A custom Wazuh rule pack and reproducible Docker lab that catches rogue MCP servers, shadow AI agent activity, and indirect prompt-injection chains on engineering endpoints. 5 decoders, 13 rules, MITRE ATT&CK mapped.
How I built an open-source Helm chart that deploys Wazuh agents with CIS, NIST 800-53, PCI-DSS, HIPAA, SOC2 compliance, MITRE ATT&CK runtime detection, admission webhook enforcement, and auto-remediation — replacing 5 tools with one deploy.
What caused historical alerts to disappear from Wazuh dashboards after migration, and the safer reindex workflow that fixed it.
Cryptocurrency crime is on the rise, with $3.6 billion laundered through digital assets in 2023 alone. Ethereum, as the second-largest blockchain, is a key focus for investigators.
A structured overview of anti-forensics techniques—trail obfuscation, data destruction, encryption, steganography—and how defenders can detect and mitigate them.