Search | RSS Feed | Subscribe

• 

  Using Known ATT&CK Techniques to Predict What Came Before and What Happens Next

  research February 16, 2026

  Known ATT&CK techniques are not just for labeling incidents. This post shows how to use them as anchors to infer likely predecessor and successor behavior in a realistic adversary sequence, and how MITRE TIE can support that workflow.
• 

  Detection Isn’t Defence: Linking ATT&CK to D3FEND

  research February 09, 2026

  D3FEND becomes far more useful when it is not isolated. This post shows how D3FEND links to ATT&CK and CWE through artefacts, so you can traverse from offensive technique or weakness to concrete defensive mitigations.
• 

  Stop Reinventing STIX Objects: A Practical Way to Build and Share Extensions

  tutorial January 19, 2026

  Learn how to avoid ad-hoc custom objects by generating schemas and Extension Definitions automatically with stix2extensions, keeping STIX extensions interoperable by default.
• 

  We Made D3FEND Work in STIX

  announcement December 15, 2025

  D3FEND was not built for STIX, but most CTI tooling depends on it. This post walks through how we model D3FEND as STIX 2.1 so defensive knowledge can finally behave like first-class CTI data.
• 

  OpenCTI Is Not a STIX Database

  opinion December 01, 2025

  Why STIX 2.1 bundles don’t ingest the way you expect, and what we learned building production OpenCTI pipelines.
• 

  D3FEND for People Who Already Know ATT&CK

  tutorial November 17, 2025

  An ATT&CK-native introduction to MITRE D3FEND: how defensive tactics, techniques, artefacts, and relationships mirror attacker behavior and complete the picture.
• 

  Modelling NOVA Rules as Structured CTI

  tutorial October 31, 2025

  This proof of concept shows how adversarial prompts from PromptIntel can be transformed into structured STIX intelligence by treating prompts as observables and NOVA rules as behavioural Indicator logic.
• 

  Using the ATT&CK Navigator with non-ATT&CK frameworks

  tutorial October 20, 2025

  The ATT&CK Navigator isn’t limited to ATT&CK. In this post, we break down the STIX properties the Navigator actually uses and show how to build a custom MITRE ATLAS matrix that renders cleanly inside it.
• 

  When Prompts Become Indicators: Modelling Prompt Compromise in STIX

  research September 22, 2025

  A practical approach to representing Indicators of Prompt Compromise (IoPC) in STIX, introducing prompts as first-class observables, separating intent through Indicators, and linking activity to MITRE ATLAS techniques for intelligence sharing and detection.
• 

  Graphing Credit Card Data Leaks Using STIX 2.1 Objects

  case-study August 18, 2025

  Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.).