Research & Experiments

A collection of my security research and experiments. Some of this work is associated with the company I work for, and some comes from independent research I do in my own time.

1. Compromised YouTube Channel Uses “Free Unlimited Claude Opus 4.8” Lure to Deploy Malware June 2026
2. RedTail Docker API Campaign Evolves: SSH-Based Payload Delivery June 2026
3. DinDoor Is Back: Fake ChatGPT and Claude Installers Show MuddyWater-Linked Payloads June 2026
4. Tales of an Ollama Honeypot (Part 3): More Traffic, More Findings June 2026
5. Tales of an Ollama Honeypot (Part 2): LLMJacking May 2026
6. Tales of an Ollama Honeypot (Part 1): Abuse Patterns May 2026
7. How Nova Rules Are Automatically Validated and Tested March 2026
8. ClawHavoc Pivot: AMOS Stealer Delivered via ClawHub Skill-Page Comments February 2026
9. Skills Meet Osquery: Introducing Osquery-helper February 2026
10. DARTS: Open Source AI Application Testing Framework September 2025
11. TwistScan: detection of malicious domains using dnstwist permutations and urlscan.io analysis May 2025
12. Exposed Fortinet Fortigate firewall interface leads to LockBit Ransomware (CVE-2024-55591) February 2025
13. Weekend Plan: Cowrie Honeypot Log Analysis December 2024
14. Automated Threat Intelligence Analysis with n8n and Security Onion August 2024