https://ku5e.com/blog/Recent content in Blog on ku5e | Cybersecurity PortfolioHugo -- 0.162.1en-usTue, 12 May 2026 11:14:00 +0000https://ku5e.com/blog/frontier-models-are-overkill-for-most-production-workloads/Tue, 12 May 2026 11:14:00 +0000https://ku5e.com/blog/frontier-models-are-overkill-for-most-production-workloads/Open weight models are close enough to frontier performance for most production workloads. What changed this week, what the frontier models still win on, and what the practical question actually is.https://ku5e.com/blog/the-ethical-ai-company-billed-you-for-using-competitor-tools/Sun, 10 May 2026 22:30:00 +0000https://ku5e.com/blog/the-ethical-ai-company-billed-you-for-using-competitor-tools/Anthropic's billing system scanned user repositories for competitor keywords and charged extra or blocked access when it found them. The gap between stated values and operational behavior.https://ku5e.com/blog/claude-code-on-deepseek-17x-cheaper/Thu, 07 May 2026 10:27:00 +0000https://ku5e.com/blog/claude-code-on-deepseek-17x-cheaper/DeepClaude routes Claude Code's tool calls through DeepSeek instead of Anthropic's models. Same tool ecosystem, approximately 17x lower cost. How it works and where it falls short.https://ku5e.com/blog/ai-outperformed-er-doctors-in-a-harvard-trial/Wed, 06 May 2026 19:22:00 +0000https://ku5e.com/blog/ai-outperformed-er-doctors-in-a-harvard-trial/Harvard published a controlled trial showing AI outperformed emergency physicians in triage diagnoses. What the result means and which conversation it actually changes.https://ku5e.com/blog/the-47-percent-debugging-skill-drop/Tue, 05 May 2026 10:52:00 +0000https://ku5e.com/blog/the-47-percent-debugging-skill-drop/Anthropic's own research documented a 47% drop in debugging skills among developers who used AI coding agents aggressively. The supervision paradox built into these tools.https://ku5e.com/blog/deepseek-v4-broke-the-pricing-argument/Sun, 03 May 2026 21:17:00 +0000https://ku5e.com/blog/deepseek-v4-broke-the-pricing-argument/DeepSeek V4 is open weight, near-SOTA on benchmarks, and costs $1.74 per million input tokens. The pricing argument for closed frontier models just got harder to make.https://ku5e.com/blog/i-built-a-trading-bot-that-runs-its-llm-on-a-jetson-in-my-closet/Thu, 30 Apr 2026 21:03:00 +0000https://ku5e.com/blog/i-built-a-trading-bot-that-runs-its-llm-on-a-jetson-in-my-closet/How I built a paper trading bot that runs its LLM on a Jetson Orin Nano in my home lab — architecture, the bug that would have been catastrophic, and why the model is explicitly blocked from touching execution.https://ku5e.com/blog/cve-2026-31431-the-optimization-that-opened-root/Wed, 29 Apr 2026 20:11:00 +0000https://ku5e.com/blog/cve-2026-31431-the-optimization-that-opened-root/Analysis of CVE-2026-31431 (Copy Fail) — local privilege escalation in the Linux kernel crypto subsystem via AF_ALG and splice(), affecting all kernels built 2017 to patch date.https://ku5e.com/blog/i-built-ai-software-in-2009.-here-is-what-asu-s-new-learning-platform-gets-wrong./Tue, 28 Apr 2026 21:15:00 +0000https://ku5e.com/blog/i-built-ai-software-in-2009.