LinnemanLabs

Building systems, breaking systems, observing systems, securing systems, auditing systems... improving systems.

Recent Posts

Purple Team Engineering: Covert Channels and the DNF Numbers Station

2026-04-13 · #Purple Team #Detection Engineering

Building a C2 channel indistinguishable from package manager traffic, encoding tasking in Apache ETag microseconds, and surveying the surprising state of repository security on Fedora.

Purple Team Engineering: Building and Detecting a Rust C2 Beacon

2026-04-09 · #Purple Team #Detection Engineering

Building an offensive tool and the detection rules to catch it. The architecture behind Glimmer’s dual-layer encryption, binary hardening from 1.4MB to 388K, and real-time YARA detection through Wazuh.

Modeling the hackerbot-claw Attack Against My Own CI/CD Pipeline

2026-03-20 · #GitHub Actions #Supply Chain Security

Reviewing my infrastructure’s security posture against recent high-profile supply chain security compromises involving GitHub workflows using pull_request_target.

Running Your Own Transparency Infrastructure with Fulcio, Rekor, TesseraCT and Timestamp-Authority

2026-03-18 · #Supply Chain Security #Certificate Transparency

From YubiKey CA root to trust bundles to signed artifacts - the architecture, trust decisions, and security implications behind running a self-hosted Sigstore stack.

Building a Self-Hosted Observability Platform with the Grafana LGTM Stack

2026-03-10 · #Observability #Grafana

A view into the architecture of a 118-node self-hosted observability platform built on Mimir, Loki, Tempo, Pyroscope, and Grafana. All deployed and configured from official documentation with no Helm charts or managed services.