detection engineering
24 posts
OpenCV 5.0 made adversarial perturbations transferable
OpenCV 5's bit-exact numerics and expanded encoder control shrink the attacker's modelling error against deepfake detectors. The exposure is structural.
Sixty-three days to patch a forked parser
Technical breakdown of the FrontierOS RCE: a forked XML parser, an unpatched two-year-old CVE, and the fork-tracking failure that shipped it.
CVE-2024-3400 shipped exploited before the advisory
Why the gap between CVE disclosure and production detection is structural - and where attackers operate inside it.
The integration is the attack surface
Pentagon raised Israeli collection risk to top tier. The technical exposure is supply chain privilege inherited from vendor software, not espionage.
The .docx in your webmail preview pane
Browser-side OOXML rendering converts trusted document parsers into renderer-context exploit primitives. The detection stack does not see the boundary cross.
Thirty years of weaponizing fork-exec
fork+exec inherits file descriptors, environment, and capabilities by default. That inheritance is the bug class behind Shellshock, runc CVE-2019-5736, and Symbiote.
Spanish police flagged GrapheneOS as suspicion
Authorities treating GrapheneOS as a targeting signal inverts threat intel logic and exposes the wrong population to scrutiny. The mechanism breakdown.
340 million records, unverified seller
Technical analysis of plausible attack vectors behind the claimed OnlyFans 340M record leak, with detection signatures for each path.
Your AI security tool blocks nothing
A red team operator's breakdown of why AI cybersecurity tools are sold as controls but function as telemetry with a verdict attached.
Harvard.edu among 141 hosts serving ClickFix lures
Technical analysis of the campaign that weaponised harvard.edu and 140 other legitimate sites - entry vectors, TDS chain, MITRE mapping, EDR telemetry.
Megalodon hijacked 55,000 GitHub repos via token replay
Megalodon compromised 55,000+ GitHub repositories through PAT harvesting, pull_request_target abuse, and OAuth scope inheritance. Technical breakdown.
Your valid credentials are the breach.
Technical analysis of a coordinated GitHub Actions workflow compromise across 5,561 repositories, with detection guidance for audit log and EDR telemetry.