The Collicutt Software Company

Software products, developer tools, and applied security engineering

Catalogue News YouTube Newsletter Contact

News

Product release notes, updates, links, and code.

Latest

Stegwav detector released

Stegwav is out. It's a Go CLI for checking WAV files that look like audio but may be carrying something else. The first public build checks the WAV structure, looks for sample data that doesn't behave like audio, extracts TeamPCP-style XOR/base64 payloads, and flags likely LSB steganography. It's still a signal, not a final verdict, but it gives you something useful to run against odd audio files.

Stegwav on GitHub

Scan a WAV file bash

stegwav scan suspicious.wav --json

2026-04-29 stegwav release-notes security audio

Filter by tag

More news

Stegwav Generator for controlled samples

Stegwav Generator is now available privately for approved testing work. The public CLI stays focused on detection. The generator's for making known WAV fixtures, recording the expected findings, and testing pipelines without waiting for strange samples to show up elsewhere.

Ask about Stegwav Generator

2026-04-22 stegwav release-notes security testing

NegaLog Watch goes continuous

NegaLog Watch moves NegaLog from batch checks into a running service. It tails logs, keeps state in SQLite, handles rotation, and deduplicates alerts so the same missing event does not page you over and over. Same rules, less batch-job thinking.

Get NegaLog Watch

2026-03-18 negalog release-notes monitoring logs

NegaLog missing-event checks

NegaLog got better at missing sequences and scheduled jobs. The uncomfortable case is still the useful one: nothing failed, but something that should have appeared in the logs never did. This pass tightened checks for starts without finishes, quiet heartbeats, and triggers with no follow-up event.

NegaLog on GitHub

Run a missing-log check bash

negalog check --config negalog.yml --logs ./logs

2026-02-12 negalog release-notes monitoring devops

Vary puts mutation testing up front

The Vary page now puts mutation testing where it belongs: right up front. Coverage can tell you what ran. Vary asks the more annoying question: would the tests notice if the code changed underneath them?

Vary

Run mutation testing bash

vary mutate

2026-01-16 vary release-notes testing jvm

raillock added to the catalogue

raillock is in the catalogue now. It's a small security tool for checksumming MCP tools and watching for changes that an agent workflow shouldn't silently accept. Boring guardrails, which is usually the right kind.

raillock on GitHub

2025-12-09 raillock release-notes security mcp

spellerweb added to the catalogue

spellerweb is in the software catalogue. It's intentionally small: point it at a site, catch embarrassing typos, move on.

spellerweb on GitHub

2025-11-14 spellerweb release-notes cli web