Build Log
Week 3 of building X: what broke, what changed, what I am trying next.
Notes
Build logs, deep dives, and things I learned the hard way.
I use this section as a technical notebook: experiments, wrong turns, reversals, and occasional wins.
Post templates Formats I use when writing in public
Deep Dive
A technical rabbit hole worth mapping end-to-end.
Teardown
I reverse engineered X to understand Y.
Failure Post-mortem
What failed, why it failed, and how I changed the system.
Learning Journal
Things I was wrong about this month.
TIL
Short, fast discoveries worth remembering.
Filter by topic
Featured
Representative posts
A few notes across security, systems, and engineering practice.
Feb 6, 2026 Teardown
CVE-2024-3094: The xz/liblzma Backdoor
How a multi-year social engineering campaign embedded a backdoor in xz Utils that hijacked OpenSSH authentication on Linux systems.
Dec 5, 2025 Essay
What Linux vs. Hurd Teaches Us About Leadership, Engineering, and Life
A long-form reflection on why Linux won and what that teaches about leadership, engineering, and product momentum. Practical lessons for builders who ship, iterate, and grow communities.
Nov 21, 2025 Deep Dive
10 Custom Wazuh Rules Every SOC Should Deploy
A curated set of custom Wazuh decoders and rules for the detections that built-in rules miss — with MITRE mappings and ready-to-deploy XML.
Nov 14, 2025 Build Log
When Your Kernel Panics but You Don't: Lessons from a Linux Recovery
A kernel panic recovery story and the engineering mindset that makes Linux failures fixable.
Aug 11, 2025 Deep Dive
Private AI in Your SOC: How to Run LLMs Locally
Operating LLMs locally can help analysts summarize and triage sensitive telemetry without shipping data to third-party services.
Nov 1, 2024 Deep Dive
Why is it so slow? Troubleshooting DNS, SSH
A practical workflow for isolating slow SSH sessions by separating DNS, TCP, and authentication latency.
Archive
All notes
Feb 26, 2026
Wazuh RBAC Regression After Upgrade: Why Your Admins Can't See Anything
After upgrading the Wazuh manager, OpenSearch-authenticated admins silently lose all permissions. Here is why it happens and how to fix it permanently.
Read the noteFeb 13, 2026
CVE-2014-6271: Shellshock
How a 25-year-old Bash parsing bug allowed remote code execution through environment variables, and why it took multiple patches to fix.
Read the noteJan 23, 2026
CVE-2021-44228: Log4Shell
How a message interpolation feature in Log4j turned every Java application into an unauthenticated RCE target, and what the response revealed about software supply chains.
Read the noteOct 3, 2025
The hidden cost of 'just one more exception'
Exceptions feel harmless in the moment. Over time they become the slow leak that drains security programs.
Read the noteSep 19, 2025
Productizing Infrastructure: what surprised me most
Turning infrastructure into a product is less about technology and more about clarity, ownership, and trust.
Read the noteSep 5, 2025
Security Architecture vs Security Operations: the gap that breaks teams
Security architecture defines the promises; security operations keeps them. When those two drift, the organization pays the bill.
Read the noteAug 29, 2025
Shellcode Under Constraints
Techniques for crafting exploit payloads when buffer space is limited, bad characters are abundant, and mitigations restrict your options.
Read the noteAug 22, 2025
Writing x86 Shellcode Without Null Bytes
Techniques for crafting position-independent shellcode that avoids null bytes and other bad characters.
Read the noteOct 24, 2024
Pre-commit Hooks: The Code Quality Tool You Didn't Know
Pre-commit hooks catch formatting, lint, and secret issues before code leaves a laptop, but only if they stay fast and consistent.
Read the noteOct 18, 2024
Troubleshooting Kubernetes Services
A stepwise method to debug broken Kubernetes Services by validating selectors, endpoints, DNS, and kube-proxy routing.
Read the noteJul 8, 2024
AI-Encompassing Encryption / Fully Homomorphic Encryption
Fully homomorphic encryption allows computation on encrypted data, but performance and model constraints still define where it is realistic.
Read the noteJun 14, 2024
Overcoming Challenges in Upgrading to Wazuh 4.8.0
Upgrading Wazuh 4.8.0 is mostly about compatibility, index management, and keeping agents aligned with the manager and indexer.
Build Log Security Operations
Read the note
2024
Why 'Zero Trust' fails without automation
Zero Trust is a systems promise, not a slogan. Without automation, the model collapses under its own operational weight.
Read the noteDec 29, 2023
Enhancing Security: A Guide to MFA
MFA is table stakes, but the details matter: phishing resistance, enrollment flow, recovery, and policy enforcement.
Read the noteAug 23, 2023
Verifying FIPS 140-2: OpenSSL 3
FIPS compliance with OpenSSL 3 is about enabling the FIPS provider and proving it is actually in use, not just installed.
Read the note2023
When Cybersecurity Backfires
Security controls can increase risk when they create downtime, lockouts, or perverse incentives. Design needs operational reality.
Read the note
No notes match the selected topic.