the dogesec blog

much post. so knowledge. many intel. very subscribe. wow.

• 

  OpenCTI Is Not a STIX Database

  opinion December 01, 2025

  Why STIX 2.1 bundles don’t ingest the way you expect, and what we learned building production OpenCTI pipelines.
• 

  Bad Software Keeps Cyber Security Companies in Business

  opinion November 18, 2024

  Despite countless frameworks, best practices, blog posts... so many developers still hardcode credentials into their code.
• 

  PSA: MITRE ATTCK is More Than Tactics and Techniques

  opinion July 15, 2024

  Software, Data Sources, Data Components, Campaigns, and more, make MITRE ATT&CK even more powerful than you might first realise. In this post I uncover the parts of ATT&CK you might not be aware of.