THE HUMAN NEVER CHANGES

A 5-minute read on why the most constant thing in cybersecurity is also the most human.

log_date: 2026-06-02 // red team // ~700 words // format: html static
In cybersecurity, everything changes every single day. New CVEs in the morning, new tooling by the afternoon, new techniques and new defenses by the time you go to sleep. The ground never stops moving under your feet. And yet, underneath all of it, one thing never changes: the human.

The human who clicks the link. The human who reuses the same password across ten services. The human who builds the defense — and the human who breaks it. Technology evolves; people stay people. That single constant is the reason I do this work, and it's the reason I started this project.

The pattern that repeats

For years I kept watching the same pattern repeat. Company after company, I saw organizations that looked prepared on paper but fell apart the moment they faced a real kill chain — a complete, end-to-end attack that moves from the very first email all the way to full control of the environment.

They had tools. They had policies. They had budgets. What they didn't have was the experience of seeing how an attacker actually thinks: step by step, link by link, decision by decision. A checklist is not the same as a chain. So I decided to stop talking about it in theory and start documenting it in practice.

Building in the open

This project is my attempt to write down every step of that chain, in the open. I want to build and document real tools as I go.

It starts with an email kill chain checker — something that maps how a phishing-driven attack would actually unfold, from the initial lure to the foothold. And it grows from there toward developing my own command-and-control framework, so I can understand from the inside how operators maintain access, how they stay quiet, and — most importantly — how defenders can catch them.

When I first entered this field, building something like a C2 felt like the summit. It was the final goal, the thing I'd point at and say "I made it." Now I understand it was only the beginning. The real goal was never the tool. The tool is just a way of forcing yourself to truly understand. The real goal was always the understanding.

Speed as opportunity

That's why I created this blog. I want to show how anyone can start building their own competitive tools in a field that moves faster than any single person can keep up with.

And here's the thing I've learned about that speed: it isn't a problem to fear — it's an opportunity. When everything around you is accelerating, that is exactly the moment to lean into new capabilities. To use AI not as a crutch, but as a force multiplier. To stop trying to memorize the field and start learning how to rebuild yourself as it shifts.

Because the people who last in security aren't the ones who know the most today. They're the ones who can reinvent themselves tomorrow.

Red team, 2021

I've been working on the red team side since 2021. I started as a consultant — moving between clients, environments, and threat models, never staying in one place long enough to get comfortable. That discomfort was the point.

My idea was always to learn every side of the problem: how attackers operate, how defenders respond, and how the business caught in the middle absorbs the impact. Honestly, sitting across the table from a client taught me as much as any exploit ever did — because it brought me right back to the human factor. The fear, the assumptions, the blind spots that no scanner will ever flag.

What you'll find here

So this is the promise of this place: an honest, ongoing record of one red teamer trying to understand the whole picture — one kill chain at a time.

The tools will change. The techniques will change. The defenses will change. But the human won't. And if we really want to protect people, we have to start by understanding them.

Welcome to the project. Let's build from the beginning.