Blog
Technical analysis, threat research, reflections, and thoughts on the evolving cybersecurity landscape.
The Evolution of Social Engineering: Weaponizing Web Lures Against Agentic AI
How cybercriminals are adapting SocGholish and ClickFix campaigns to target autonomous AI agents through Indirect Prompt Injection, agent fingerprinting, and the Parallel-Poisoned Web.
March 2026 GenAIBuilding an MCP Server for Malware Traffic Analysis
How I built a natural language interface connecting Fiddler traffic capture to Gemini LLM using the Model Context Protocol.
March 2026 GenAIDetecting AI Prompt Injection in the Wild
Building 28 EKFiddle rules and 82 UrlScan queries to detect indirect prompt injection, AI ClickFix, and credential exfiltration targeting autonomous AI agents.
March 2026 GenAICognitive Induction Prompting
Reverse-engineering the 5-step LLM generation pipeline to transform prompting from guesswork into deliberate probability steering.
March 2026From EKFiddle to YARA: Building a Detection Rule Pipeline
The workflow behind converting regex-based web traffic rules into YARA signatures for sandbox deployment.
Coming SoonShadow AI on Enterprise Networks: Detection and Hunting
Writing CrowdStrike LogScale and Splunk queries to detect unauthorized LLM usage, AI coding assistants, and GenAI misuse.
Coming SoonSupply Chain Attacks: Hash Auditing Across Package Repositories
Building Python tools to perform SHA256 verification across PyPI, npm, GitHub, and HuggingFace during compromise response.
Coming SoonWhy I Still Reverse Engineer in the Age of AI
Thoughts on the enduring value of manual binary analysis and why understanding the machine still matters.
Coming Soon