I wasn’t planning on attending Edge Case 2025 this year, but someone from the industry reached out to me on LinkedIn and suggested it might be worth a look. Since it was nearby, I decided to give i...

Apple recently announced Memory Integrity Enforcement, a new protection on Apple Silicon (M3, A17 and newer) that builds on ARM’s Memory Tagging Extension (MTE) and their joint evolution, Enhanced ...

Cloudflare WAF (Part 2): Terraform rulesets In Part 1 I created some basic Cloudflare WAF rules using the dashboard. It was a good way to test quickly, but for a real project I want repeatable, ve...

Wiz Kubernetes LAN Party – Challenge Write-Up I spent some time working through the K8s LAN Party CTF challenges. They were tricky but really fun, and each one tested a different piece of Kubernet...

Troubleshooting Datadog APM Injection with Wiz Policies: What I Learned About Admission Controllers & AI Today a colleague brought me an issue: Wiz was blocking Pods in one of our Kubernetes c...

Cloudflare WAF (Part 1): Setting Up a Lab with Workers and Custom Rules I’ve been meaning to get some hands-on experience with Cloudflare’s Web Application Firewall (WAF). Since I already had a sp...

When Scripts Leak Secrets: API Credentials on macOS Endpoints One of the lesser-discussed security risks in endpoint management is the exposure of API credentials in scripts. I’ve run into this is...

Playing with LM Arena and NanoBanana Over the weekend I was experimenting with LM Arena, and stumbled across the mysterious NanoBanana model. Some people online are speculating it might be tied to...

How to Transfer YouTube Playlists Between Google Accounts Using Collaboration When decommissioning my Google Workspace account, I needed to migrate my YouTube playlists to a new personal Google ac...

Learning OIDC with Terraform Cloud and Azure: A Journey of Integration, Errors, and Resolution Today I embarked on a deep dive into setting up OIDC (OpenID Connect) between Terraform Cloud and Azu...