-here-is-what-asu-s-new-learning-platform-gets-wrong./Arizona State University launched Atomic, a platform that converts faculty lectures into AI-generated learning modules without faculty consent. The modules are factually wrong in places. This is what happens when institutions treat AI as a credential to sell instead of a discipline to teach.https://ku5e.com/blog/i-built-a-25-minute-timer-that-forces-you-to-name-what-you-re-actually-doing/Mon, 27 Apr 2026 20:03:00 +0000https://ku5e.com/blog/i-built-a-25-minute-timer-that-forces-you-to-name-what-you-re-actually-doing/Razor is a work session timer with one rule: declare the specific task before the clock starts. I built it after counting ten unfinished projects in a single room.https://ku5e.com/blog/gpt-5.5-images-2.0-claude-design-and-why-i-m-done-listening-to-ai-ceo-debates/Sun, 26 Apr 2026 20:51:00 +0000https://ku5e.com/blog/gpt-5.5-images-2.0-claude-design-and-why-i-m-done-listening-to-ai-ceo-debates/description: Three AI tools shipped this week that changed what I expect from the work. One public exchange between executives reminded me that capability and credibility are not the same thing.https://ku5e.com/blog/the-karpathy-loop/Wed, 22 Apr 2026 19:32:00 +0000https://ku5e.com/blog/the-karpathy-loop/ku5e.com blog article on the Karpathy Loop — the three-component auto-improvement pattern that lets an AI agent run hundreds of optimization experiments without human intervention, and what it means for small teams and business owners.https://ku5e.com/blog/zero-click-prompt-injection-in-claude-s-chrome-extension-one-iframe-no-warning-everything-gone/Wed, 22 Apr 2026 19:22:00 +0000https://ku5e.com/blog/zero-click-prompt-injection-in-claude-s-chrome-extension-one-iframe-no-warning-everything-gone/ku5e.com blog article on the zero-click prompt injection vulnerability in Claude's official Chrome extension — patched in v1.0.41.https://ku5e.com/blog/run-a-private-ai-that-reads-your-documents-locally-with-no-internet-required/Wed, 22 Apr 2026 18:58:00 +0000https://ku5e.com/blog/run-a-private-ai-that-reads-your-documents-locally-with-no-internet-required/ku5e.com tutorial — run a private local AI with RAG using PrivateGPT and Ollama. No internet, no API keys, all local.https://ku5e.com/blog/your-background-ai-agent-will-read-whatever-you-download/Tue, 21 Apr 2026 20:13:00 +0000https://ku5e.com/blog/your-background-ai-agent-will-read-whatever-you-download/description: ku5e.com blog article on the attack surface created by background AI agents with computer use permissions — Codex, Perplexity Personal Computer, browser agents.https://ku5e.com/blog/build-a-local-ai-pentesting-assistant-on-kali-linux-with-ollama-and-mcp/Sun, 19 Apr 2026 22:41:00 +0000https://ku5e.com/blog/build-a-local-ai-pentesting-assistant-on-kali-linux-with-ollama-and-mcp/ku5e.com tutorial — build a local AI pentesting assistant on Kali Linux using Ollama and a custom MCP server with responsible scope enforcement.https://ku5e.com/blog/claude-mythos-found-a-27-year-old-bug.-the-hard-part-is-what-happens-next/Sun, 19 Apr 2026 22:02:00 +0000https://ku5e.com/blog/claude-mythos-found-a-27-year-old-bug.-the-hard-part-is-what-happens-next/ku5e.com blog article on Claude Mythos Preview and Project Glass Wing — zero-day discovery, JP Morgan theory, and the "when it leaks not if" take.https://ku5e.com/blog/the-attacker-in-your-network-is-not-in-your-inbox/Mon, 13 Apr 2026 20:18:00 +0000https://ku5e.com/blog/the-attacker-in-your-network-is-not-in-your-inbox/description: Cisco Talos reported that 40% of all intrusions in Q4 2025 came from exploited vulnerabilities, not phishing. The monitoring infrastructure at most organizations was built for phishing. That design gap is where attackers are living.https://ku5e.com/blog/193-applications-taught-me-that-hr-ai-agents-are-an-unmonitored-attack-surface/Mon, 13 Apr 2026 20:09:00 +0000https://ku5e.com/blog/193-applications-taught-me-that-hr-ai-agents-are-an-unmonitored-attack-surface/description: