All Posts

• OSMAP V3 Release-Gate Foundation: Building Evidence Before Trust 2026-05-15
• Series: Browser-Safe AI Systems 2026-05-09
• Browser-Safe AI Systems, Part 01: Executive Summary 2026-05-09
• Browser-Safe AI Systems, Part 02: Why Browser-Safe AI Systems Matter Now 2026-05-09
• Browser-Safe AI Systems, Part 03: From Browser Isolation to AI-Assisted Browser Defense 2026-05-09
• Browser-Safe AI Systems, Part 04: What the SafeBreach Gemini Calendar Research Demonstrates 2026-05-09
• Browser-Safe AI Systems, Part 05: Why This Research Applies to Browser-Safe AI Systems 2026-05-09
• Browser-Safe AI Systems, Part 06: The Core Risk: Untrusted Web Content Entering an AI Context 2026-05-09
• Browser-Safe AI Systems, Part 07: Defining Poison Packets for Browser AI 2026-05-09
• Browser-Safe AI Systems, Part 08: Practical Attack Classes Against AI-Backed Browser Security 2026-05-09
• Browser-Safe AI Systems, Part 09: Indirect Prompt Injection Through Web Pages 2026-05-09
• Browser-Safe AI Systems, Part 10: Hostile DOM, Hidden Text, and Metadata Manipulation 2026-05-09
• Browser-Safe AI Systems, Part 11: Screenshot-Based Prompt Injection and Visual Deception 2026-05-09
• Browser-Safe AI Systems, Part 12: DOM Versus Rendered Page Mismatch 2026-05-09
• Browser-Safe AI Systems, Part 13: QR Phishing, Brand Impersonation, and Multistage Lures 2026-05-09
• Browser-Safe AI Systems, Part 14: Unicode, Homograph, and Visual Spoofing Attacks 2026-05-09
• Browser-Safe AI Systems, Part 15: Delayed Content, Region-Gated Pages, and Evasive Phishing 2026-05-09
• Browser-Safe AI Systems, Part 16: AI Verdict Manipulation and False Negative Risk 2026-05-09
• Browser-Safe AI Systems, Part 17: False Positives, Alert Fatigue, and Trust Erosion 2026-05-09
• Browser-Safe AI Systems, Part 18: Data Handling Risks: Screenshots, DOM, URLs, and User Context 2026-05-09
• Browser-Safe AI Systems, Part 19: Privacy, Retention, Redaction, and Tenant Isolation 2026-05-09
• Browser-Safe AI Systems, Part 20: Model Output Handling: Why AI Verdicts Must Be Constrained 2026-05-09
• Browser-Safe AI Systems, Part 21: Fail-Open Versus Fail-Closed Security Decisions 2026-05-09
• Browser-Safe AI Systems, Part 22: Feedback-Loop Poisoning and Exception Abuse 2026-05-09
• Browser-Safe AI Systems, Part 23: Secure Architecture Principles for Browser-Safe AI 2026-05-09
• Browser-Safe AI Systems, Part 24: Red-Team Testing Methodology for AI Browser Controls 2026-05-09
• Browser-Safe AI Systems, Part 25: Building a Practical Python Test Harness 2026-05-09
• Browser-Safe AI Systems, Part 26: Evidence Collection: What Must Be Logged and Verified 2026-05-09
• Browser-Safe AI Systems, Part 27: SOC Usefulness: Turning AI Decisions Into Actionable Evidence 2026-05-09
• Browser-Safe AI Systems, Part 28: Governance Questions for Vendors and Customers 2026-05-09
• Browser-Safe AI Systems, Part 29: Practical Recommendations for Security Teams 2026-05-09
• Browser-Safe AI Systems, Part 30: Practical Recommendations for Vendors and Developers 2026-05-09
• Browser-Safe AI Systems, Part 31: How This Research Changes Browser Security Validation 2026-05-09
• Browser-Safe AI Systems, Part 32: Conclusion: Treat AI as an Untrusted Classifier Inside a Controlled Security Pipeline 2026-05-09
• Browser-Safe AI Systems, Appendix B: Vendor Due-Diligence Questionnaire 2026-05-09
• Browser-Safe AI Systems, Appendix C: Rules of Engagement Template 2026-05-09
• Browser-Safe AI Systems, Appendix D: Glossary 2026-05-09
• Primer: Cleaning Up a Fresh Parrot OS 7.x Install Without Breaking the Desktop 2026-05-08
• OSMAP V1 Closeout, and the Hard Reality of Writing Secure Software 2026-04-14
• Introducing OSMAP, a Defensible OpenBSD Webmail Replacement 2026-03-28
