Detection-engineering walkthroughs, threat analysis, and mitigation guides. Sourced, reproducible, and defensive in scope. Four published so far - this index grows as writeups ship.
An authenticated command injection in LiteLLM's MCP preview endpoints - in CISA KEV and actively exploited - that chains with the Starlette "BadHost" bug (CVE-2026-48710) into unauthenticated RCE. The mechanism, what to log, and two runnable Sigma rules with tuning notes.
The OWASP LLM Top 10 read as a defender's checklist: why prompt injection has no patch, the "lethal trifecta" behind incidents like EchoLeak (CVE-2025-32711), what to log in LLM-integrated apps, and canary, egress, and behavioral detections you can deploy today.
The phishing class that never asks for a password and sails through MFA - illicit OAuth consent grants (MITRE ATT&CK T1528) in Entra ID, the audit-log artifacts they leave, and KQL detections with tuning notes.
How Kerberoasting (MITRE ATT&CK T1558.003) works, why RC4 service tickets give it away, and three layered Sigma detections - RC4 downgrade, request fan-out, and a honeypot SPN - with tuning and false-positive notes you can run against your own logs.
On the bench: a hands-on guide to securing tool-calling / agentic LLM apps. Want to suggest a topic or flag an error in what's published? Open an issue →