The Blog.
Long-form research.

Practitioner-written research, technical guides, and explainers for analysts, defenders, and learners. Every piece is hand-edited and updated as the threat landscape changes.

Articles

Updated this month

14k+

Monthly readers

Showing 1–9 of 69 articles 20 updated this month

Advanced 5.0k

Blog 17 min read

Port Scanning Techniques: Nmap, Zenmap, and Scanning Through Firewalls

Master every port scanning technique in Nmap: SYN, NULL, FIN, Xmas, Idle scans, firewall evasion, Zenmap, Masscan, and RustScan for red team recon.

Intermediate 3.0k

Blog 11 min read

Oracle Monthly Critical Security Patch Updates (CSPU) Guide: Runbook Changes and Verification Automation

Oracle's monthly critical security patch update (CSPU) starts May 28, 2026. Update your runbook and automate OPatch verification for critical Oracle patches.

Advanced 3.3k

Blog 14 min read

SHA-1 Algorithm Explained: How It Works, Step by Step

A step-by-step technical breakdown of the SHA-1 algorithm — padding, message schedule, 80-round compression, security status, and migration to SHA-256.

Intermediate 609

Blog 12 min read

VENOMOUS#HELPER RMM Detection: Stop SimpleHelp and ScreenConnect Backdoors

VENOMOUS#HELPER hit 80+ orgs via SimpleHelp and ScreenConnect backdoors. Detection checklist, KQL queries, PowerShell scan, and Group Policy RMM allowlist.

Intermediate 3.6k

Blog 10 min read

SCA Tool EOL Dependency CVE Blind Spot Detection: What Snyk and Dependabot Miss

SCA tools miss EOL dependencies with untracked CVEs. Close the SCA tool EOL dependency blind spot with pip-audit, osv-scanner, xeol, and HeroDevs EOLDS.

Advanced 3.0k

Blog 16 min read

UAT-8302 China APT Malware Analysis: Shared Implants, IOCs, and Detection Rules

UAT-8302 shares China APT custom malware across six clusters — IOCs, YARA rules, and MITRE ATT&CK mappings for NetDraft, SNOWRUST, and CloudSorcerer v3.

Advanced 3.6k

Blog 15 min read

PRC State-Sponsored Telecom Router Compromise Detection: CISA AA25-239a Breakdown

CISA AA25-239a: PRC actors compromise telecom backbone routers for persistence. Detection commands, MITRE TTPs, and eviction steps for ISPs.

Intermediate 4.1k

Blog 11 min read

North Korea Cryptocurrency Theft Tactics 2026: How DPRK Seized 76% of All Stolen Crypto

DPRK accounts for 76% of all crypto stolen in 2026 via two precision attacks on Drift and KelpDAO. Full TTP analysis, laundering chain breakdown, and defensive checklist.

Intermediate 3.5k

Blog 12 min read

Ruby Gem Supply Chain Attack Detection: CI Checklist for Sleeper Packages

The BufferZoneCorp campaign used sleeper Ruby gems and Go modules to steal credentials and tamper with GitHub Actions. Detection checklist and CI hardening guide.