• When Cloudflare Sneezes: Lessons From The November 18 Outage For Security Architects 2025-11-19
• Primer: debugging remote access under hostile ISP NAT (pivoting to IPv6 and WireGuard) 2025-11-16
• Penetration Testing Amazon's AI Ecosystem: A Practical Guide 2025-11-14
• Practical Penetration Testing Framework for AI/LLM Systems 2025-11-13
• Supply Chain Integrity for Edge Mail Infrastructure: Why a Minimal Self-Hosted Stack Matters 2025-11-10
• Migrating from iRedAdmin to PostfixAdmin on OpenBSD (MariaDB Repair + Dovecot Integration) 2025-11-08
• Zero-Cost DR Snapshots for OpenBSD iRedMail (GPG + Git LFS) 2025-10-30
• Primer: Razor2 + SpamAssassin on OpenBSD (with Amavis) — defensible mail pipeline 2025-10-29
• Primer: multi-domain dynamic DNS on Vultr (no ddclient) — hardened & audited 2025-10-24
• Brevo as an Outbound Smart Host for OpenBSD Postfix (iRedMail/Amavis) 2025-10-20
• Building an Internet-Exposed OpenBSD Server: The Authoritative Guide 2025-10-20
• Using Insomnia to Elevate API Script Development 2025-10-15
• Primer ddclient multi-domain support 2025-10-15
• Primer Effective Vulnerability Disclosure 2025-10-01
• OAuth 2.0 Protocol: Primer introductory Technical briefing 2025-09-24
• Primer: Building Secure, Compliant & Cost-Efficient Domain-Specific LLMs for Cyber-Security & Infrastructure Teams 2025-08-21
• Primer - Converting Python Applications to Go: A Strategic Advantage for Classified Environments 2025-08-20
• Primer - Intro into writing better Cobalt Strike Beacons 2025-06-18
• Primer - Bypassing Cloudflare Protection in Red Team Engagements 2025-06-18
• Enterprise Security Automation Framework: LLM-Powered CodeQL Integration for ACME Critical-Widget 2025-05-22
• Java App Security: Threat Detection, Monitoring & Automated Response 2025-05-14
• Primer - AI collaborative Faraday workflows 2025-05-14
• Cross-Environment UEBA 2025-05-14
• Primer - Privacy focused Messaging 2025-05-13
• Primer AWS WAF - Managing OWASP top 10 rules 2025-05-12
• Burp Primer - WSTG ASVS Burp Vuldb Synk 2025-05-12
• Primer - Java common mistakes 2025-05-12
• Primer - OSINT Guide 2025-05-12
• Primer - SQL common mistakes 2025-05-12
• Burp Primer - Using WSTG and DVWA for WebApp elearning 2025-05-12
• Threat Hunting Primer - Azure IOC Detection Cobalt Strike 2025-05-12
• Threat Hunting Primer - Section 1: Intro & Overview - Cloud Threat Hunting 2025-05-12
• Threat Hunting Primer - Section 2: AWS Primer - Threat Hunting Products 2025-05-12
• Threat Hunting Primer - Section 3: Azure Primer - Azure elements & KQL Deep Dive 2025-05-12
• Threat Hunting Primer - Section 4: GCP Primer -Threat Hunting w/ Google SecOps Integration 2025-05-12
• Threat Hunting Primer - Section 5: YARA Primer -YARA Rules for Cloud Threat Detection 2025-05-12
• Threat Hunting Primer - Section 6: AI-Driven Threat Intelligence Automation 2025-05-12
• Threat Hunting Primer - Section 7: Cross-Cloud Correlation Using Elastic AI 2025-05-12
• Threat Hunting Primer - Section 8: CI/CD Integration for Threat Defense 2025-05-12
• Threat Hunting Primer - Section 9: Conclusion & Next Steps 2025-05-12
• Java Secure Coding: Beyond Oracle’s Guidelines 2025-05-11
• Primer - Java Secure Coding Guide 2025-05-11
• How Not to Write Git Commit Comments 2025-05-11
• How to Work with Anyone and Get Things Done Efficiently 2025-05-11
• UltraDNS Enterprise Security first-look 2025-05-10
• CWE Top 25: Programmatic Errors That Cause Vulnerabilities in Java 2025-05-08
• Java: SAST/DAST/SCA 2025-05-06
• Elastic AI: Yara rules primer for assumed-breach 2025-05-06
• Elastic AI: Yara primer 2025-05-06
• Retool Self-Hosting Installation Guide 2025-04-17
• Course: 5-Day Healthcare Cybersecurity Boot Camp, Medical Device Security 2025-01-12
• The Zero-Trace Vault: A Fully Deniable Encryption System for Extreme Privacy 2023-11-20