I keep this journal as a reminder that every intrusion is an opportunity: to understand adversaries better, to sharpen our defenses, and to turn hard-earned lessons into shared knowledge.
Recent Posts
-
BlueHammer: When Defender Becomes the Attack Surface
A zero-day in Windows Defender's update mechanism turns the antivirus into a privilege escalation primitive — no patch, public PoC, and a kill chain built entirely from native Windows APIs.
-
The Phases of AI-based Cyber Threats: Welcome to the Excitement Phase
A simple four-phase model for AI-driven cyber threats—and why we're entering the Excitement Phase (with more noise than maturity).
-
Ivanti EPMM: Two Pre-Auth RCEs Under Active Exploitation (CVE-2026-1281 / CVE-2026-1340)
Two critical code injection vulnerabilities in Ivanti Endpoint Manager Mobile are being exploited in the wild — practical guidance for detection, patching, and compromise assessment.
-
Notepad++ Supply Chain Compromise: Hunting for What the IOC Lists Miss
A threat intelligence breakdown of the Notepad++ update hijack — with detection strategies that go beyond published indicators.