Finding Evil: When Full Automation Falls Short
So I started down the path of building an automated DFIR pipeline. As mentioned previously, SANS announced an AI Hackathon, and my original idea was to
26 May 2026 · 2 min read
read →
// latest
I don't believe in threat intel, so I built a threat intel platform
Let me get the bias out of the way first, because it shapes everything that follows. I don't hold much weight in threat intel. Most of it is stale by the time
read post →// field notes
Things I build & break
TP=4 Qwen3.5-397B on DGX Spark: From Silent Zeros to 41.5 tok/s
Or: how I spent twelve hours building a workaround for a flag that already existed I run a four-node DGX Spark cluster for local DFIR
08 May 2026 · 8 min read
read →
Building a deterministic-ish DFIR pipeline for the SANS AI hackathon
SANS recently announced their first hackathon for autonomous incident response — open to the community, build something that uses AI to figure out what the bad guys
30 Apr 2026 · 1 min read
read →
LLM Benchmarks Qwen3.6
I benchmarked 11 LLMs on a 69-scenario tool-calling test suite. Intel/Qwen3.6-35B-A3B-int4-AutoRound delivered the best overall result: a perfect
24 Apr 2026 · 6 min read
read →
Three companies, one OAuth token, and the case for sovereign AI
On 19 April 2026, Vercel disclosed a security incident. Within 48 hours, the public attack chain had resolved into something more interesting than the initial "
20 Apr 2026 · 7 min read
read →
DORA gap analysis in 2 hours — no data left the building
DORA came into force in January 2025. Financial entities across the EU are supposed to be compliant. Most aren't — at least not fully — and
10 Apr 2026 · 2 min read
read →
// security feed
full feed →Curated, attributed, dated
18 Jun 2026
f4n6
Oracle June 2026 Critical Security Patch Update Addresses 243 CVEs (CVE-2026-35273)
1. Executive summary Oracle's June 2026 Critical Security Patch Update (CSPU) addresses 243 CVEs across 245 patches in 11 product families, with
18 Jun 2026
f4n6
GentleKiller targets more than 400 security processes across 48 products
1. Executive summary ESET has disclosed a portfolio of EDR-killer tools used by the ransomware-as-a-service (RaaS) operation "Gentlemen,"
18 Jun 2026
f4n6
Crypto Clipper uses Tor and worm-like propagation for persistence and control
1. Executive summary Microsoft Threat Intelligence has documented a Windows-based cryptocurrency clipper ("CryptoBandits") active since February 2026 that propagates via malicious
18 Jun 2026
f4n6
Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the...
1. Executive summary A path traversal vulnerability (CVE-2026-55201, High severity, status: Unreviewed) has been disclosed in Evil-WinRM through version 3.9,
18 Jun 2026
f4n6
Massive password-stealing attack hits 75k Fortinet firewalls
1. Executive summary A threat actor has compiled a verified database of working credentials for approximately 75,000 Fortinet / FortiGate firewall devices spanning 21,
page 1 of 1