2026
-
AI, jailbreaks, and 150GB of unanswered questions
A hacker allegedly jailbroke Claude to hack Mexican government agencies, but key details remain unverified. Plus Claude Code and Copilot vulns, and Chinese AI firms stealing Anthropic's model.
-
The threat model that made me sandbox my AI agents
AI coding agents have shell access to your machine. I mapped out the threats before letting one touch my code, then built Claudecker to contain them.
-
Your AI Assistant Might Be Working for Someone Else
Copilot and Grok repurposed as C2 channels, Cline supply chain attack installed AI agents on 4,000 dev machines, and AI found 12 zero-days in OpenSSL.
-
AI Agents Under Attack
AI security roundup: Claude finds 500+ vulns in open-source libs, LLMs conduct autonomous network breaches, and AI agent attack surfaces keep expanding.
-
Building a session retrospective skill for Claude Code
A Claude Code skill that reads the session JSONL history and generates a human-readable markdown retrospective covering problems, decisions, and key takeaways.
-
Developer Tools Are the New Attack Surface
VS Code AI extensions with 1.5M installs stealing source code, 175K Ollama servers exposed globally, and AI running autonomous multi-stage network attacks.
-
Running AI agents in a box because I don't trust them
Claudecker is my Docker wrapper for Claude Code that isolates AI agents from my host with network lockdown, per-project custom images, and SSH agent forwarding.
2023
-
Classifying More With Less: New VGL4NT Update
How I doubled VGL4NT's malware packer classification capacity without extra GPU by using task decomposition to run multiple specialized models in parallel.
-
Classifying Malware Packers Using Machine Learning
How I built VGL4NT, a machine learning classifier that identifies malware packers like UPX, Themida, and MPRESS with 94% accuracy using image-based ML models.
-
Adding Automation to Blue-Jupyter Malware Notebook
Automating malware sample discovery with a Jupyter notebook that downloads from Malware Bazaar and runs Capa capability analysis on each sample automatically.
2022
-
Malware sandbox evasion in x64 assembly by checking ram size - Part 2
Implementing sandbox evasion via GlobalMemoryStatusEx in x64 assembly, including how to manually calculate C struct sizes and pass pointers on the stack.
-
Malware sandbox evasion in x64 assembly by checking ram size - Part 1
Implementing the malware sandbox evasion technique of checking RAM size using GetPhysicallyInstalledSystemMemory, converted from C to x64 Windows assembly.
-
Talking about Mitre's Malware Behavior Catalog
An overview of MITRE's Malware Behavior Catalog (MBC) framework and MBCScan, a command-line tool I built to surface MBC behaviors from Capa scan results.
-
String anti-virus evasion in x64 assembly (Part 2)
How to hide API call strings from antivirus detection using LoadLibrary and GetProcAddress for runtime DLL loading, with a full x64 assembly implementation.
-
String anti-virus evasion in x64 assembly (Part 1)
How to hide strings from antivirus detection by placing them on the stack instead of the .data segment, demonstrated in C and x64 Windows assembly.
-
Converting a malware dropper to x64 assembly
Practical lessons from converting a C malware dropper to x64 Windows assembly, covering shadow spaces, calling conventions, and memory segments.
2021
-
Cyber Corp Case 2 Writeup - Part 3
CyberCorp Case 2 part 3 — certutil download, LSASS dumping, WMI lateral movement to a domain controller, and tracking the second reverse shell C2 address.
-
Cyber Corp Case 2 Writeup - Part 2
CyberCorp Case 2 part 2 — decoding a base64 gzipped registry payload, tracing PID spoofing in PowerShell, and identifying the reverse shell C2 IP.
-
Cyber Corp Case 2 Writeup - Part 1
CyberCorp Case 2 threat hunting walkthrough — tracking WMI persistence, a malicious Word document, and a hidden iexproxy.dll download technique in Kibana.
-
New Tool Preview: vATT&CK
vATT&CK is a visual relationship mapper for MITRE ATT&CK that shows linked malware, threat groups, mitigations, and subtechniques in a single interactive graph.
-
IOLI Crackme 0x04
IOLI Crackme 0x04 walkthrough — the password is any digits that sum to 15, revealed by tracing sscanf-based accumulation through static analysis in IDA.
-
Building my Virtual Cybersecurity Home Lab
How I built a virtual cybersecurity home lab with pfSense, Metasploitable, Kali, Splunk, Snort, and a dedicated malware analysis network using Remnux.
-
Making a RAT
Building RATwurst, a RAT in C and Python, with runtime DLL loading, socket comms, anti-sandbox checks, and basic AV evasion — for educational purposes only.
-
Finding phished passwords on a scam site
How I found a publicly accessible victims.txt file storing phished Facebook credentials on a 000webhost server and what happened when I reported it.
-
Emprisa Maldoc Writeup
Writeup for the Emprisa Maldoc CTF — analyzing a CVE-2017-18822 exploit using rtfdump, speakeasy shellcode emulation, and EQNEDT32 process debugging.
