Trends
Chokepoints stay stable; the techniques around them shift. Track what's actually prevalent - payloads, evasion, infrastructure.
Analyses
10 months of MHaggis ClickGrab crawl data mapped through the Detection Chokepoint Framework. Tracks cradle family evolution (IWR→Curl pivot), evasion technique acceleration (Base64 18×), self-delete emergence, and CDN staging infrastructure across 20K+ malicious sites.
Defused Cyber honeypot telemetry across 25 edge device decoy types mapped through the Detection Chokepoint Framework. Tracks CitrixBleed 2 toolkit proliferation (54% of traffic), the CVE-2022-22536 SAP burst, CVE-2026-20127 (Cisco SD-WAN) full kill chain, and self-replicating worm campaigns.
Validated de-intel-pipeline hunts plus aggregate IOC pipeline data. Tracks favicon-pivot discovery, JS-gated EXE delivery (MROScanner OU cert), ClickFix install modals targeting AI developer tools, and post-launch domain squatting against Codex CLI and LM Studio.
Have data worth analyzing? Trends analyses are sourced from crawled infrastructure, public incident reports, and open datasets. If you have a dataset that maps well to detection chokepoints, see CONTRIBUTING.md or open an issue to discuss.