HR AI agents are running application screeners, confirmation senders, denial generators, and support chats. They read unstructured external input and route it into internal processes. That is an injection surface. Most companies did not buy them as security infrastructure.https://ku5e.com/blog/tryhackme-x86-assembly-crash-course/Mon, 13 Apr 2026 19:42:00 +0000https://ku5e.com/blog/tryhackme-x86-assembly-crash-course/x86 Assembly, Opcodes, MOV/LEA/NOP, Arithmetic Instructions, Logical Instructions, Flags, Conditionals, Branching, Stack Operations, Function Callshttps://ku5e.com/blog/tryhackme-x86-architecture-overview/Sun, 12 Apr 2026 22:33:00 +0000https://ku5e.com/blog/tryhackme-x86-architecture-overview/Topics: CPU Architecture, x86 Registers, Memory Layout, Stack Analysis, Malware Analysis Fundamentalshttps://ku5e.com/blog/your-dlp-policy-does-not-know-what-your-employees-are-running/Sun, 12 Apr 2026 22:22:00 +0000https://ku5e.com/blog/your-dlp-policy-does-not-know-what-your-employees-are-running/76% of organizations now call shadow AI a definite or probable problem. The tools deployed against it have the same blind spot that plagiarism detectors have against a student who knows humanizer tools exist.https://ku5e.com/blog/the-bilingual-cybersecurity-professional-is-not-a-diversity-hire/Fri, 20 Mar 2026 16:32:00 +0000https://ku5e.com/blog/the-bilingual-cybersecurity-professional-is-not-a-diversity-hire/Spanish-language phishing campaigns now use AI-generated, regionally accurate text that reads correctly to native speakers. The analyst who can read that content is not a bonus. They are a capability the monolingual team does not have.https://ku5e.com/blog/tryhackme-rooms-are-not-as-easy-as-they-feel/Fri, 20 Mar 2026 16:29:00 +0000https://ku5e.com/blog/tryhackme-rooms-are-not-as-easy-as-they-feel/TryHackMe rooms feel easier than real incident response for a specific reason. Understanding that reason is what turns room practice into genuine readiness.https://ku5e.com/blog/the-first-90-days-in-a-security-role-are-not-on-any-cert-exam/Fri, 20 Mar 2026 16:25:00 +0000https://ku5e.com/blog/the-first-90-days-in-a-security-role-are-not-on-any-cert-exam/Earning the cert gets you hired. What happens in the first 90 days is determined by two habits that no certification exam measures — and most candidates do not know which one they default to until it costs them.https://ku5e.com/blog/security-is-not-the-cert-the-soc-job-requires/Fri, 20 Mar 2026 16:10:00 +0000https://ku5e.com/blog/security-is-not-the-cert-the-soc-job-requires/CompTIA Security+ and CySA+ share a domain name. They do not share what that domain requires you to demonstrate. Here is what that difference costs candidates who interview for SOC roles with the wrong cert on their resume.https://ku5e.com/blog/tryhackme-threat-modelling-walkthrough/Sun, 15 Mar 2026 21:08:00 +0000https://ku5e.com/blog/tryhackme-threat-modelling-walkthrough/TryHackMe Threat Modelling walkthrough covering MITRE ATT&CK mapping, DREAD risk scoring, STRIDE threat categorization, and PASTA framework application to financial services and e-commerce scenarios.https://ku5e.com/blog/tryhackme-threat-intel-containment/Sun, 15 Mar 2026 20:59:00 +0000https://ku5e.com/blog/tryhackme-threat-intel-containment/Walkthrough for the TryHackMe Threat Intel & Containment room covering threat intelligence creation, containment strategies, and basic Wireshark packet analysis.https://ku5e.com/blog/tryhackme-tardigrade/Sun, 15 