From 1 to 5: How We Mapped a Post-Operation Endgame C2 Infrastructure

Pattern 43: The Password is in the Filename

For the uninitiated: In Frank Herbert's Dune universe, a Mentat is a human trained to perform computer-like analysis after thinking machines were banned. They c

*An open letter to the team that suspends accounts but doesn't return calls*

*How recursive network analysis exposed a coordinated follow-farm connected to supply chain attacks*

We caught an information stealer campaign distributing malware through GitHub issue comments. This post documents the complete technical analysis: the malware f

Here's a scenario that's becoming disturbingly common:

While investigating GitHub supply chain threats (Pattern 38), we discovered something peculiar: accounts creating hundreds of repositories with **mechanical pre

Rhyme of the Anusfragger: When Supply Chain Defense Meets 80's Metal

We Found Their Server: Pattern #38 C2 Infrastructure Exposed

Pattern #38 supply chain attacks on GitHub use **two distinct account types**, not one:

Thank You, ANUSFRAGGER: How Attacking My Partner Saved Microsoft

Hall of Shame: FireSuper - GitHub Supply Chain Sleeper Account

They Picked the Wrong Day: Supply Chain Attack on Active Threat Intel Researcher

UNC6395: I Told You So (The Breach That Won't Stop Breaching)

When Attackers Have Better OpSec Than You (The Death of HTTP)

When Dropping Your Shields Reveals Attack Infrastructure (The SSL/TLS Honeypot Strategy)

We Don't Discover Threats. We Prove We Can Reproduce What Enterprise Systems Detect. (And That's Better.)

I Tracked Who's Consuming Our Free Threat Intel Feed. The Results Got Creepy.

When Microsoft, Google, and Cloudflare Download Your Threat Intel (And You're Just a Guy in Minnesota)