Parsing Every Log Format: The Timestamp Problem in LogSleuth
Every application writes logs differently, and timestamps are a disaster. Here's the 15-heuristic fallback chain LogSleuth uses to parse them, and why it has to exist.
Read article →Security writeups, tool internals, and practical guides.
Every application writes logs differently, and timestamps are a disaster. Here's the 15-heuristic fallback chain LogSleuth uses to parse them, and why it has to exist.
Read article →Walking the directory tree is slow. When elevated, DiskSleuth reads the NTFS Master File Table directly — a million files in a few seconds instead of minutes.
Read article →The 'file in use' dialog tells you nothing useful. SMB locks and local process handles are completely different problems — most tools only solve one of them.
Read article →120,000 events, 45 seconds of hang. The Event Log API is fast — Event Viewer just uses it badly. Here's the fix, and the wevtutil one-liner that works when you can't install anything.
Read article →Attackers automate their scanning. My setup uses Wazuh for host-level visibility and CrowdSec for crowd-sourced blocking — here's why they work better together than either alone.
Read article →I've shipped several tools with Tauri and maintained Electron apps. The size difference is real, but it's not the most interesting part.
Read article →AI writes the code, but the language choice still matters. Rust's compiler guardrails catch whole categories of bug that would otherwise slip through unnoticed.
Read article →I built SwatCrypt because I didn't trust myself to bolt crypto onto something else. Here's what I chose and why — cipher, KDF, and why unsafe code is banned at compile time.
Read article →