Blog
Field notes from the trenches
Practical notes on detection, secure automation and infrastructure.
Detecting living-off-the-land binaries with Wazuh
Custom rules to detect abuse of native utilities (certutil, mshta, rundll32) without generating noise on admin endpoints.
Read article →Alert triage with LLMs without leaking sensitive data
Local redaction and enrichment pattern before sending context to a model. Compatible with n8n and open-source guardrails.
Read article →Proxmox + Tailscale: private cluster over public network
Architecture for remote nodes with encryption in transit, no public ports exposed. Failover and verified backups.
Read article →