Search | RSS Feed | Subscribe

• 

  Using the ATT&CK Navigator with non-ATT&CK frameworks

  tutorial October 20, 2025

  The ATT&CK Navigator isn’t limited to ATT&CK. In this post, we break down the STIX properties the Navigator actually uses and show how to build a custom MITRE ATLAS matrix that renders cleanly inside it.
• 

  When Prompts Become Indicators: Modelling Prompt Compromise in STIX

  research September 22, 2025

  A practical approach to representing Indicators of Prompt Compromise (IoPC) in STIX, introducing prompts as first-class observables, separating intent through Indicators, and linking activity to MITRE ATLAS techniques for intelligence sharing and detection.
• 

  Graphing Credit Card Data Leaks Using STIX 2.1 Objects

  case-study August 18, 2025

  Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.).
• 

  Graphing the Ransomware Payment Ecosystem using STIX Objects

  case-study July 14, 2025

  I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.
• 

  Turn any Blog Post into Structured Threat Intelligence

  tutorial June 16, 2025

  Obstracts is the blog feed reader used by the worlds most targetted cyber-security teams. Let me show you why.
• 

  Full Text, Full Archive RSS Feeds for any Blog

  product-update May 12, 2025

  RSS and ATOM feeds are problematic (for our use-cases) for two reasons; 1) lack of history, 2) contain limited post content. We built some open-source software to fix that.
• 

  Using Attack Flow to Model the Procedure Layer Missing in ATT&CK

  research April 28, 2025

  Tactics and techniques are not enough on their own. Learn why procedures are the missing operational layer in ATT&CK, and how to model procedure-level attack paths in STIX with Attack Flow.
• 

  Using Sigma Rules in Attack Flows for Detection Coverage and SOC Triage

  research April 14, 2025

  This post shows a simple way to link Sigma detections to Attack Flow steps so analysts can see what fired, where they are in an attack path, and what coverage is missing.
• 

  Beyond the ATT&CK Matrix: How to Build Dynamic Attack Flows with STIX

  tutorial March 17, 2025

  MITRE ATT&CK techniques are useful, but they don’t capture the sequence of an attack. Enter Attack Flows.
• 

  An Introduction pySigma: Converting Sigma Rules to Work with Your SIEM

  tutorial February 10, 2025

  Learn how to seamlessly convert Sigma Rules into queries for your SIEM. Follow along with real examples.