blog.johlem.net

Archive

2026

  1. Threat-Modeling an LLM Feature for a Regulated Client: A Methodologythreat-modeling llm-security dora nis2 ai-governance regulated-finance
  2. The One LLM Security Pattern That Covers Most of the Othersllm-security ai-security agentic-ai architecture prompt-injection human-in-the-loop
  3. Behavioural Detection Without Drowning in False Positivesdetection-engineering soc false-positives roc-curve kill-chain ueba
  4. Responder: Listening to What a Network Tells You by Accidentresponder offensive-tools network-attacks credentials pentesting llmnr
  5. The DGX Spark and the Case for Local LLM Inference in Security Workdgx-spark gb10 lenovo-pgx local-llm self-hosted-ai data-sovereignty hardware
  6. Reading Nmap Like a Defender Reads Logs: Beyond -sVnmap kali-linux reconnaissance pentesting scanning
  7. Multi-Turn LLM Attacks: A SOC Analyst’s Mental Modelllm-security detection-engineering threat-modeling ai-security owasp-llm
  8. Metasploit in Real Work: Framework First, Exploits Secondmetasploit offensive-tools exploitation pentesting post-exploitation
  9. Running Local LLMs for Security Worklocal-llm self-hosted-ai ollama data-sovereignty security regulated-finance
  10. The Pyramid of Pain, Applied: How Threat Intel Should Reorder Your Detectionscti threat-intelligence pyramid-of-pain detection-engineering ttps soc
  11. Impacket: The Library That Speaks Windows Protocols Fluentlyimpacket offensive-tools active-directory windows-protocols lateral-movement pentesting
  12. The OWASP LLM Top 10, for Someone Who Has to Defend a Real Deploymentowasp llm-security ai-security threat-modeling defenders prompt-injection
  13. Your SIEM Is Only as Good as Its Worst-Onboarded Log Sourcesiem log-management detection-engineering data-quality soc
  14. Nuclei: Templated Scanning That Scales Without Becoming Noisenuclei offensive-tools vulnerability-scanning automation templates pentesting
  15. Detections Are Code: Version Control, Validation, and the Purple-Team Loopdetection-as-code purple-team detection-engineering ci-cd atomic-red-team soc
  16. Burp Suite Where It Earns Its Keep: Beyond Proxy-and-Repeaterburp-suite offensive-tools web-application-security pentesting appsec
  17. OSINT: Why the Most Valuable Reconnaissance Touches Nothingosint reconnaissance cybersecurity threat-intelligence attack-surface
  18. Prompt Injection vs. Jailbreaking: They’re Not the Same Threatprompt-injection jailbreaking llm-security ai-security threat-modeling
  19. Reading the Source: Why ePrint and Research Sites Matter in Securityresearch cryptography iacr-eprint academic-research cybersecurity primary-sources
  20. One Bag, Two Roles: A Travel System for Consulting and Film Photographyone-bag travel minimalism film-photography consulting edc
  21. The Case for Minimalism and the Command Line in Security Workminimalism command-line cli workflow security tooling
  22. QRadar to Defender: A Bilingual Detection Engineer’s Field Notesqradar microsoft-defender kql aql siem detection-engineering
  23. Defender XDR: Why the Unified Incident Is the Whole Pointmicrosoft-defender defender-xdr incident-correlation malware-detection m365 soc
  24. Rust in Cybersecurity: Where Memory Safety Actually Changes the Gamerust cybersecurity memory-safety tooling secure-development
  25. Building an Air-Gapped Proxmox Lab for OSCP Prep and Detection Engineeringinfrastructure proxmox oscp detection-engineering
  26. BloodHound: Seeing Active Directory the Way an Attacker Doesbloodhound offensive-tools active-directory attack-paths pentesting
  27. A Reproducible Pentest Workstation: NixOS Instead of a Kali VMnixos pentesting kali-linux reproducibility workstation tooling
  28. Self-Hosting a Security Stack in Regulated Finance: What’s Actually Defensibleself-hosting homelab data-residency dora eu-sovereignty architecture
  29. sqlmap: Powerful, Dangerous, and Usually Used Wrongsqlmap offensive-tools sql-injection web-application-security pentesting
  30. NixOS as a Security Posture: Why Declarative and Reproducible Is a Controlnixos declarative-config reproducibility security infrastructure-as-code
  31. Phishing Takedown: The Operational Realityphishing takedown abuse-handling automation rdap human-in-the-loop
  32. Alert Fatigue Is a Design Failure, Not an Analyst Failuresiem alert-fatigue soc detection-engineering triage alerting
  33. ffuf: Fuzzing as Reconnaissance, Not Brute Forceffuf offensive-tools fuzzing web-enumeration pentesting
  34. Microsoft Defender for Office 365 and Phishing: What the Layers Actually Domicrosoft-defender office-365 phishing email-security anti-phishing m365
  35. Why My LinkedIn Is a Static Business Cardcontent-strategy owned-platform linkedin personal-brand blogging consulting
  36. Python in Cybersecurity: The Glue Language That Runs the Fieldpython cybersecurity automation tooling scripting
  37. Running 5K Every Day: What a Daily Run Actually Doesrunning fitness wellbeing habit discipline health
  38. DORA & NIS2 Are Detection-Engineering Problems, Not Paperworkdora nis2 compliance detection-engineering soc regulated-finance
  39. Hashcat: Password Cracking as Intelligence, Not Just Recoveryhashcat offensive-tools password-cracking credentials pentesting
  40. Kali Is a Toolbox, Not a Methodologykali-linux pentesting methodology oscp offensive-security
  41. Why Build Your Own Security Tools When Everything Already Existstooling security-tools build-vs-buy automation craftsmanship
  42. Nmap in Real Engagements: The Five Scans That Actually Matternmap offensive-tools reconnaissance pentesting scanning
  43. Hello, World — and What This Blog Is Formeta detection-engineering compliance