What Will OSINT/PAI and Collection at Scale Look like for 2020?

By Daniel Clemens / January 11, 2020

2020 will be eventful and likely one of the most historical years containing change, balancing the tension between change, conflict, and hopefully peace in a long time. When reflecting on…

IMG 5858

Iran Hype – Past and Present Recollections and Historical Lore on Iranian Al-Qassam Cyber Fighters Assault on US Banks in 2012/2013

By Daniel Clemens / January 6, 2020

On September 11th, 2012, US embassies had been hit with attacks known as the “Benghazi Attacks.” In online correlation, attacks that had been referenced as “Operation Ababil” had begun as…

1 1

Timeline Analysis | Epstein Death Reported on 4Chan Before Announced

By Daniel Clemens / August 10, 2019

In my last entitled Illuminating Context with Timeline Analysis, I gave a rough sketch of the basics. In this post I will share a few specifics. The primary point to…

Lego Bricks Colorful

OSINT Challenges & Opportunities, Methodology on starting your Hunt.

By Daniel Clemens / April 3, 2019

Every investigation is different, but what never changes is how you have to treat an investigation much like the challenge of building something with a bucket of Legos. With each…

ictf asset 9 3x test

DEF CON 26 Intel CTF Results! Congratulations to the DEF CON iCTF Winners

By Daniel Clemens / September 11, 2018

DEF CON 26, Intel CTF (iCTF) had more participants than any other capture the flag challenge. With over 100 teams showing up, a select few escalated to the top of…


Investigator Methodology | Strategic & Tactical Vs. a Hopeful Change

By Daniel Clemens / August 31, 2018

If the world has a plethora of investigators and the success of prosecutors is hovering around 90% success rate  — why do we struggle with an increase in more complex…

Link Analysis ChartsGuidance

Link Analysis Presentation No Nos and How Long Should I Deep Dive?

By Daniel Clemens / August 3, 2018

In “Understanding Link Analysis and Using it Investigations,” I detailed how to get started and some fundamentals on link analysis. What I didn’t cover was how long you should be involved…


Understanding Link Analysis and Using it in Investigations

By Daniel Clemens / June 21, 2018

I started using link analysis for investigations somewhere around 2009/2010 when we were developing the first version of SocialNet.  A longtime friend, Roelof from Paterva, shared his vision for a…

shadowdragon share

Patchwork APT Group – Additional IOCs & Network Indicators

By Daniel Clemens / June 8, 2018

Yesterday, Matthew Meltzer, Sean Koessel, and Steven Adair @ Volexity released an excellent write-up on the Indian APT group known as Dropping Elephant.   The Volexity article detailed attacks against US think…

shadowdragon share

Alabama Cyber Now: Disrupting Human Trafficking Using Digital Forensics & Social Media Forensics

By Daniel Clemens / May 7, 2018

When most security pros think of threat intelligence, they think of cyber crime – tracking down hackers and cyber criminals aiming to compromise networks to exploit credit card information, corporate…


Before Threat Intelligence: How We Forged Tailored Monitoring and Alerting… Anonymous Investigations Inspired Innovation

By Daniel Clemens / September 26, 2017

It was the end of 2010. The Packet Ninjas’ team (the predecessor of ShadowDragon) had been making mad dashes on application assessments and penetration tests while deployed to a nowhere town. The discussion was as lively…

Scroll to Top