the dogesec blog

much post. so knowledge. many intel. very subscribe. wow.

• 

  Using the ATT&CK Navigator with non-ATT&CK frameworks

  analyst January 19, 2026

  The ATT&CK Navigator isn’t limited to ATT&CK. In this post, we break down the STIX properties the Navigator actually uses and show how to build a custom D3FEND matrix that renders cleanly inside it.
• 

  D3FEND for People Who Already Know ATT&CK

  analyst November 17, 2025

  An ATT&CK-native introduction to MITRE D3FEND: how defensive tactics, techniques, artefacts, and relationships mirror attacker behavior and complete the picture.
• 

  When Prompts Become Indicators: Modelling Prompt Compromise in STIX

  analyst September 22, 2025

  A practical approach to representing Indicators of Prompt Compromise (IoPC) in STIX, introducing prompts as first-class observables, separating intent through Indicators, and linking activity to MITRE ATLAS techniques for intelligence sharing and detection.
• 

  Graphing Credit Card Data Leaks Using STIX 2.1 Objects

  analyst August 18, 2025

  Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.).
• 

  Graphing the Ransomware Payment Ecosystem using STIX Objects

  analyst July 14, 2025

  I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.
• 

  Turn any Blog Post into Structured Threat Intelligence

  products analyst June 16, 2025

  Obstracts is the blog feed reader used by the worlds most targetted cyber-security teams. Let me show you why.
• 

  Full Text, Full Archive RSS Feeds for any Blog

  products analyst May 12, 2025

  RSS and ATOM feeds are problematic (for our use-cases) for two reasons; 1) lack of history, 2) contain limited post content. We built some open-source software to fix that.
• 

  Using Sigma Rules inside Attack Flows as a Structured Way to Describe an Incident

  tutorial developers analyst April 14, 2025

  Many attacks are described using free text. This happens, then this, then this. Whereas detection rules provide a structured way to represent these descriptions with actionable content. Attack Flows are the perfect vehicle to combine the two approaches.
• 

  Beyond the ATT&CK Matrix: How to Build Dynamic Attack Flows with STIX

  tutorial developers analyst March 17, 2025

  MITRE ATT&CK techniques are useful, but they don’t capture the sequence of an attack. Enter Attack Flows.
• 

  Getting Started with the MITRE ATT&CK Navigator

  analyst tutorial January 15, 2024

  The MITRE ATT&CK Navigator is a very useful tool to explore the MITRE ATT&CK (and other similar frameworks). In this post I take a look what you can do with Navigator and how it works under the hood so that you can use it to model your own ATT&CK-like frameworks.