Mar 2026 20:53:00 +0000https://ku5e.com/blog/tryhackme-tardigrade/TryHackMe Tardigrade walkthrough. Five persistence mechanisms on a compromised Linux server, from bashrc alias hijacking to abused system accounts.https://ku5e.com/blog/tryhackme-preparation/Sun, 15 Mar 2026 20:31:00 +0000https://ku5e.com/blog/tryhackme-preparation/TryHackMe walkthrough for the Preparation phase of incident response — building a CSIRT, defining roles, establishing log management pipelines, and configuring Windows Event Log collection before an incident occurs.https://ku5e.com/blog/tryhackme-identification-scoping/Sun, 15 Mar 2026 20:29:00 +0000https://ku5e.com/blog/tryhackme-identification-scoping/TryHackMe walkthrough for Identification and Scoping — determining what systems were affected, mapping phishing indicators, and building the initial picture of a live incident before containment begins.https://ku5e.com/blog/tryhackme-eradication-and-remediation/Sun, 15 Mar 2026 20:22:00 +0000https://ku5e.com/blog/tryhackme-eradication-and-remediation/TryHackMe walkthrough covering eradication and remediation in incident response — removing attacker persistence, patching exploited systems, and restoring operations using MITRE ATT&CK and Jenkins-based tooling.https://ku5e.com/blog/stop-installing-enterprise-security-tools-before-you-can-use-them/Sun, 15 Mar 2026 20:03:00 +0000https://ku5e.com/blog/stop-installing-enterprise-security-tools-before-you-can-use-them/Before you install a SIEM or an EDR, five things cover 80% of what entry-level security work actually requires.https://ku5e.com/blog/i-built-a-cybersecurity-home-lab-for-free.-so-can-you./Sun, 15 Mar 2026 19:57:00 +0000https://ku5e.com/blog/i-built-a-cybersecurity-home-lab-for-free.-so-can-you./Five old computers networked with vulnerable routers. Now a homebuilt rack server running VirtualBox. The lab is free, the setup is simpler than it looks, and breaking it is the point.https://ku5e.com/blog/how-to-use-ai-as-a-study-partner-without-using-it-as-a-cheat-sheet/Sun, 15 Mar 2026 19:52:00 +0000https://ku5e.com/blog/how-to-use-ai-as-a-study-partner-without-using-it-as-a-cheat-sheet/AI will give you the answer if you ask for it. Whether that answer does anything useful for you depends entirely on how you ask.https://ku5e.com/blog/what-security-certifications-assume-you-already-know/Sun, 15 Mar 2026 19:45:00 +0000https://ku5e.com/blog/what-security-certifications-assume-you-already-know/Security+ tests security concepts. It assumes you already understand the network those concepts live on.https://ku5e.com/blog/building-a-cybersecurity-ai-lab-on-a-raspberry-pi-for-under-200/Sun, 15 Mar 2026 19:40:00 +0000https://ku5e.com/blog/building-a-cybersecurity-ai-lab-on-a-raspberry-pi-for-under-200/A Raspberry Pi 5 with the Hailo-8L AI Kit gives you a local, air-gapped inference platform for real network security work. No cloud. No subscription. Under $200.https://ku5e.com/blog/agi-is-good-for-humanity.-it-s-a-problem-for-your-network./Sat, 14 Mar 2026 20:44:00 +0000https://ku5e.com/blog/agi-is-good-for-humanity.