I keep this journal as a reminder that every intrusion is an opportunity: to understand adversaries better, to sharpen our defenses, and to turn hard-earned lessons into shared knowledge.
Recent Posts
-
The Phases of AI-based Cyber Threats: Welcome to the Excitement Phase
A simple four-phase model for AI-driven cyber threats—and why we're entering the Excitement Phase (with more noise than maturity).
-
Ivanti EPMM: Two Pre-Auth RCEs Under Active Exploitation (CVE-2026-1281 / CVE-2026-1340)
Two critical code injection vulnerabilities in Ivanti Endpoint Manager Mobile are being exploited in the wild — practical guidance for detection, patching, and compromise assessment.
-
Notepad++ Supply Chain Compromise: Hunting for What the IOC Lists Miss
A threat intelligence breakdown of the Notepad++ update hijack — with detection strategies that go beyond published indicators.
-
[CDF - Part 1]: Why IOC Infrastructure Fails at Scale
Any intrusion intelligence that isn't shared has near-zero value. In this framework, we learn how to build a scalable IOC disseminator.