Conjecture on Resource Utilization

February 11, 2019 - In this essay, I describe my conjecture on how humans tend to use resources with a particular focus on how this relates to software.

Analysis of Obfuscated PHP Malware

January 29, 2019 - A partial analysis of some obfuscated PHP.

Profiling And Detecting All Things SSL With JA3

January 2, 2019 - An introduction to a library for fingerprinting SSL clients.

OneMillion API

November 23, 2018 - API to check if a domain is in a list of the one million most visited domains.

Playbook Friday Blogs

October 24, 2018 - Some of my playbooks were featured in ThreatConnect's playbook Friday blogs.

ThreatConnect Open-Source Resources Site

August 16, 2018 - A site listing ThreatConnect's open-source resources.

ThreatConnect DoubleCheck

August 6, 2018 - Library for testing and validating the contents and structure of data in ThreatConnect.

Indicator of Compromise Utility Library

July 30, 2018 - Helpful functions for working with indicators of compromise.

Angular2+ Indicator of Compromise Parser

June 1, 2018 - Angular2+ service for parsing indicators of compromise from text.

Indicator of Compromise Finder

February 5, 2018 - Python package to find Indicators-of-Compromise in text.


November 5, 2017 - Algorithm and classification system to identify and monitor Unicode domain squats which may used to target an organization.

Indicator of Compromise Fanging/Defanging Library

October 5, 2017 - Standardizing the way indicators are fanged and defanged.

Robtex Python SDK

September 19, 2017 - Python wrapper for the Robtex API.


April 5, 2017 - Check if a domain is in the Alexa or Cisco one million domain lists.

Magento Malware Investigation

December 11, 2016 - Investigation of a magento malware compromise.