Blogs
Long form technical writing on malware analysis, reverse engineering, detection engineering, and GenAI security. Each post reflects independent personal research, independent lab work, and public source analysis.
Published
Agent Harnesses, Skills, and Tool Runtimes: The Architecture of Frontier Models
What agent harnesses, skills, MCP servers, and tool runtimes actually do, and why the harness around a frontier model now matters as much as the model itself.
Detecting AI Prompt Injection in the Wild
EKFiddle rules and urlscan.io hunting queries for IDPI, AI ClickFix lures, hidden CSS traps, and agent credential exfiltration.
The Evolution of Social Engineering: Weaponizing Web Lures Against Agentic AI
How cybercriminals are adapting SocGholish and ClickFix campaigns to target autonomous AI agents through Indirect Prompt Injection, agent fingerprinting, and the Parallel-Poisoned Web.
Building an MCP Server for Malware Traffic Analysis
How I built a natural language interface connecting Fiddler traffic capture to Gemini LLM using the Model Context Protocol.
Cognitive Induction Prompting
Reverse engineering the five step LLM generation pipeline to transform prompting from guesswork into deliberate probability steering.
In Pipeline
From EKFiddle to YARA: Building a Detection Rule Pipeline
The workflow behind converting regex-based web traffic rules into YARA signatures for sandbox deployment.
Coming soonShadow AI on Enterprise Networks: Detection and Hunting
Writing CrowdStrike LogScale and Splunk queries to detect unauthorized LLM usage, AI coding assistants, and GenAI misuse.
Coming soonSupply Chain Attacks: Hash Auditing Across Package Repositories
Building Python tools to perform SHA256 verification across PyPI, npm, GitHub, and HuggingFace during compromise response.
Coming soon