Home

DNS sinkholing does not erase abuse infrastructure but captures it at the moment of intervention, creating a stable boundary from which pre-takedown organization can be reconstructed using passive DNS alone.

This post reconstructs how sanctioned Bulletproof Hoster Media Land’s internal platform organised users, subscriptions, and address space, based on a leaked dataset. By linking lifecycle records to known Black Basta indicators, it highlights how customer segments and reseller-like entities provisioned infrastructure later used in ransomware acti...

Responsible vulnerability disclosure begins with character. Without honesty, restraint, and care, rules become bureaucracy and outcomes become opportunism. Virtue is what turns unsolicited hacking into civic service.

Turla’s Pelmeni Wrapper reveals how flawed cryptographic choices in malware design can create tracking opportunities. This post dissects how a weak and predictable pseudorandom generator exposed Kazuar’s payload and what this means for threat intelligence.

Even after patching, many edge devices remain compromised. This post explores how to ethically scan for backdoors left behind.

When one nation hoards weapons, others feel compelled to follow. The U.S. posture on zero-day retention risks global insecurity through a dynamic we've seen before.

Most vulnerabilities never make headlines; botched disclosures do. Trying to muzzle researchers doesn’t shrink risk, it spotlights it.

When I worked in a Computer Emergency Response Team (CERT), ransomware cases were part of the routine. A company would be hit, backups failed, and the question of ransom payment would come up. Every so often, the team would offer the option of a sanction checking service to verify whether payment was even legal. However, these sanction checks wo...