Incident response,
digital forensics,
adversarial research.

Security research and practice grounded in operational experience. FLINTEK is where the work lives — investigations, tooling, and writing published openly from real casework.

NEW HAMPSHIRE · EST. 2025 ·

ABOUT

FLINTEK is the professional entity of a New Hampshire security practitioner with a background in incident response leadership, enterprise forensics, and cloud identity security. The work is grounded in real engagements — ransomware investigations, credential-based attacks, business email compromise — and the tooling and research published here came directly from gaps encountered in the field.

The current focus spans the full attack lifecycle. On the defensive side: triage, containment, evidence collection, and timeline reconstruction. On the offensive side: studying and emulating the TTPs used by the threat actors behind those same incidents. The goal is a complete operational picture — not just a reactive posture.

OPEN SOURCE

CIRRUS Python CLI for Microsoft 365 and Entra ID incident response — audit log collection, sign-in forensics, and identity analysis built from real IR gaps. github.com/flintek-llc/cirrus → FIREAUDIT Vendor-agnostic firewall configuration auditing mapped to NIST, CIS Controls v8, and MITRE ATT&CK. Built for multi-customer managed environments. github.com/flintek-llc/fireaudit → OBSERVER Observable enrichment for defenders and incident responders. Accepts an IP, domain, URL, or file hash and fans it out to seven threat intelligence sources simultaneously, returning normalized results. Ships as a CLI binary and a self-hosted web server with browser UI. github.com/flintek-llc/observer →

WRITING

Case studies, tool walkthroughs, and practitioner research published openly from real casework.

ctrlaltdean.github.io →

CONTACT

EMAIL [email protected]
GITHUB github.com/flintek-llc