A practitioner’s tutorial for investigating a suspicious URL safely — fingerprinting the kit, attributing it to a campaign, and reporting it to takedown services. Real tools, step-by-step, no enterprise budget required.
A 2026 tutorial for following ransomware and fraud proceeds across the blockchain using free tools — Chainabuse for tagged wallets, OXT for BTC clusters, Walletexplorer for entity heuristics, and Etherscan for ETH/USDT.
A step-by-step tutorial for building a free malware analysis sandbox at home — Windows reverse-engineering with FlareVM, Linux analysis with REMnux, and automated detonation with Cuckoo.
A practitioner’s tutorial for verifying — or refuting — a claimed ransom payment on the Bitcoin blockchain using free tools. Useful for journalists, IR teams, and victims dealing with secondary-extortion claims.
A practitioner’s tutorial for assembling a working threat-actor profile from public sources — MITRE ATT&CK for TTPs, Mandiant and CrowdStrike for attribution context, Malpedia for malware lineage, plus a clean note-taking template.
A 2026 tutorial for tracking individual ransomware affiliates across operator rebrands using VirusTotal Intelligence, abuse.ch’s MalwareBazaar, and YARA rules. Code reuse, builder fingerprints, and TTP continuity reveal the same crews under new names.
A practitioner’s tutorial for checking whether your email, your domain, or your employees show up in fresh infostealer logs — using Hudson Rock’s free tools, IntelX, Have I Been Pwned, and a couple of paid options worth the spend.
A 2026 tutorial on building a layered defence against infostealers — endpoint EDR settings that catch stealer behaviour, browser hardening that protects cookie stores, and the user-side training that closes the actual gap.
Stolen credentials are only half the package. The other half is the browser fingerprint that lets an attacker impersonate the victim’s session believably. A 2026 look at how fingerprint markets work.
A practitioner’s look inside the “cloud of logs” subscription model — what attackers pay, what they get, and the operational mechanics that turn raw infostealer output into a productised threat.