OneMillion API

API to check if a domain is in a list of the one million most visited domains.

Playbook Friday Blogs

Some of my playbooks were featured in ThreatConnect's playbook Friday blogs.

ThreatConnect DoubleCheck

Library for testing and validating the contents and structure of data in ThreatConnect.

Indicator of Compromise Utility Library

Helpful functions for working with indicators of compromise.

Angular2+ Indicator of Compromise Parser

Angular2+ service for parsing indicators of compromise from text.

Indicator of Compromise Finder

Python package to find Indicators-of-Compromise in text.


Algorithm and classification system to identify and monitor Unicode domain squats which may used to target an organization.


Check if a domain is in the Alexa or Cisco one million domain lists.