detection engineering

17 posts

The dashboard pushed every critical CVE to GitHub

Technical analysis of a unified vulnerability dashboard pushed to a public GitHub repo, the scanner token blast radius, and what defenders actually see.

May 12, 2026

Article

Copy.fail has been root since 2017

Copy.fail turns an unprivileged Linux user into root via a copy_file_range credential cache flaw. Reachable since 2017. Telemetry gaps explained.

May 1, 2026

Article

Binding 65535 ports is the easy part

Architecture and evasion realities of an LLM honeypot binding all 65535 ports - TPROXY, latency tiers, fingerprint defence, and detection traps.

Apr 27, 2026

Article

Pick offense or defense

Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.

Apr 27, 2026

Article

Your MSSP is selling you blindness.

MSSPs run perimeter-era detection while attackers operate inside the identity boundary. The gap is structural, not a resourcing problem.

Apr 24, 2026