Blog

The dogesec blog

• 

  How do Public AI Models Perform at Extracting TTPs from Intelligence Reports?

  PRODUCTS November 18, 2024

  I pitch OpenAI, Anthropic and Google against each other to see which one best understands MITRE ATT&CK
• 

  Turn any Blog Post into Structured Threat Intelligence

  PRODUCTS November 11, 2024

  Obstracts is the blog feed reader used by the worlds most targetted cyber-security teams. Let me show you why.
• 

  We Built a MITRE ATT&CK API

  PRODUCTS October 21, 2024

  Here is an easy way to search and filter data in various CTI frameworks including; MITRE ATT&CK, MITRE CWE, MITRE CAPEC, MITRE ATLAS, DISARM, and more!
• 

  When the Wayback Machine Went Down, so did our Software

  PRODUCTS October 14, 2024

  A short lesson in why building a product with a single point of failure is bad (duh!), and our hunt for a Wayback Machine alternative.
• 

  A Deeper Look at a TAXII Client

  PRODUCTS September 16, 2024

  We built an open-source TAXII server, Arango TAXII Server. Here are some examples of how you can consume data from it using a TAXII Client.
• 

  A Producers Guide to Sharing Cyber Threat Intelligence

  PRODUCTS August 26, 2024

  txt2stix + stix2arango + arango_taxii_server = a robust and flexible setup for storing and distributing cyber threat intelligence you've produced.
• 

  A MITRE ATT&CK Style Knowledge Base for Ransomware

  PRODUCTS August 19, 2024

  After becoming ever-more frustrated by intelligence producers naming the same ransomware slightly differently, and with ATT&CK missing lots of ransomware types, I finally got around to trying to solve the problem.
• 

  Graphing Credit Card Data Leaks Using STIX 2.1 Objects

  PRODUCTS July 29, 2024

  Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.).
• 

  Graphing the Ransomware Payment Ecosystem using STIX Objects

  PRODUCTS July 21, 2024

  I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.
• 

  The Problems with Modelling Countries as STIX Objects (and How to Fix Them)

  PRODUCTS July 14, 2024

  Take the list of recognised countries and regions. Create STIX objects for them. Make them available to everyone so that the CTI world has a single way of representing them.
• 

  Full Text, Full Archive RSS Feeds for any Blog

  PRODUCTS June 03, 2024

  RSS and ATOM feeds are problematic (for our use-cases) for two reasons; 1) lack of history, 2) contain limited post content. We built some open-source software to fix that.