https://defensive.works/ Weekly security recon across cloud, agents, and supply chain. One attack, one rule, one defender move. Five minutes, every Tuesday. en-us https://defensive.works/recon/p/003 https://defensive.works/recon/p/003 Tue, 05 May 2026 12:00:00 +0000 A one-megabyte padding trick that walks around Docker's last line of defense, the AWS session-policy pattern for forensic artifact collection, and the Kubernetes 1.36 features that quietly change who can impersonate whom. https://defensive.works/recon/p/002 https://defensive.works/recon/p/002 Tue, 28 Apr 2026 12:00:00 +0000 A Claude Code skill riding authenticated Slack sessions, a Dependabot PR auto-merged 5 minutes after malicious publish, and the AWS pattern that scopes an MCP agent per tool call. https://defensive.works/recon/p/001 https://defensive.works/recon/p/001 Tue, 21 Apr 2026 12:00:00 +0000 AWS Bedrock AgentCore, the IAM blast radius its starter toolkit quietly ships, and the 30-minute audit to run this week.