Resources

Insights from the Front Lines of Adversary Research

Blog posts, research, tools, and educational resources from our offensive security experts.

Featured

Featured Resources

The CISO's Guide to Continuous Threat Validation

Everything you need to know about moving from annual testing to continuous validation. Framework, metrics, and implementation guidance.

Detection Coverage Assessment Template

MITRE ATT&CK-aligned template for assessing your current detection coverage. Identify gaps before attackers find them.

Understanding Purple Rain

Our team explains the continuous validation approach, with real examples and client results.

Blog

Latest from the Blog

June 19, 2026

The Credential Nobody Deleted: How Icarus Raided Salesforce Through a Forgotten Klue Integration

A dormant service account nobody decommissioned let the Icarus extortion group push malicious code into Klue's integration layer, harvest OAuth tokens, and quietly drain Salesforce CRM data from downstream victims over a 24-hour window. Here is how the supply chain attack unfolded and what the forensic artifacts reveal.

threat intelligenceOSINTsupply chainSalesforceOAuthextortionIcarusincident response

June 8, 2026

From One Hash to a Russian MaaS Empire: Hunting MuddyWater's DenoDoor

A single VirusTotal hash led us to the full deobfuscation of MuddyWater's DenoDoor backdoor, 40 plus active C2 nodes across two bulletproof ASNs, a second live DenoDoor cluster delivering zero-detection AI-themed lures, and confirmation that Iranian state actors are renting infrastructure from a Russian criminal Malware-as-a-Service operation.

threat intelligenceOSINTMuddyWaterDenoDoorTAG-150MaaSIranmalware analysisC2incident response

May 13, 2026

The Full Account: TeamPCP's Mini Shai-Hulud Supply Chain Campaign, Waves 1 & 2

Complete forensic analysis of TeamPCP's supply chain attack: 2,650+ compromised GitHub repos, 16+ MB credential theft, and undetected Rust RAT deployment.

supply chainmalwarethreat intelligenceOSINTGitHubnpmPyPITeamPCPwormincident response

Open Source

Open Source & Community Tools

Sigma-to-KQL Converter

Our tool for converting Sigma rules to KQL for Microsoft Sentinel. Available on GitHub.

View on GitHub

Detection Rule Templates

Starter templates for common detection scenarios. MITRE ATT&CK aligned.

Threat Hunting Runbooks

Hypothesis-based hunting guidance and queries for common threat scenarios.

Need Guidance?

Looking for Specific Expertise?

Our team can discuss your specific challenges and point you to the most relevant resources and solutions.

Request a Discovery Call