STICKY RICE BYTES

Security served fresh, one byte at a time
Welcome to Sticky Rice Bytes. I write about security knowledge that sticks. No fluff, just actionable insights.

Recent Posts

Filter by topic:

🌐 All agentic-ai ⚙️ automation claude code crowdstrike endpoint-security 🔬 forensics 🍎 macos mcp 🤖 soar sourcegraph supply-chain tracecat
2026.05.15
CrowdStrike Tracecat Claude Code endpoint-security ⚙️ automation agentic-AI
Preventing friendly fire from Claude Code's YOLO mode: an agentic CrowdStrike automation powered by Tracecat
A design pattern for proactive EDR-based guardrails. A CrowdStrike Custom IOA blocks Claude Code’s –dangerously-skip-permissions (YOLO mode) flag at the endpoint, wired into an agentic Tracecat workflow that DMs the user with a calm explanation, replies in the alerts channel, runs an AI investigation against Falcon telemetry, and writes the whole thing up as a Tracecat case. The same shape works for Codex, Gemini CLI, and any EDR that can fire a webhook on behavioural detections.
2026.05.13
supply-chain Tracecat Sourcegraph CrowdStrike MCP ⚙️ automation
Investigating compromised packages without the tab sprawl: an agentic Tracecat automation that searches code repos and endpoints for exposure using Sourcegraph and CrowdStrike MCPs
A Tracecat automation that searches for malicious-package exposure using Sourcegraph (code) and CrowdStrike Falcon (endpoints) in parallel via MCP, then outputs both results into a Tracecat case and a Slack summary.
2025.11.28
🍎 macOS 🤖 SOAR CrowdStrike Tracecat 🔬 forensics ⚙️ automation
Automating Chrome History Collection using CrowdStrike and Tracecat - Part 3: Professional Polish
Complete the automated forensic workflow with proper cleanup, session termination, and final documentation. Part 3 covers removing temporary files without destroying evidence, graceful RTR session closure, and comprehensive audit trail completion.
2025.11.20
🍎 macOS 🤖 SOAR CrowdStrike Tracecat 🔬 forensics ⚙️ automation
Automating Chrome History Collection using CrowdStrike and Tracecat - Part 2: The Collection Engine
Build the core evidence collection engine for automated Chrome history forensics. Part 2 covers integrity hashing, file copying with validation checkpoints, evidence packaging, and upload to RTR cloud storage.
2024.11.08
🍎 macOS 🤖 SOAR CrowdStrike Tracecat 🔬 forensics ⚙️ automation
Automating Chrome History Collection using CrowdStrike and Tracecat - Part 1: Foundation & Discovery
Learn how to automate Chrome browser history collection from macOS devices using CrowdStrike RTR and Tracecat SOAR. Part 1 covers workflow foundations, device validation, and user discovery.