-it-s-a-problem-for-your-network./AGI done right looks like Star Trek. The path there runs through a period where attackers get the tools first. That gap is where cybersecurity careers are made.https://ku5e.com/blog/tryhackme-atomic-bird-goes-purple-2/Sun, 08 Mar 2026 20:08:00 +0000https://ku5e.com/blog/tryhackme-atomic-bird-goes-purple-2/Part 2 of the Atomic Bird Goes Purple Purple Team series. Covers cleartext credential discovery, typosquatted decoy account creation, malicious service installation, registry defacement, ransomware-style file renaming, and reverse shell persistence via registry. Techniques: T1552.001, T1078.003, T1543.003, T1491, T1112, T1012.https://ku5e.com/blog/tryhackme-atomic-bird-goes-purple-1/Sun, 08 Mar 2026 19:57:00 +0000https://ku5e.com/blog/tryhackme-atomic-bird-goes-purple-1/A hands-on Purple Team exercise using custom Atomic Red Team tests to emulate system discovery, credential capture, file manipulation, and exfiltration staging. Covers T1082, T1056.002, T1091, and T1115 with full artifact investigation in Windows Event Logs, Sysmon, and Aurora EDR.https://ku5e.com/blog/what-nmap-actually-does/Sun, 08 Mar 2026 14:17:00 +0000https://ku5e.com/blog/what-nmap-actually-does/Most people run Nmap. Fewer understand what the packets are doing and what the responses actually mean.https://ku5e.com/blog/colonial-pipeline-one-password-six-days-17-states/Sun, 08 Mar 2026 14:12:00 +0000https://ku5e.com/blog/colonial-pipeline-one-password-six-days-17-states/DarkSide did not use a sophisticated zero-day to shut down 45 percent of the East Coast fuel supply. They used a leaked password and an account with no MFA.https://ku5e.com/blog/what-security-tests-vs.-what-the-job-actually-requires/Sun, 08 Mar 2026 14:06:00 +0000https://ku5e.com/blog/what-security-tests-vs.-what-the-job-actually-requires/The Security+ exam and the job that requires it are testing different things. Knowing the gap helps you prepare for both.https://ku5e.com/blog/credential-stuffing-is-not-brute-force/Sun, 08 Mar 2026 13:49:00 +0000https://ku5e.com/blog/credential-stuffing-is-not-brute-force/Credential stuffing uses real passwords from real breaches. Understanding the difference changes how you defend against it.https://ku5e.com/blog/tryhackme-caldera-walkthrough/Sun, 08 Mar 2026 01:11:00 +0000https://ku5e.com/blog/tryhackme-caldera-walkthrough/This room covers the full pipeline: deploying agents, building adversary profiles, running operations, analyzing detections with Sysmon and Aurora EDR, and executing autonomous incident response.https://ku5e.com/blog/tryhackme-threat-modelling/Thu, 05 Mar 2026 00:00:00 +0000https://ku5e.com/blog/tryhackme-threat-modelling/Walkthrough covering MITRE ATT&CK, DREAD, STRIDE, and PASTA threat modelling frameworks.https://ku5e.com/blog/tryhackme-custom-alert-rules-in-wazuh/Tue, 03 Mar 2026 00:00:00 +0000https://ku5e.com/blog/tryhackme-custom-alert-rules-in-wazuh/Walkthrough covering Wazuh decoder analysis, rule logic, and custom local_rules.xml configuration.https://ku5e.com/blog/tryhackme-logstash-data-processing-unit/Mon, 02 Mar 2026 00:00:00 +0000https://ku5e.com/blog/tryhackme-logstash-data-processing-unit/Walkthrough covering Logstash pipeline configuration, plugin architecture, and ELK stack integration.https://ku5e.com/blog/tryhackme-fixit/Sat, 28 Feb 2026 00:00:00 +0000https://ku5e.com/blog/tryhackme-fixit/Walkthrough covering Splunk pipeline repair, multi-line event parsing, and data analysis with SPL.https://ku5e.com/blog/tryhackme-splunk-dashboards-and-reports/Sun, 22 Feb 2026 00:00:00 +0000https://ku5e.com/blog/tryhackme-splunk-dashboards-and-reports/Walkthrough covering Splunk reports, dashboards, and alert configuration for SOC operations.https://ku5e.com/blog/tryhackme-owasp-top-10-2025-insecure-data-handling/Fri, 20 Feb 2026 00:00:00 +0000https://ku5e.com/blog/tryhackme-owasp-top-10-2025-insecure-data-handling/Walkthrough covering Cryptographic Failures, Server-Side Template Injection, and Insecure Deserialization.