Blogs

I always have a great time teaching for SANS, but the big conferences like Orlando and Las Vegas always hit harder with bigger crowds, more activities etc. Looking forward to a great week!

I had a student reach out and ask about ways to “unredact” information from a PDF. They work for an organization that releases a lot of redacted material and they wanted to ensure they weren’t accidentally leaking out sensitive information. When you need to redact documents, it’s important to verify the sensitive information is actually gone, not just visually hidden.

It was a huge honor to speak at the 2025 Supply Chain Technical Exchange Symposium yesterday. Got to see a few old friends and make some new ones today! Having lived in the area for five years, it’s always nice to get back at catch up.

I took a day to figure out exactly what I wanted to talk about at the GISEC Conference next month in Dubai and came up with the following: Necessity Breeds Innovation: OSINT Solutions When Budgets Fail This talk explores how security professionals can implement powerful Open Source Intelligence (OSINT) monitoring strategies with minimal to no budget. Drawing from real-world experience

I’ve never been a massive fan of flying, but it’s funny how surviving an 18-hour flight to Singapore makes a 4-hour cross-country flight seem like no big deal 🙂

Open source intelligence (OSINT) often requires digging into corners of the web that aren’t publicly visible. Enter ArchiveBox, a self-hosted web archiving tool that lets you save web pages locally in various formats (HTML, PDF, WARC, etc.) (Key Features — ArchiveBox 0.8.6rc3 documentation) (Key Features — ArchiveBox 0.8.6rc3 documentation). ArchiveBox is like your personal Wayback Machine, only smarter: it can

I was recently discussing the replica watch ecosystem with a friend and found it a fascinating topic worthy of an AI-assisted irrelevent weekend blog post! Introduction Think fake Rolexes are just shady street curios? Think again. There is a semi-underground but thriving subculture devoted to high-quality replica watches. Online communities hundreds of thousands strong obsess over the latest “super clone”

All right, once again, I know this isn’t a travel blog, but it’s a irelevant weekend blog post, and it’s my blog so I’m kind of allowed to do whatever I want. It’s kind of funny – I honestly (as a lot of my friends know) don’t really care for flying too much, yet I find myself doing a lot

I am super excited to announce that next month I will be speaking at the GISEC Global conference in Dubai! It is the largest security conference in the Middle East and Africa, and it will be the first time I’ve ever had a chance to visit Dubai, so I am excited on multiple fronts. I have already started watching YouTube

One of the topics I’ve been working on a bit is using AI to make Mermaid chart diagrams for threat modeling and visualization. I asked OpenAi’s deep research to write me a blog post on the subject and here are the results! Introduction Intelligence professionals – from OSINT investigators to military and law enforcement analysts – often need to turn

This morning, a friend sent me a link to a story about a vulnerability in Cursor. Anyone who reads my blog or has heard me speak so far in 2025 knows how big of a fan I am of Cursor, which I use to write all my Python code these days. When I read the article, it was discussing a

I know I talk about Deep Research from OpenAI a lot, but every once in a while it still does something that absolutely amazes me. Right now, I currently have it running to analyze and look for an appropriate gift that I want to give a friend of mine. It’s still going—been running about 10 minutes or so—and it’s looked

I asked OpenAI’s Deep Research to write me a blog post on using Shodan to find exposed JSON data. Here are the results! Cybersecurity professionals and OSINT enthusiasts know that sometimes the biggest security leaks aren’t SQL databases or open RDP ports – they’re plain old text files in JSON format sitting out in the open. In this post, we’ll

Ever since OpenAI started including Deep Research in with the normal $20/month paid plan (albeit with a limit of 10 uses), I’ve been crunching the numbers internally about whether it’s worth it to keep my upgraded $200/month plan that comes with 120 uses. That’s a lot of Deep Research queries, and the other day I thought, “I really haven’t been