CirriusTech
  • Home
  • Tech
  • Projects
  • Personal
  • Fiction
  • About
  • Certifications
☕ Enjoying the content? Consider supporting me on Ko-fi

Projects & Research

Tools, Research & Open Source

Security research, open source tooling, and experimental projects. Built to explore, understand, and solve real problems.

🔬

OID-See

BloodHound for OAuth in Entra ID — maps third-party app consent, scopes, assignments, and trust signals into a graph to surface impersonation risk and OAuth sprawl.

GitHub
🔬

ISDF — Intune Stateful Device Fingerprinting

Cloud-stamped device metadata for Conditional Access — moves device trust out of the endpoint and into Azure, using TPM-rooted hardware identifiers validated by a Logic App with Managed Identity.

GitHub
🔬

KuShu — Attack & Defence Research

KuShuSec is a collection of cloud security attack and defence research, tools, and mind maps — including the KuShu-Atama attack/defence mind map repository and SPADE research.

GitHub
🔬

Az-Skywalker

A collection of Azure security research tools exposing control plane isolation flaws, cross-plane data exposure, and silent data harvesting in Microsoft Azure iPaaS services.

GitHub
🔬

The Audrey Project

A curated RSS/OPML feed collection for tech and security professionals — helping you stay current without drowning in noise.

GitHub
Recent Posts
Prompting Was Never the Control Plane
Prompting Was Never the …

This is a personal blog. All opinions are my own - not my employer’s. At some point over the last few months, I accidentally built a control plane for coding agents. This was not the plan. The plan, to the extent that there was one, was much smaller and much more normal. I wanted coding agents to …

July 1, 2026 Read
 Beyond The Door #1: The Illusion Of The Locked Door
Beyond The Door #1: The …

We keep acting like doors are portals into trust and expected good behaviour. That was never true, but has never been more dangerous an assumption than it is now.

June 14, 2026 Read
The Repository Is The New Package
The Repository Is The New …

The next generation of supply chain attacks aren’t targeting packages. They’re targeting repositories. The June 2026 Azure Functions incident may be a glimpse into what that future looks like.

June 6, 2026 Read
FinOps for Delegated Cognition: GitHub Boiled the Frog Backwards
FinOps for Delegated …

FinOps for Delegated Cognition: GitHub Boiled the Frog Backwards Yesterday started with me staring at a tiny dashboard called CopeLimit. This is not, admittedly, how most normal people choose to spend a Monday morning. Most people, when confronted with a major billing transition from one of the …

June 2, 2026 Read
The AI Credits Era Begins: Notes From the First Morning of GitHub’s New Billing Model
The AI Credits Era …

At some point very early this morning, because apparently this is what my life is now, I found myself watching a tiny dashboard called CopeLimit while GitHub Copilot’s new AI Credits billing model went live. This was not the original plan for the morning. The original plan was probably something …

June 1, 2026 Read
FinOps for Delegated Cognition: AADLCv2 and the Cost of Letting Agents Rediscover Gravity
FinOps for Delegated …

A few weeks ago I wrote about what I was then calling the Agile Agentic Development Life Cycle, or AADLC …

May 30, 2026 Read
Footer logo
© 2026 All Rights Reserved