the dogesec blog
Much post. So knowledge. Many intel. Very subscribe. Wow.
-
Using Known ATT&CK Techniques to Predict What Came Before and What Happens Next
research February 16, 2026
Known ATT&CK techniques are not just for labeling incidents. This post shows how to use them as anchors to infer likely predecessor and successor behavior in a realistic adversary sequence, and how MITRE TIE can support that workflow. -
Detection Isn’t Defence: Linking ATT&CK to D3FEND
research February 09, 2026
D3FEND becomes far more useful when it is not isolated. This post shows how D3FEND links to ATT&CK and CWE through artefacts, so you can traverse from offensive technique or weakness to concrete defensive mitigations. -
When Prompts Become Indicators: Modelling Prompt Compromise in STIX
research September 22, 2025
A practical approach to representing Indicators of Prompt Compromise (IoPC) in STIX, introducing prompts as first-class observables, separating intent through Indicators, and linking activity to MITRE ATLAS techniques for intelligence sharing and detection. -
Using Attack Flow to Model the Procedure Layer Missing in ATT&CK
research April 28, 2025
Tactics and techniques are not enough on their own. Learn why procedures are the missing operational layer in ATT&CK, and how to model procedure-level attack paths in STIX with Attack Flow. -
Using Sigma Rules in Attack Flows for Detection Coverage and SOC Triage
research April 14, 2025
This post shows a simple way to link Sigma detections to Attack Flow steps so analysts can see what fired, where they are in an attack path, and what coverage is missing. -
How Known Affected Software Configorations on the CVE Website are Constructed
research August 12, 2024
I wanted to write detection rules to identify what products are vulnerable to a CVE. In this post I walk you through my research. -
Fortifying AI: How MITRE ATLAS Shields Artificial Intelligence from Adversarial Threats
research June 17, 2024
Discover how MITRE ATLAS is helping to defend AI systems as I share a detailed explanation of how the knowledge-base is architected.