Blog
Cybersecurity Insights, Incident Write-ups, Tooling Deep-Dives und Erfahrungen aus dem operativen Betrieb.
Wiring Microsoft Security Exposure Management Into Sentinel - Triage with Asset Criticality and Attack-Path Context
MSEM gives Sentinel something it never had: asset criticality and attack-path context per entity. Architecture, KQL patterns for incident enrichment, and the entity-matching pitfalls that quietly break them.
BlueHammer: A Defender's Perspective on the Unpatched Windows LPE
What we know about the BlueHammer zero-day, where the public exploit chain is fragile, and what blue teams can actually do today.
From Azure Sentinel Log Analytics Workspace to Data Lake - Why Now Is the Right Time
The Sentinel Data Lake Tier changes the cost equation for high-volume security logging. Architecture, migration playbook, KQL examples, and the pitfalls nobody warns you about.
LLM Hardening in Practice - What Actually Secures Agent Deployments
A technical deep-dive into securing LLM-based agent deployments against prompt injection, data exfiltration, and tool abuse. Based on real-world hardening of OpenClaw-based systems.
Building Heimdall - A Threat Intelligence MCP Server From Scratch
How I built a FastMCP-based threat intelligence toolset that integrates VirusTotal, AbuseIPDB, Shodan, and MITRE ATT&CK mapping. The messy reality of building security tools, including the bugs.