Hard-won lessons in
software engineering
Systems, architecture, reliability, and engineering leadership — depth, relevance, and real-world trade-offs.
Recent posts
npm's supply chain is broken — the Axios attack explains why
Technical analysis of the Axios npm supply chain attack in March 2026: what happened, what the malware did, why CI/CD is the real target, and how to protect yourself.
LangGraph, CrewAI, and Agno: getting started with AI agents in Python
A practical guide to getting started with AI agents. Three frameworks, the same problem, real examples, and an honest comparison.
When AI Stops Being a Tool and Becomes an Attack Surface
When AI becomes an attack surface: prompt injection, end-to-end attack chains, at-risk architectures, and defensive actions.
Fackel: an autonomous pentest framework powered by ReAct agents
Fackel: a multi-agent pentest framework where LLMs decide strategy. Architecture walkthrough, design decisions, and lessons learned.
Device Code Phishing + Vishing: How Attackers Compromise Microsoft Entra Accounts Using Legit Login Pages
Device code phishing combined with vishing targeting Microsoft Entra: how the OAuth flow gets abused, what to monitor, and how to mitigate.
Topics
Stay up to date — subscribe via RSS