the dogesec blog
much post. so knowledge. many intel. very subscribe. wow.
-
We Made D3FEND Work in STIX
developers tutorial December 15, 2025
D3FEND was not built for STIX, but most CTI tooling depends on it. This post walks through how we model D3FEND as STIX 2.1 so defensive knowledge can finally behave like first-class CTI data. -
D3FEND for People Who Already Know ATT&CK
analyst November 17, 2025
An ATT&CK-native introduction to MITRE D3FEND: how defensive tactics, techniques, artefacts, and relationships mirror attacker behavior and complete the picture. -
Using the ATT&CK Navigator with non-ATT&CK frameworks
analyst October 20, 2025
The ATT&CK Navigator isn’t limited to ATT&CK. In this post, we break down the STIX properties the Navigator actually uses and show how to build a custom MITRE ATLAS matrix that renders cleanly inside it. -
When Prompts Become Indicators: Modelling Prompt Compromise in STIX
analyst September 22, 2025
A practical approach to representing Indicators of Prompt Compromise (IoPC) in STIX, introducing prompts as first-class observables, separating intent through Indicators, and linking activity to MITRE ATLAS techniques for intelligence sharing and detection. -
Graphing Credit Card Data Leaks Using STIX 2.1 Objects
analyst August 18, 2025
Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.). -
Graphing the Ransomware Payment Ecosystem using STIX Objects
analyst July 14, 2025
I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it. -
Turn any Blog Post into Structured Threat Intelligence
products analyst June 16, 2025
Obstracts is the blog feed reader used by the worlds most targetted cyber-security teams. Let me show you why. -
Full Text, Full Archive RSS Feeds for any Blog
RSS and ATOM feeds are problematic (for our use-cases) for two reasons; 1) lack of history, 2) contain limited post content. We built some open-source software to fix that. -
Using Sigma Rules inside Attack Flows as a Structured Way to Describe an Incident
tutorial developers analyst April 14, 2025
Many attacks are described using free text. This happens, then this, then this. Whereas detection rules provide a structured way to represent these descriptions with actionable content. Attack Flows are the perfect vehicle to combine the two approaches. -
Beyond the ATT&CK Matrix: How to Build Dynamic Attack Flows with STIX
tutorial developers analyst March 17, 2025
MITRE ATT&CK techniques are useful, but they don’t capture the sequence of an attack. Enter Attack Flows.
1 of 4
Older posts →