Developer Articles | TechForDev

Latest AI / ML JavaScript Python React Next.js Web Dev DevOps Cloud

How to investigate suspicious SSH logins without giving AI a shell

Qimin Zhao8h ago • 4 min read

How to investigate suspicious SSH logins without giving AI a shell

A lot of Linux incident response starts with a login question, not a malware sample. Someone sees a...

#incidentresponse#linux#security#opensource

0 0

How I would use local read-only AI for first-pass server incident response

Qimin Zhao10h ago • 2 min read

How I would use local read-only AI for first-pass server incident response

Disclosure: I maintain Open Investigator at Arvanta Cyber. Most server incident response does not.....

#incidentresponse#security#opensource#ai

0 0

How to triage Java memory-shell clues without unsafe default heap dumps

Qimin Zhao7h ago • 3 min read

How to triage Java memory-shell clues without unsafe default heap dumps

Disclosure: I maintain Open Investigator at Arvanta Cyber. A suspected Java memory shell is an...

#security#java#incidentresponse#opensource

0 0

How to investigate a suspicious IP on a Linux server with read-only evidence

Qimin Zhao10h ago • 3 min read

How to investigate a suspicious IP on a Linux server with read-only evidence

Disclosure: I maintain Open Investigator at Arvanta Cyber. Open Investigator is Apache-2.0 open...

#incidentresponse#linux#security#opensource

0 0

How to triage a suspected WebShell without giving AI a shell

Qimin Zhao8h ago • 3 min read

How to triage a suspected WebShell without giving AI a shell

A suspected WebShell is awkward because the first clue is often weak. You may have one odd request....

#incidentresponse#security#linux#opensource

0 0

Two Retailers, One Attack: What Really Decides Who Survives a Breach

Stanley A.7h ago • 7 min read

Two Retailers, One Attack: What Really Decides Who Survives a Breach

In April 2025, two of Britain's most recognized retailers were hit by the same adversary, using the....

#incidentresponse#cybersecurity#websecurity#security

0 0

What safety boundary should an AI incident investigation tool have?

Qimin Zhao9h ago • 3 min read

What safety boundary should an AI incident investigation tool have?

Disclosure: I maintain Open Investigator at Arvanta Cyber. Open Investigator is Apache-2.0 open...

#incidentresponse#security#ai#opensource

0 0

The four-minute gap: what the Nando's machete incident reveals about incident response systems (not just training)

GoldenGlobalHawks14h ago • 4 min read

The four-minute gap: what the Nando's machete incident reveals about incident response systems (not just training)

A machete incident at Nando's Adelaide exposes the gap between policy docs and real incident-respons...

#security#incidentresponse#operations#workplacesafety

0 0

Turning first-pass host evidence into a DFIR handoff report

Qimin Zhao5h ago • 4 min read

Turning first-pass host evidence into a DFIR handoff report

Most incident-response writeups focus on the detection moment: a suspicious IP, a strange login, a.....

#ai#security#opensource#incidentresponse

0 0

Tech Articles