Most Recent Experiments
How This Architecture Is Defined By the Next Decade of Security - 9 April 2025
GPU Budgets, Global Models, and Real-Time Risk Scoring Infra Deep Dive - 8 April 2025
⚖️ Can You Trust an AI to Contain a Threat? Legal and Privacy Teams Say Maybe - 7 April 2025
🧬 From Static Rules to Self-Improving Response Playbooks - 6 April 2025
No Schema? No Problem. Let AI Handle Your Security Data Onboarding - 5 April 2025
🔁 Build Once. Learn Always. Inside the Autonomous Detection & Response Loop - 4 April 2025
⚡ What Makes Energy-Based Models So Effective for Anomaly Detection? - 3 April 2025
🧱 Why Security Operations Can’t Scale Without Automation - 2 April 2025
2023
December 2023
Embracing the Cyber Age- The Art of Adaptability in Security Engineering - 6 December 2023
November 2023
Securing the Digital Frontier- The Essential Role of Education in Tech Literacy and Security Awareness - 27 November 2023
The Tightrope Walk- Balancing Security Engineering and Privacy in the Tech World - 23 November 2023
Embracing Decentralization- The Future of Democratic Oversight and Security Engineering - 21 November 2023
Annabel's Cypherpunk Manifesto - 8 November 2023
March 2023
2023 update to 2021 White House Cybersecurity Executive Order - 31 March 2023
February 2023
Striking the Right Balance- Innovation and Regulation in Security Engineering - 8 February 2023
2020
December 2020
Intel Sharing Metrics - 16 December 2020
February 2020
Failure to meet operational excellence - 16 February 2020
2019
November 2019
Sometimes escalating privileges is that easy - 29 November 2019
September 2019
Kubernetes CI / CD And Monitoring Pipelines - 17 September 2019
July 2019
Kubernetes Pods (PodSec policies) - 26 July 2019
Kubernetes Containers - 25 July 2019
Kubernetes Networks - CNI - 24 July 2019
Kubernetes Master Node & Nodes - 24 July 2019
Kubernetes Scheduler - 23 July 2019
Kubernetes Information Security Practices - 16 July 2019
What is a modern, dynamic service and its' building blocks? - 13 July 2019
Nginx exploit writing weekend - 11 July 2019
Kubernetes Basics - 5 July 2019
June 2019
What does it take to break into a Cloud Service? - 29 June 2019
March 2019
When your SIEM models are not enough - 6 March 2019
January 2019
OSX First Responder - Threat Artifact Gathering - 12 January 2019
2018
November 2018
Memory Safety Code Review - 30 November 2018
September 2018
Solving 90% of application security defects with a proven technique - 8 September 2018
Data Controls Code Review - 8 September 2018
Binding Parameters - 7 September 2018
Overly Simplistic Crypto Code review - 5 September 2018
July 2018
For those who wonder what a Digital authentication cyber arms race looks like - 11 July 2018
April 2018
First 100 Days - 30 April 2018
January 2018
The pending crypto singularity - 16 January 2018
2017
October 2017
Creating a Loki Splunk application - 10 October 2017
September 2017
Serious XSS affecting Wikipedia - 8 September 2017
Defense Against the Dark Arts - 7 September 2017
April 2017
Walking the Dark Deep Web - 5 April 2017
2016
August 2016
DARPA Cyber Grand Challenge era coming to a close - 15 August 2016
March 2016
Multiple vulnerabilities in SecurityOnion - 22 March 2016
Relatively Free - 22 March 2016
February 2016
Ransomware hitting linux hosting providers - 19 February 2016
2015
November 2015
DARPA Cyber Grand Challenge dropbox - 15 November 2015
August 2015
Hotpatch Redis's RCE - 16 August 2015
July 2015
Ingenious CTF dashboard - 11 July 2015
Destroy a City - secure code review - 2 July 2015
June 2015
Social Engineering Confirmation Bias workflow - 14 June 2015
Redis RCE - 14 June 2015
ElasticSearch honeypot dataset - 10 June 2015
May 2015
Ghcq Challenge Completed - 18 May 2015
April 2015
Impressive Node.JS vulnerability reduction - 21 April 2015
Need help figuring out a Snapchat username? I have your back. - 15 April 2015
Yet another nail in SSL TLS 's coffin - 14 April 2015
Technical Approaches to Determining if an Incident Occurred - 2 April 2015
March 2015
Open Source Fairy Dust Datasets - 20 March 2015
Checkbox AWS assurance testing? - 20 March 2015
2014
December 2014
LDAP Tool Box vulnerabilities - 1 December 2014
June 2014
How to sell a story - Ira Glass - 27 June 2014
April 2014
Please donate to a worthy crypto security cause - 15 April 2014
Bug Age - Pattern series - 7 April 2014
March 2014
Chrome's V8 double free vulnerability - 7 March 2014
2013
November 2013
NodeJS vulnerabilities - it hurts to look - 12 November 2013
July 2013
Google Translate - 31 July 2013
June 2013
Random thought for an exploding honey token - 27 June 2013
Carberp Vulnerabilities Cc Pie - 27 June 2013
Apache Batik parse double vulnerability - 23 June 2013
DAQ buffer overflows - 22 June 2013
Malicious mobile power station - 5 June 2013
Startup Comp Structure - 5 June 2013
Lazy AWS devops - 4 June 2013
May 2013
Security is hard. Security Tools are harder. Cloud Security Tools are hardest. - 9 May 2013
CNN.com XSS vulnerabilities - 6 May 2013
Google Glass Developer program - more DOS and XSS - 3 May 2013
April 2013
Google Glass 0days - 19 April 2013
Evolutionary hardware - 17 April 2013
Rapid7 Google hacks extended - 11 April 2013
2012
December 2012
Nifty Anti-XSS validation tool - Snuck - 5 December 2012
October 2012
Firesale WebPanel botnet 0days - 10 October 2012
ERM - How did WOPR decide the only winning move is not to play? - 2 October 2012
September 2012
DPAPI still applicable? - 26 September 2012
August 2012
Security quotes - 2 August 2012
July 2012
Management Wednesday- BPM Modeling - not charts anymore - 15 July 2012
June 2012
Microsoft revokes Microsoft's certificate - 25 June 2012
May 2012
Gribodemon on SpyEye 2.x - I expected better - 29 May 2012
Airing one's dirty development laundry - You are doing it wrong - 26 May 2012
Bitcoins are hard to track - 23 May 2012
Sad reality - 22 May 2012
Management Wednesday- BPM scoping - 17 May 2012
PHP - two simple wins and a hammer - 15 May 2012
Meltdown exploits - 2 May 2012
April 2012
Management Wednesday- BPM isn’t beats per minute. - 20 April 2012
Management Wednesday - Negotation - 7 April 2012
2011
April 2011
Web Application Security Dojo 'grams - 2 April 2011