Blog
Threat research, security automation, and cybersecurity insights.
Longer-form writing on what I build and what I learn.
Infrastructure Hunting Beyond IOCs
Moving up the Pyramid of Pain — from hash-based detection to hunting adversary infrastructure through behavioral fingerprints and network patterns.
MCP Servers for Threat Intelligence Featured
How I set up Model Context Protocol servers to bridge AI assistants with threat intelligence platforms — and what I learned about tool design along the way.
What Ransomware Hunting Actually Looks Like
The daily reality of proactive ransomware hunting — from YARA triggers and VirusTotal dashboards to naming new families and building attack chains from telemetry.
Automating Inquiry Triage with AI
How I built a 9-phase AI pipeline to handle threat intelligence inquiries that used to take a week — and what it taught me about building tools from real pain points.
From OSINT to Internal Hunting
How shifting from external OSINT to internal telemetry hunting changed the way I approach threat research — and where most of my published work actually comes from.