Posts

Today we’re looking at the XLMRat malware. It is a remote access trojan (hence the RAT part) built to be small, sneaky, and stupidly persistent. It typically rides in via phishing or social engineering, often disguised as something mundane, like a JPG or TXT file. It targets Windows systems and speaks fluent PowerShell. It’s popular among low-effort attackers looking for ready-made tools that still pack a punch. Especially in campaigns targeting individuals or small orgs where endpoint hygiene is weak. There’s a block with more information at the end of this post ⬇️ ...

☕️ We started with coffee, like most chats do. Black for me, cappuccino for Jimothy (he actually prefers Jim, or James). Corner terrace, Singelgracht. One of those confusing Amsterdam afternoons where the sky can’t decide – sunlight breaks through the clouds, then ducks back behind them. Just long enough to let a few leaves blow across the wet stone. Jim’s good at what he does. Senior technical manager at a mid-sized SaaS company. Knows the systems, understands the roadmap, has decent rapport with his engineers. But somewhere between the first sip and the second, he leans in and says quietly: ...

AI-assisted coding feels like magic. You type what you want, and out comes working code. (well, maybe after a few hours of setup – but still) Like all magic, though, it has a cost. And right now, that cost is mostly hidden – even as the invoices show up every month. What makes it work is a stack of expensive infrastructure: thousands of GPUs, power-hungry data centers, and cloud contracts worth billions. ...

Today we’re looking at the BlueSky ransomware, a strain of malicious software that encrypts files on a victim’s system, rendering them inaccessible until a ransom is paid. First detected in June 2022, it shares similarities with other notorious ransomware families like Conti and Babuk. BlueSky spreads through methods such as phishing emails, malicious links, and network protocols like SMB (port 445 TCP). Once inside a system, it uses advanced evasion techniques, such as hiding threads from debuggers, to avoid detection. It targets both files and processes, encrypting files with RSA encryption and adding the .bluesky extension to them while maintaining operational stability by avoiding critical system processes. ...

In software engineering, we often rely on “exponential back-off” when retrying failed network requests – a technique where each subsequent attempt is spaced out further in time to avoid overloading the system. Oddly enough, I’ve found myself applying a similar concept to human communication. As an Engineering lead, I’m frequently on the receiving end of an unrelenting stream of requests: A Slack ping about a pressing issue A pull request to review A CV from a recruiter Another CV for a completely different role A message from customer support about an urgent user complaint An escalation from the Security team A calendar invite A last-moment meeting reschedule A quick question (this one’s my favorite) All of this happens while I’m trying to carve out focused time to work on broader goals: improving team processes, ensuring teams have clear direction, and writing progress reports or strategic documentation. Even with AI-assisted tools, writing takes time – because effective communication requires tailoring the message to its audience. Tone matters. Clarity matters. Accuracy matters. ...

In this blog post, we’ll walk through a Blue Team lab challenge hosted by CyberDefenders, specifically investigating a breach scenario involving DanaBot malware. The SOC team has detected suspicious activity in the network traffic, revealing that a machine has been compromised. Sensitive company information has been stolen. Your task is to use Network Capture (PCAP) files and Threat Intelligence to investigate the incident and determine how the breach occurred. The challenge is presented by CyberDefenders (https://cyberdefenders.org) and can be found here: https://cyberdefenders.org/blueteam-ctf-challenges/danabot. ...

Remember when a five‑digit Stack Overflow score was a flex? Today that, and a vintage 2022 playbook will buy you precisely zero leverage. Yesterday’s job, tomorrow’s irrelevance Many Engineering managers still run on three rituals: Status ✨astrology✨ or endless forecasting of ticket constellations. Hours massaging burndown charts, Jira dashboards, stand‑up forecasts – cargo‑cult evidence that the sprint is “on track”. Stakeholder appeasement management: slide decks, project reviews, “quick syncs” to keep exec egos fed and legal teams comfy. People babysitting – counting story points, asking to update Jira, tolerance checks for burnout, sniffing out AI-powered overemployment. By the way, did you know of r/overemployed? However, none of those moves the product faster. Meanwhile, AI agents are quietly doing code reviews, generating boilerplate, even writing RFCs. The org chart hasn’t noticed – yet. ...

In a previous post, I looked at managing time effectively as an Engineering manager, drawing from Aviv Ben-Yosef’s insightful book, The Tech Executive Operating System. Today, let’s explore another valuable lesson from this book: how to recognize and handle impostor syndrome in the moments when it affects us most. We’re all familiar with IS − the nagging self-doubt that makes us feel undeserving of our achievements. Less than. The pervasive worry that others will “find out” we aren’t as competent as we seem. ...

When most of us hear “NIST guidelines”, our first reaction might be “another boring PDF I’ll never open again”. My first encounter with NIST Special Publication 800-190 happened when I was studying for the GIAC GCSA exam, which is focused on DevSecOps and container security. The SP 800-190 is refreshingly different. It isn’t just another checkbox compliance document – it genuinely provides practical, actionable steps to enhance container security posture. ...

Managing a homelab is all fun and games until you’re knee-deep in IP addresses, SSH keys, and trying to remember if this server was the one with Kubernetes or the one you broke last Tuesday. SSH-ing into multiple machines gets messy fast – unless you love memorizing IPs and usernames like some sort of 2000s hacker movie character. I didn’t 🤷‍♂️ So, I set out to build an SSH jumphost that keeps a list of all servers and lets me connect to any of them by simply picking a friendly name from a menu. No more mental gymnastics – let me show you how I did it. ...