Trends

Chokepoints stay stable; the techniques around them shift. Track what's actually prevalent - payloads, evasion, infrastructure.

Payload Prevalence
Which command lines, scripts, and file types are most common vs. rare across real-world campaigns
Technique Shifts
When adversaries pivot. New evasion methods emerging, old ones dying as defenders catch up.
Malicious Infrastructure
Staging domains, CDN abuse, C2 hosting patterns, and reused infrastructure clusters
Time-Series Intel
Monthly aggregations showing acceleration, plateau, or decline, not just point-in-time snapshots

Analyses

Have data worth analyzing? Trends analyses are sourced from crawled infrastructure, public incident reports, and open datasets. If you have a dataset that maps well to detection chokepoints, see CONTRIBUTING.md or open an issue to discuss.