All Posts

Free Threat Intel for Canada: 37 IOCs for Eh-Holes Targeting the True North

Free Threat Intel for Charities: 37 IOCs for Non-Profits Under Siege

Free Threat Intel for Schools: 34 IOCs for K-12 and Universities Under Siege

Free Threat Intel for Financial Services: 80+ IOCs Covering SOX, Chinese Walls, and Ransomware

Free Threat Intel for Minnesota Healthcare: 60 IOCs You Can Block Today

Hunting Supply Chain Attacks While Getting Supply Chain Attacked

The Magic Quadrant for People Who Can't Afford Magic

Ten Days of Threat Hunting: Nov 19-29, 2025

Hitting Miscreants with a New Stick: MITRE Inference Engine 2.0

From 1 to 5: How We Mapped a Post-Operation Endgame C2 Infrastructure

Pattern 43: The Password is in the Filename

For the uninitiated: In Frank Herbert's Dune universe, a Mentat is a human trained to perform computer-like analysis after thinking machines were banned. They c

*An open letter to the team that suspends accounts but doesn't return calls*

*How recursive network analysis exposed a coordinated follow-farm connected to supply chain attacks*

We caught an information stealer campaign distributing malware through GitHub issue comments. This post documents the complete technical analysis: the malware f

Here's a scenario that's becoming disturbingly common:

While investigating GitHub supply chain threats (Pattern 38), we discovered something peculiar: accounts creating hundreds of repositories with **mechanical pre

Rhyme of the Anusfragger: When Supply Chain Defense Meets 80's Metal

We Found Their Server: Pattern #38 C2 Infrastructure Exposed

Pattern #38 supply chain attacks on GitHub use **two distinct account types**, not one: