Blog
The DOGESEC blog
-
Bad Software Keeps Security Vendors in Business
RESEARCH October 28, 2024
Despite countless frameworks, best practices, blog posts... so many developers still hardcode credentials into their code. -
We Built a MITRE ATT&CK API
PRODUCTS October 21, 2024
Here's an easy way to search and filter data in various CTI frameworks including; MITRE ATT&CK, MITRE CWE, MITRE CAPEC, MITRE ATLAS, DISARM, and more! -
When the Wayback Machine Went Down, so did our Software
PRODUCTS October 14, 2024
A short lesson in why building a product with a single point of failure is bad (duh!), and our hunt for a Wayback Machine alternative. -
17,375 CVEs in the NVD Backlog, and Counting
RESEARCH October 07, 2024
The NVD are still struggling to keep up with the backlog of CVEs to be analysed. With 26,876 added since February, it is no surprise. -
Analysing 25 Years of CVEs
RESEARCH September 30, 2024
The CVE List was launched in September 1999, listing 321 CVE records. 25 years later there are 265,767 CVE records. -
Extending MITRE ATT&CK
TUTORIAL September 23, 2024
Create new ATT&CK objects. Update existing objects. Matrices, techniques, tactics, mitigations, groups, and software can all be created and edited. -
A Deeper Look at a TAXII Client
PRODUCTS September 16, 2024
We built an open-source TAXII server, Arango TAXII Server. Here are some examples of how you can consume data from it using a TAXII Client. -
Linking Knowledge Bases to Create a Cyber Threat Intelligence Graph
PRODUCTS September 09, 2024
Joining the data held in disparate knowledge bases, including linking MITRE ATT&CK to CVEs, creates a much richer context for intelligence. Let me show you the logic of an open-source tool we built to do just that. -
Using STIX Objects to Make Vulnerability Prioritisation Easy (and Free)
TUTORIAL September 02, 2024
Follow along as I show you how to store 200,000 CVEs as STIX objects, then use CVSS, EPSS, CISA KEV and CPE data to search and filter them. -
A Producers Guide to Sharing Cyber Threat Intelligence
PRODUCTS August 26, 2024
txt2stix + stix2arango + arango_taxii_server = a robust and flexible setup for storing and distributing cyber threat intelligence you've produced.
1 of 3
Older posts →