Things I build, break, fix, and write about

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly meddling with answers. I have seen enough broken name resolution to know that a neat tunnel can still hide a messy DNS state.

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The...

7 July 2026
Reverse engineering game binaries with static analysis

Game binaries give up more than they should, if you know where to look. I start with binary analysis, not the folklore around the game, then use...

Latest blog posts you might like

18 May 2026
Reading exploit trends from ISC Stormcast

ISC Stormcast is only useful if you treat it as live signal, not background noise. I watch for repeated behaviour around the same service or exploit family, because that is what changes patch...

18 May 2026
Amazon Fire TV Stick 4K Plus and 2 more Amazon tech bargains

Discover the Amazon Fire TV Stick 4K Plus and more tech deals this week.

17 May 2026
hassh drift breaks Outlaw SSH detection

hassh drift is exactly why I do not trust one fingerprint for long; malware library updates change the banner and the hash, while the real mess sits in the commands and file writes after login. If you...

11 May 2026
Ring Outdoor Camera Battery + 2 more Amazon tech bargains

Explore the Ring Outdoor Camera Battery and two more tech bargains this week.

10 May 2026
Dirty Frag: page-cache corruption in Linux

Dirty Frag is the sort of bug I mistrust on sight, because the damage lands in page-cache corruption before disk ever notices. If you rely on Linux to keep shared buffers honest, this one is worth a...

10 May 2026
Operational indicators from ISC Stormcast to check

ISC Stormcast is useful when you strip away the diary clutter and look only at the indicators that survive a second glance. I trust hostnames, paths, dates and hashes far more than the banner around...

10 May 2026
Building an analytics UI from web honeypot logs

I built this from web honeypot logs because the raw output is mostly noise, and the useful part is buried in repetition, timing, and source clusters. The trick is to stop the dashboard turning into a...

9 May 2026
Older clients after root CA rotation

Older clients rarely fail politely after an SSL.com root certificate rotation, and I have seen enough broken TLS to stop trusting “it works on my laptop”. The real problem is usually old trust stores...

9 May 2026
Local access exposes Microsoft Edge saved passwords

Microsoft Edge cleartext password storage is not a theoretical gripe; once the session is live, the browser can hand over saved credentials far more easily than most people expect. I would treat that...

8 May 2026
Turning ISC diary entries into detection checks

SANS Internet Storm Center diary indicators are only useful once they stop being a header and start becoming something you can test. I treat the stub as a pointer, not evidence; until there is a...