[ dbus / desktop ]( 1 )
2026.05.15Hello, my name is OrcaAny unprivileged app can claim Orca’s D-Bus name and read raw Wayland keystrokes - passwords included.2026.05.13Two Hops and a Shell on UbuntuUbuntu’s userns AppArmor patch checks a pointer, not a property. Two profile hops chain a confined process to host root.2026.05.11Porting Dirty Frag to arm64On aarch64 the rxrpc path oopses and AppArmor blocks the exploit over SSH. A complain-mode profile transition slips it through.2026.04.24Detection Below the Socket LayerMalware that hand-builds its own packets slips past socket-level monitoring so the detection drops below the socket too.2026.04.13The DNF Numbers StationC2 traffic indistinguishable from DNF update checks, with tasking hidden in the microseconds of Apache ETags.2026.04.09Building and Detecting a Rust C2 BeaconDual-layer encryption and a hardening pass from 1.4MB to 388K and the YARA rules that catch the beacon anyway.2026.03.20Modeling hackerbot-claw Against My Own CI/CDA single pull_request_target misstep turns a trusted GitHub workflow into a supply-chain backdoor.2026.03.18Running Your Own Transparency InfrastructureThe full Sigstore trust stack, self-hosted from a YubiKey CA up. No public good instance required.2026.03.10A Self-Hosted Observability PlatformNo Helm charts, no managed services. A 118-node observability platform configured by hand from the official docs.2026.03.02An AI-Powered Alert Triage EngineClaude investigates each alert by querying Mimir and Loki through tool-calling, then triages it before it pages a human.view all posts →