Posts
Purple Team Engineering: Building and Detecting a Rust C2 Beacon
2026-04-09
·
Keith Linneman
Building an offensive tool and the detection rules to catch it. The architecture behind Glimmer's dual-layer encryption, binary hardening from 1.4MB to 388K, and real-time YARA detection through Wazuh.
Modeling the hackerbot-claw Attack Against My Own CI/CD Pipeline
2026-03-20
·
Keith Linneman
Reviewing my infrastructure's security posture against recent high-profile supply chain security compromises involving GitHub workflows using pull_request_target.
Running Your Own Transparency Infrastructure with Fulcio, Rekor, TesseraCT and Timestamp-Authority
2026-03-18
·
Keith Linneman
From YubiKey CA root to trust bundles to signed artifacts - the architecture, trust decisions, and security implications behind running a self-hosted Sigstore stack.
Building a Self-Hosted Observability Platform with the Grafana LGTM Stack
2026-03-10
·
Keith Linneman
A view into the architecture of a 118-node self-hosted observability platform built on Mimir, Loki, Tempo, Pyroscope, and Grafana. All deployed and configured from official documentation with no Helm charts or managed services.
Building an AI-Powered Alert Triage Engine with Go, Claude, and the Grafana LGTM Stack
2026-03-02
·
Keith Linneman
How I built Vigil - a Go service that receives Alertmanager webhooks, investigates alerts using Claude's tool-calling API against Mimir and Loki, persists full conversation histories to PostgreSQL, and traces the entire triage lifecycle through Tempo.
hello, world
2026-02-09
·
Keith Linneman
Introducing LinnemanLabs - 20+ years of breaking and building systems, now writing it down.