- Research9 min read
velocity/1: Why TLS 1.3 + QUIC isn't enough for the post-quantum era
Harvest-now-decrypt-later attacks make today's handshakes a liability. Here's the threat model behind Project Velocity and how hybrid crypto addresses it.
read → - Notes7 min read
From Carpet PvP Practice to memory-safety research: what 79K downloads taught me
Shipping a Minecraft mod with 79K downloads and fake-player bots turns out to be a decent primer on untrusted-client / trusted-server security boundaries.
read → - Research8 min read
Anomaly detection that the SOC actually trusts
High AUC doesn't matter if analysts dismiss the alerts. Here's what a detection model actually needs to survive contact with a real security operations workflow.
read → - Methodology8 min read
Reading exploits: a practical method for understanding CVE writeups
A methodology for engineers who want to build intuition from real CVE writeups without becoming professional exploit developers or drowning in irrelevant detail.
read →