longer remembered about itself. The game was simple: guess, probe, document—repeat. Failure wasn’t an option. The clock was ticking, and the startup’s survival depended on brute-force curiosity and pure stubbornness.

Investigation Steps

• Started from scratch—no passwords, no accounts, no system diagram.
• Used browser DevTools to scan for active endpoints.
• Used Burp Suite to intercept and map network calls.
• Tracked down cloud footprints and guessed infra layout from IPs.
• Reverse engineered what the company once built, but completely forgot.

Nothing But Errors

The only access I could get was through a half-broken VM running Docker. Once inside, there were logs—just not the kind you want: endless syntax errors. Nothing pointed to what broke. Was it their code, a 3rd party, or something deeper?

Investigation Steps

• Gained access to a VM running Docker and Nginx.
• Checked logs—found only repeated syntax errors.
• No traces of system-related errors.
• Couldn't tell if requests from Nginx were reaching the app.
• Still no documentation or reliable error trails.
• Needed to find a deeper root cause.

No One Knew Who Owned SSL

Contacted every possible person—no one knew where the last SSL cert came from, or who had access. Had to generate a new CSR, coordinate with the bank and a new provider, and rebuild the trust chain from scratch. Eventually, the system came back to life.

Investigation Steps

• Tracked down SSL certificate provider (after much chaos).
• Discovered no one submitted a CSR before.
• Generated a new CSR and requested a new certificate.
• Installed and configured SSL on the system.
• Finally restored payment gateway connectivity.
• Set up monitoring for SSL expiry going forward.