About a month ago I started a new site for my professional pursuits. The first post is a little project I did to keep an eye on a frequent packet user who behaves suspiciously. Many other local sysops have blocked this particular user from connecting, but I did not want to block him without concrete evidence of bad behavior. I put on my tinfoil hat and tried to imagine some scenarios where this user’s activity would be considered malicious, debunked them, and finally created an alert in my logging system and sent the log to a little Python listener that updates the bottom of the post. The full post is here: Spies on the Ham Bands: Threat Hunting on an Amateur Radio Network.