Writing
Technical writing on security research, AI/LLM testing, cloud security, and the tools I build. No hype. Just findings and methodology.
Cheap Competence, Hostile Frontier
Why AI makes excellent security people more valuable, not less. AI commoditizes basic security skills while elevating expert judgment, but the real risk is losing the apprenticeship pipeline that builds senior talent.
I Built a Skin System for Claude Code — Here's How It Works
A customizable theming system for Claude Code with nine visual and behavioral personas. Modifies terminal colors, ASCII banners, status indicators, and personality narration styles.
Most Security Programs Test a Fraction of Their Applications. That Changes Today.
Announcing Cosmos AI-powered application security testing. How organizations can finally test entire application portfolios at scale.
The Promise and Perils of AI: Navigating Emerging Cyber Threats
Recap of the Dark Reading panel. How AI simultaneously empowers defenders and attackers. Prompt injection, deepfakes, AI-driven social engineering.
Demystifying AI and LLM Pen Testing
Critical vulnerabilities in LLM applications. RCE, API key exposure, injection in output rendering. What enterprises get wrong about AI security testing.
Get Organized Like a Villain
FIN7 used Jira, HipChat, and JabbR to coordinate attacks like an agile engineering team. What offensive security teams can learn from it.
Is Your Perimeter Inventory Leaving You Exposed? Why It's Time to Switch from IP to DNS
Modern dynamic cloud perimeters make IP-based inventories dangerously incomplete. Track internet-facing assets via DNS records instead.
How End-User Devices Get Hacked: 8 Easy Ways
The most common attack vectors cybercriminals use to compromise end-user devices. From phishing with macro-laden Office docs to drive-by downloads.
Social Engineering Defenses: Reducing The Human Element
Security awareness training is ineffective and expensive. Time to shift toward technical controls instead of relying on user behavior change.
CloudBot: A Free, Malwareless Alternative To Traditional Botnets
1,000+ cloud service accounts across 150 providers. No malware required. Free, resilient botnets built entirely from trial accounts.
Five Steps To Help Repel The 'Lulz'
Practical defensive steps against LulzSec-style attacks. Google-hack yourself, scan your own systems, and hire someone to break in.
More writing coming soon. In the meantime, check out my contributions on Bishop Fox Blog and Dark Reading.