Articles
Long-form writing on tech, culture, and the edges of the internet.
March 2019 changed who reads binaries
Free disassemblers and decompilers changed who can audit binaries. The defender, attacker, and AI safety implications are now playing out in practice.
The 2021 bucket that sat open for nine years
Abandoned files, forgotten buckets, and stale subdomains are the cheapest way attackers get in. Here is how to find yours before they do.
The extension on your dock just shipped malware
A compromised VSCode extension reached GitHub. Breakdown of the trust boundary that failed and what developer endpoints actually expose.
What a $5 VPS honeypot taught me
An open-source honeypot probe database queryable via curl, HTTP, and MCP - what it catches, why it helps small defenders, and where the risks actually sit.
Your bot defenses just failed
A board-level view of how a stealth Playwright build erodes the assurance value of anti-bot and CAPTCHA controls across the business.
Baby monitors exposed one million streams
One million baby monitors and cameras were viewable by unauthorised parties. What it reveals about IoT enforcement and the owner-side blindness behind it.
CISA contractor leaked GovCloud keys to GitHub
Technical analysis of a CISA contractor's leaked AWS GovCloud admin keys on GitHub - blast radius, IAM persistence paths, CloudTrail detections, supply-chain tail.
I built Burp Suite in Rust
Technical breakdown of an open-source Burp Suite alternative - proxy core, fuzzer, scanner depth, Collaborator gap, and what it means for vuln research.
Mandiant clocked exploit window at 21 days
Mean time-to-exploit is 21 days. Vulnerability programs built on 30, 60, or 90 day SLAs are no longer enforced inside the threat window.
Microsoft Exchange zero-day hits unpatched servers
Microsoft Exchange zero-day under active exploitation. What failed, why vendor trust is a perimeter control, and what operators must do now.
Microsoft sent you a code you didn't request
An unrequested Microsoft single-use code email is evidence of external interaction with your identity surface. What it proves and what it does not.
MiniPlasma PoC hands attackers SYSTEM on Windows
Public PoC for the MiniPlasma Windows flaw yields SYSTEM execution. What the local privilege boundary failure means for endpoint control posture.