Developing on last weeks post, I show you how to construct STIX Patterns to automatically flag which products are affected by published CVEs.

I wanted to write detection rules to identify what products are vulnerable to a CVE. In this post I walk you through my research.

Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.).

I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.

Take the list of recognised countries and regions. Create STIX objects for them. Make them available to everyone so that the CTI world has a single way of representing them.

Software, Data Sources, Data Components, Campaigns, and more, make MITRE ATT&CK even more powerful than you might first realise. In this post I uncover the parts of ATT&CK you might not be aware of.

The STIX 2.1 Indicator SDO specification is flexible enough to allow for a range of detection languages. In this post I will show you how to use the STIX pattern language to write detections using cyber threat intelligence data.

Sometimes the default STIX 2.1 objects will not be broad enough for your needs. This post describes how you can extend the STIX specification when required.

A short post with code examples that show how to use TLPv2 with STIX 2.1.

A post full of code examples that will give you everything you need to start creating STIX objects to make it simple to share your threat research.