Archive
2026
- Threat-Modeling an LLM Feature for a Regulated Client: A Methodologythreat-modeling llm-security dora nis2 ai-governance regulated-finance
- The One LLM Security Pattern That Covers Most of the Othersllm-security ai-security agentic-ai architecture prompt-injection human-in-the-loop
- Behavioural Detection Without Drowning in False Positivesdetection-engineering soc false-positives roc-curve kill-chain ueba
- Responder: Listening to What a Network Tells You by Accidentresponder offensive-tools network-attacks credentials pentesting llmnr
- The DGX Spark and the Case for Local LLM Inference in Security Workdgx-spark gb10 lenovo-pgx local-llm self-hosted-ai data-sovereignty hardware
- Reading Nmap Like a Defender Reads Logs: Beyond -sVnmap kali-linux reconnaissance pentesting scanning
- Multi-Turn LLM Attacks: A SOC Analyst’s Mental Modelllm-security detection-engineering threat-modeling ai-security owasp-llm
- Metasploit in Real Work: Framework First, Exploits Secondmetasploit offensive-tools exploitation pentesting post-exploitation
- Running Local LLMs for Security Worklocal-llm self-hosted-ai ollama data-sovereignty security regulated-finance
- The Pyramid of Pain, Applied: How Threat Intel Should Reorder Your Detectionscti threat-intelligence pyramid-of-pain detection-engineering ttps soc
- Impacket: The Library That Speaks Windows Protocols Fluentlyimpacket offensive-tools active-directory windows-protocols lateral-movement pentesting
- The OWASP LLM Top 10, for Someone Who Has to Defend a Real Deploymentowasp llm-security ai-security threat-modeling defenders prompt-injection
- Your SIEM Is Only as Good as Its Worst-Onboarded Log Sourcesiem log-management detection-engineering data-quality soc
- Nuclei: Templated Scanning That Scales Without Becoming Noisenuclei offensive-tools vulnerability-scanning automation templates pentesting
- Detections Are Code: Version Control, Validation, and the Purple-Team Loopdetection-as-code purple-team detection-engineering ci-cd atomic-red-team soc
- Burp Suite Where It Earns Its Keep: Beyond Proxy-and-Repeaterburp-suite offensive-tools web-application-security pentesting appsec
- OSINT: Why the Most Valuable Reconnaissance Touches Nothingosint reconnaissance cybersecurity threat-intelligence attack-surface
- Prompt Injection vs. Jailbreaking: They’re Not the Same Threatprompt-injection jailbreaking llm-security ai-security threat-modeling
- Reading the Source: Why ePrint and Research Sites Matter in Securityresearch cryptography iacr-eprint academic-research cybersecurity primary-sources
- One Bag, Two Roles: A Travel System for Consulting and Film Photographyone-bag travel minimalism film-photography consulting edc
- The Case for Minimalism and the Command Line in Security Workminimalism command-line cli workflow security tooling
- QRadar to Defender: A Bilingual Detection Engineer’s Field Notesqradar microsoft-defender kql aql siem detection-engineering
- Defender XDR: Why the Unified Incident Is the Whole Pointmicrosoft-defender defender-xdr incident-correlation malware-detection m365 soc
- Rust in Cybersecurity: Where Memory Safety Actually Changes the Gamerust cybersecurity memory-safety tooling secure-development
- Building an Air-Gapped Proxmox Lab for OSCP Prep and Detection Engineeringinfrastructure proxmox oscp detection-engineering
- BloodHound: Seeing Active Directory the Way an Attacker Doesbloodhound offensive-tools active-directory attack-paths pentesting
- A Reproducible Pentest Workstation: NixOS Instead of a Kali VMnixos pentesting kali-linux reproducibility workstation tooling
- Self-Hosting a Security Stack in Regulated Finance: What’s Actually Defensibleself-hosting homelab data-residency dora eu-sovereignty architecture
- sqlmap: Powerful, Dangerous, and Usually Used Wrongsqlmap offensive-tools sql-injection web-application-security pentesting
- NixOS as a Security Posture: Why Declarative and Reproducible Is a Controlnixos declarative-config reproducibility security infrastructure-as-code
- Phishing Takedown: The Operational Realityphishing takedown abuse-handling automation rdap human-in-the-loop
- Alert Fatigue Is a Design Failure, Not an Analyst Failuresiem alert-fatigue soc detection-engineering triage alerting
- ffuf: Fuzzing as Reconnaissance, Not Brute Forceffuf offensive-tools fuzzing web-enumeration pentesting
- Microsoft Defender for Office 365 and Phishing: What the Layers Actually Domicrosoft-defender office-365 phishing email-security anti-phishing m365
- Why My LinkedIn Is a Static Business Cardcontent-strategy owned-platform linkedin personal-brand blogging consulting
- Python in Cybersecurity: The Glue Language That Runs the Fieldpython cybersecurity automation tooling scripting
- Running 5K Every Day: What a Daily Run Actually Doesrunning fitness wellbeing habit discipline health
- DORA & NIS2 Are Detection-Engineering Problems, Not Paperworkdora nis2 compliance detection-engineering soc regulated-finance
- Hashcat: Password Cracking as Intelligence, Not Just Recoveryhashcat offensive-tools password-cracking credentials pentesting
- Kali Is a Toolbox, Not a Methodologykali-linux pentesting methodology oscp offensive-security
- Why Build Your Own Security Tools When Everything Already Existstooling security-tools build-vs-buy automation craftsmanship
- Nmap in Real Engagements: The Five Scans That Actually Matternmap offensive-tools reconnaissance pentesting scanning
- Hello, World — and What This Blog Is Formeta detection-engineering compliance