-
Investigating an FB phishing site
OSINT into a Facebook phishing campaign spreading via friend-tagging — separate hosting domains, Vietnamese code traces, and possible Phishing-as-a-Service.
-
The Emprisa Maldoc Challenge
How I turned a real-world malicious document exploit into the Emprisa Maldoc CTF on CyberDefenders — 14 questions targeting intermediate maldoc analysts.
-
IOLI Crackme 0x03
IOLI Crackme 0x03 walkthrough — reverse engineering a Caesar-style cipher that shifts each character by 3 to decode garbled success and failure strings.
-
Maldoc101 Writeup (Part 2)
Continuing the Maldoc101 malware analysis — decoding obfuscated VBA string concatenation to reveal WMI class references used for process execution.
-
Maldoc101 Writeup (Part 1)
Step-by-step maldoc analysis of the Maldoc101 challenge using oledump and olevba — deobfuscating VBA macros and tracing the WMI process execution chain.
-
IOLI Crackme 0x02
IOLI Crackme 0x02 walkthrough — computing the password via static analysis of x86 arithmetic, then confirming with dynamic analysis by stepping through IDA.
-
Introducing shcode2exe
shcode2exe converts raw shellcode blobs or strings into debuggable executables targeting 32 or 64-bit Windows, with no Wine dependency when running on Linux.
-
IOLI Crackme 0x01
IOLI Crackme 0x01 walkthrough — converting hex to decimal to find the password, plus a closer look at how arguments are passed to functions in x86 assembly.
-
IOLI Crackme 0x00
IOLI Crackme 0x00 walkthrough — finding the hardcoded password in IDA Pro and patching the binary to accept any input by changing a jz opcode to jmp.
2020
-
Hunt the Kingdom CTF Challenge
How I won the GuideM Hunt the Kingdom blue team CTF — strategy, preparation, and the high-stakes final minutes that came down to four unsolved questions.
-
My experience with manufacturing printed circuit boards
First-time experience ordering custom PCBs from PCBWay using the ESPBoy gerber files — the process, quality, and what comes next for future board designs.
-
CovidScammers writeup (Defcon RTV CTF)
Defcon RTV CTF writeup — reversing a Linux malware binary, bypassing ptrace anti-debugging, and recovering flags from shared memory and rootkit files.
-
Study notes: MAC Spoofing
Study notes on MAC spoofing — what it is, legitimate versus illegitimate uses, and how to change your MAC address using ifconfig or macchanger on Linux.
-
Chicken-Scheme FFI Examples
Practical Chicken Scheme FFI examples covering foreign-lambda, struct accessors, inline C code, memory management, and enum bindings for C interop.
-
#5 - Switching from C/C++ to C
Dropping C++ from my custom game engine in favor of pure C, and the cross-platform bugs that surfaced when C++ features I didn't notice were being used.
-
#4 - Following Lispy conventions
Applying Scheme naming conventions (?, !, %, *) to a game engine's scripting API and how it improved code readability with minimal effort.
-
#3 - Rebel Game Engine now works on different platforms
Getting a custom C game engine to build on Linux, Windows, and macOS with one Makefile — lessons from cross-platform debugging and using Msys2 on Windows.
-
#2 - Implemented basic Scheme scripting for Rebel Game Engine
Adding Chicken Scheme scripting to a C game engine — switching to a functional design, wiring up the FFI, and navigating garbage collector memory management.
-
#1 - Thinking of adding Lisp to my custom game engine
Exploring Chibi-Scheme as a scripting layer for a custom C game engine, and why adding Lisp scripting means rethinking the object-oriented architecture.
-
Making Unity beep after scripts finish reloading
A Unity editor script that plays an audible beep when script reloading finishes, so you can look away from the screen instead of watching the progress spinner.
2018
-
Opening Unity Script Files in Emacs
How to open Unity script files in Emacs with correct line numbers using the OnOpenAssetAttribute callback and emacsclient.
2017
-
Chef Wars Postmortem -- What Went Right: Risk Adjusted Technical Estimates
A risk-adjusted estimation system that pairs time estimates with confidence levels to produce reliable schedules — used to ship Chef Wars on time.
-
Chef Wars Postmortem -- What went wrong: Optimizing too early and too late
Lessons from Chef Wars on premature optimization: why asking WHAT and HOW to optimize matters more than asking WHEN, after making both mistakes in production.
-
Chef Wars Postmortem -- What went right: Having a Universe File
How keeping all Chef Wars game data in a single "Universe" spreadsheet made prototyping, iteration, and live patching faster across two years of development.
-
Temp Solution For When Text Copying Does Not Work in Emacs Under Windows Subsytem for Linux
A quick Emacs Lisp fix for clipboard copy not working from WSL to Windows applications, using clip.exe as a workaround via the simpleclip package.
-
Converting org-journal entry to org-page post
An Emacs Lisp function that converts an org-journal entry at point into a new org-page blog post, avoiding manual copy-paste between buffers.
-
Converting org-journal entry to org-page post
A short Emacs Lisp function to minify buffer contents by stripping all whitespace and newlines, useful for compacting JSON files.