defensive.works
> BOOK II · R. K. CHIDAMBARAM

Signed & Sealed.

A novel of the supply chain.
The engineer auditing her own git history.

Read online · reflows on phone

› or download PDF · 81pp · 299 KB

› Field Manual II · 13pp companion — the pipeline attacks, signing discipline, and IR under regulation

6 chapters 4 days, compressed
~14k words 60-75 min
Real every diff, every commit
CHANGESET / 01 · MON 07:12 EST · 4f2ae1b
@@ what Jess believed @@
- the pipeline signs what we build.
+ the pipeline signs what it is told to build.

The premise

Monday. 7:12 AM. Jess Park is running the same pre-release audit she's run twelve times. The same command, the same flags, the same pipeline. Today it comes back wrong.

The cosign verify succeeded. The image signature is valid. But the sha256 hash doesn't match what the source tree at a83f04e should have produced. Forty-one lines of Python exist in the signed production container that do not exist in git.

Jess designed this pipeline three years ago. She built it. She trusts it. She has told 400 hospitals they can trust it too.

Over the next four days she traces a cache-poisoning attack backward through a GitHub Actions build cache the attacker had owned since February, through a repo-scoped PAT she herself approved in a three-minute review two years ago, through a Route 53 DNS exfiltration channel that carried patient records out in 253-byte subdomain labels, through a seven-hour gap between the moment she knew and the moment she told anyone, through an FDA §524B authorization she can't patch without, through Dr. Anand's phone call that reframes three hundred records as three hundred people.

At the end, she writes two incident reports. The first is for the board, for legal, for the regulators. It will be accurate without being honest. The second will never leave her laptop.

> TABLE OF CONTENTS

Every chapter is a commit.

  • 4f2ae1b The Hash That Didn't Match sha mismatch Mon 07:12
  • b91c7d2 Trusted Source OIDC policy review Mon 10:40
  • a83f04e The Blast Radius three hundred names Mon 13:47
  • 2d7e091 Clean Room isolated rebuild Tue 05:48
  • 9fb4c17 Patient Zero Route 53 Query Logs Wed 08:07
  • c15a83b Chain of Custody two incident reports Wed 23:40
  • 0000000 Okafor, at the hub Transit Gateway route table

★ the book turns here.    0000000 is the Book III hook.

> ON THE DESIGN

Forensic → confessional.

Book I was forensic — the analyst looking outward at logs. Book II is confessional — the engineer looking inward at her own history. The page grammar shifts accordingly.

  • Adverse-event-report front matter. NovaMed is the patient. PATIENT: NOVAMED, INC. · AGE: 7 years in production · VITALS: compromised · ADMITTED: 23 FEB 2026 · REFERENCE: §164.402 Breach Notification Rule. The copyright page is a hospital chart.
  • Dedication. For everyone who approved a repo-scoped token two roadmaps ago and never came back.
  • Git-log TOC. Every chapter is a commit. A on Ch.3 where the book turns. A 0000000 empty-commit tease for Book III.
  • Diff-as-epigraph chapter openers. Every chapter opens with a -/+ diff of what Jess believed vs. what was actually true.
  • Confessional author's-notes. Red-bordered callouts in Jess's voice. Not I observed this. I am the one who reviewed this. I approved it.
  • The blast radius. One cache-poisoned commit. 400 hospitals. 2.3M patients in the reach. ~300 records actually exfiltrated. Each one a person.
  • The seven-hour gap. 11:00 Monday → 18:14 Monday. HIPAA clock starts at 11:00. Not 18:14.
  • The FDA wait. A WAF-blocks-on-/internal/diag scoreboard across the 32-hour regulatory pause. Every bar is a query the attacker tried and couldn't route. They're not giving up. They're waiting us out.
  • Trust-model receipt. Appendix opener. COSIGN SIGNATURE · binds signer → digest next to SLSA PROVENANCE · what built the digest. Signing proves who signed. Provenance proves what was built. Most teams only enforce the first.
  • Okafor coda. Book III tease. A Transit Gateway route table rendered as an AWS console screenshot. One rogue 0.0.0.0/0 route. One line: "I thought the hub-spoke was the isolation."
> CHARACTERS

Seven people. One confession.

  • Jess Park — AppSec at NovaMed. Built the pipeline. Approved the PAT. Narrator and defendant.
  • Carmen Reyes — CISO. Makes the calls Jess can't. Uncapped the red marker.
  • Sam — staff engineer. Approved PR #847 in three minutes because dependab0t-novamed looked fine. The book's secret protagonist.
  • Dr. Anand — Chief Medical Officer. The scene that costs the most and earns it.
  • David — legal counsel. Starts the HIPAA clock.
  • Marcus Chen — walks back on stage, quietly. If you read Book I, you know the hand he played.
  • VEGA — elsewhere. Watching volume on a dashboard in Bucharest.

Read Signed & Sealed online

› or download PDF (299 KB)

← New here? Assumed Role is Book I. You can read them in either order, but Book I introduces Marcus.