Search | RSS Feed | Subscribe

• 

  Detection Isn’t Defence: Linking ATT&CK to D3FEND

  analyst February 09, 2026

  D3FEND becomes far more useful when it is not isolated. This post shows how D3FEND links to ATT&CK and CWE through artefacts, so you can traverse from offensive technique or weakness to concrete defensive mitigations.
• 

  Stop Reinventing STIX Objects: A Practical Way to Build and Share Extensions

  developers tutorial January 19, 2026

  Learn how to avoid ad-hoc custom objects by generating schemas and Extension Definitions automatically with stix2extensions, keeping STIX extensions interoperable by default.
• 

  We Made D3FEND Work in STIX

  developers tutorial December 15, 2025

  D3FEND was not built for STIX, but most CTI tooling depends on it. This post walks through how we model D3FEND as STIX 2.1 so defensive knowledge can finally behave like first-class CTI data.
• 

  OpenCTI Is Not a STIX Database

  developers December 01, 2025

  Why STIX 2.1 bundles don’t ingest the way you expect, and what we learned building production OpenCTI pipelines.
• 

  D3FEND for People Who Already Know ATT&CK

  analyst November 17, 2025

  An ATT&CK-native introduction to MITRE D3FEND: how defensive tactics, techniques, artefacts, and relationships mirror attacker behavior and complete the picture.
• 

  Modelling NOVA Rules as Structured CTI

  developers tutorial analyst October 31, 2025

  This proof of concept shows how adversarial prompts from PromptIntel can be transformed into structured STIX intelligence by treating prompts as observables and NOVA rules as behavioural Indicator logic.
• 

  Using the ATT&CK Navigator with non-ATT&CK frameworks

  analyst October 20, 2025

  The ATT&CK Navigator isn’t limited to ATT&CK. In this post, we break down the STIX properties the Navigator actually uses and show how to build a custom MITRE ATLAS matrix that renders cleanly inside it.
• 

  When Prompts Become Indicators: Modelling Prompt Compromise in STIX

  analyst September 22, 2025

  A practical approach to representing Indicators of Prompt Compromise (IoPC) in STIX, introducing prompts as first-class observables, separating intent through Indicators, and linking activity to MITRE ATLAS techniques for intelligence sharing and detection.
• 

  Graphing Credit Card Data Leaks Using STIX 2.1 Objects

  analyst August 18, 2025

  Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.).
• 

  Graphing the Ransomware Payment Ecosystem using STIX Objects

  analyst July 14, 2025

  I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.