<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Keval Chhatbar — Field Notes</title><description>Cybersecurity engineer researching AI-assisted security operations by building and running the whole stack himself. Field notes, wrong turns included.</description><link>https://kevalchhatbar.fyi/</link><language>en-ca</language><item><title>The AI Homelab, Two Years In: A Build Note</title><link>https://kevalchhatbar.fyi/writing/ai-homelab-two-years-in-a-build-note/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/ai-homelab-two-years-in-a-build-note/</guid><description>Thirty-plus services, two Proxmox nodes, one operator, and the two outages that taught me more than any tutorial did.</description><pubDate>Fri, 10 Jul 2026 00:00:00 GMT</pubDate></item><item><title>Building a Threat-Intel Pipeline: KEV + EPSS in Production</title><link>https://kevalchhatbar.fyi/writing/threat-intel-pipeline-kev-epss-in-production/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/threat-intel-pipeline-kev-epss-in-production/</guid><description>Six explicit stages, a scorer that refuses to trust CVSS on its own, and what it actually takes to turn nineteen feeds into three digests a day without drowning in noise.</description><pubDate>Wed, 08 Jul 2026 00:00:00 GMT</pubDate></item><item><title>The npm Worm in Your Homelab: Surviving Supply-Chain Attacks</title><link>https://kevalchhatbar.fyi/writing/the-npm-worm-in-your-homelab-surviving-supply-chain-attacks/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/the-npm-worm-in-your-homelab-surviving-supply-chain-attacks/</guid><description>How JavaScript supply-chain attacks actually work — from event-stream to the 2025 self-replicating npm worm — and the handful of habits that keep your homelab from becoming a casualty.</description><pubDate>Mon, 15 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Automation &amp; SOAR: Closing the Loop</title><link>https://kevalchhatbar.fyi/writing/automation-soar-closing-the-loop/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/automation-soar-closing-the-loop/</guid><description>The boring 80% of response is automatable. SOAR concepts, playbooks, and enrichment-and-triage automation at home with Shuffle, n8n, and TheHive — with guardrails.</description><pubDate>Sat, 13 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Detection Engineering: Detections as Code</title><link>https://kevalchhatbar.fyi/writing/detection-engineering-detections-as-code/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/detection-engineering-detections-as-code/</guid><description>Treat detections like software — version-controlled, tested, and tuned. Sigma rules, the detection lifecycle, the ADS framework, and validating with Atomic Red Team.</description><pubDate>Sat, 06 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Threat Intelligence That Isn&apos;t Just a Feed</title><link>https://kevalchhatbar.fyi/writing/threat-intelligence-that-isnt-just-a-feed/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/threat-intelligence-that-isnt-just-a-feed/</guid><description>Intelligence is a process, not a list of bad IPs. The intel lifecycle, strategic/operational/tactical levels, IOCs vs TTPs, and running MISP or OpenCTI at home.</description><pubDate>Sat, 30 May 2026 00:00:00 GMT</pubDate></item><item><title>Threat Hunting: Hypotheses, Not Alerts</title><link>https://kevalchhatbar.fyi/writing/threat-hunting-hypotheses-not-alerts/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/threat-hunting-hypotheses-not-alerts/</guid><description>Hunting is what you do when nothing alerted. The PEAK loop, the Pyramid of Pain, and using MITRE ATT&amp;CK to turn a hunch into a repeatable hunt.</description><pubDate>Sat, 23 May 2026 00:00:00 GMT</pubDate></item><item><title>Building a Home SOC: The Architecture</title><link>https://kevalchhatbar.fyi/writing/building-a-home-soc-the-architecture/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/building-a-home-soc-the-architecture/</guid><description>The data pipeline behind every SOC — log sources, collection, normalization, a SIEM, detections, and alerting — and how to stand up a real one on a single homelab box.</description><pubDate>Sat, 16 May 2026 00:00:00 GMT</pubDate></item><item><title>Why Run a SOC at Home</title><link>https://kevalchhatbar.fyi/writing/why-run-a-soc-at-home/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/why-run-a-soc-at-home/</guid><description>What a security operations practice actually is, why you&apos;d build one in a homelab, and the five disciplines this series walks through.</description><pubDate>Sat, 09 May 2026 00:00:00 GMT</pubDate></item><item><title>Starter Projects Worth Your First Weekend</title><link>https://kevalchhatbar.fyi/writing/starter-projects-worth-your-first-weekend/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/starter-projects-worth-your-first-weekend/</guid><description>Five AI-homelab projects graded from easy to ambitious — what each one teaches you and why it&apos;s a good rung to climb.</description><pubDate>Sat, 02 May 2026 00:00:00 GMT</pubDate></item><item><title>Securing the Box: SSH &amp; the Physical-Access Truth</title><link>https://kevalchhatbar.fyi/writing/securing-the-box-ssh-the-physical-access-truth/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/securing-the-box-ssh-the-physical-access-truth/</guid><description>Harden SSH the right way — then understand why physical access is the security boundary that actually matters for a homelab.</description><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Getting the VM Ready</title><link>https://kevalchhatbar.fyi/writing/getting-the-vm-ready/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/getting-the-vm-ready/</guid><description>Where your homelab actually lives: choosing a hypervisor, provisioning a base Linux VM, sizing it, snapshots, and first-boot setup.</description><pubDate>Sat, 18 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Choosing Your Stack: Subscriptions, APIs &amp; Local Models</title><link>https://kevalchhatbar.fyi/writing/choosing-your-stack-subscriptions-apis-local-models/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/choosing-your-stack-subscriptions-apis-local-models/</guid><description>The three ways to get AI into your homelab, honest trade-offs, the model landscape, and what I&apos;d pick at each budget.</description><pubDate>Sat, 11 Apr 2026 00:00:00 GMT</pubDate></item><item><title>AI Foundations Without the Hype</title><link>https://kevalchhatbar.fyi/writing/ai-foundations-without-the-hype/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/ai-foundations-without-the-hype/</guid><description>Models, tokens, context windows, and agents — the vocabulary that actually matters, in plain English.</description><pubDate>Sat, 04 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Start Here: What an AI Homelab Is (and Why Bother)</title><link>https://kevalchhatbar.fyi/writing/start-here/</link><guid isPermaLink="true">https://kevalchhatbar.fyi/writing/start-here/</guid><description>What an AI homelab actually is, what you&apos;ll get out of one, and the realistic baseline you need to begin.</description><pubDate>Sat, 28 Mar 2026 00:00:00 GMT</pubDate></item></channel></rss>