PANOPTICONintelligence ← Portfolio

Research

Original adversary-tracking and methodology pieces. Every quantitative claim is sourced to the platform's own aggregated feed (verifiable at the linked detail pages) or to named third-party reporting. No anonymous claims.For aggregated third-party research, see /threatintel/signal (curated) or /threatintel/writeups (firehose).

Methodology
Active leak listings vs the HIBP catalog: two different breach surfaces, two different questions
MyThreatIntel indexes 5,592 active leak listings right now. Have I Been Pwned ships 250 verified breaches covering 4.6 billion accounts. The two aren't competing; they answer different IR questions, and the difference is the methodology lesson.
May 26, 2026·6 min read·Pranith Jain
Breach DisclosureHIBPMTI LeaksIR Methodology
Vendor analysis
Microsoft is 40% of the KEV backlog right now. The other top-five vendors carry another 23%.
22 CVEs were added to CISA's Known Exploited Vulnerabilities catalog in the last 30 days. 9 are Microsoft. That's 40% of the active-exploitation evidence the federal government has compiled, attributable to one vendor.
May 24, 2026·6 min read·Pranith Jain
CISA KEVPatch PrioritizationVendor RiskMicrosoft
Platform engineering
Building this platform: the engineering choices that made a single-Worker CTI/DFIR site feasible
A look at the architectural decisions behind the platform: why Cloudflare Workers, what the KV/D1 split actually does, how the 30 upstream feeds stay inside the subrequest budget, and what I would change in a v2. Engineering notes, not a sales pitch.
May 23, 2026·8 min read·Pranith Jain
Cloudflare WorkersEdge ArchitectureCTI EngineeringBuild Notes
Adversary infrastructure
Cobalt Strike is still 96% of all dedicated-C2-tracker hits in May 2026
1,815 of 1,888 currently-tracked C2 servers run Cobalt Strike. 73 run Metasploit. Everything else is statistical noise. Defenders who plan their detection coverage as if 'C2 framework diversity' is real are mis-allocating.
May 23, 2026·6 min read·Pranith Jain
C2 FrameworksCobalt StrikeAdversary InfrastructureDetection Engineering
Methodology
Cross-source IOC consensus: what a 98.2% filter rate reveals about the noise floor
This platform scans 7,779 indicators across 18 IOC feeds and surfaces 141 that two or more sources agree on. The 98.2% that get dropped are the methodology lesson, not the success.
May 22, 2026·6 min read·Pranith Jain
IOC MethodologyCross-source ConsensusFalse PositivesThreat Intelligence Tradecraft
Adversary read
The May 2026 leak-site board: Nova, LockBit5, and Qilin tell three different stories
The top three operators on this platform's ransomlook feed for May 2026 each say something different about how to read a leak-site board. One is loud, one is quiet, one is structural.
May 21, 2026·7 min read·Pranith Jain
RansomwareAdversary TrackingLeak-site AnalysisNovaLockBit 5Qilin

JavaScript Required

This portfolio website requires JavaScript to display properly. Please enable JavaScript in your browser settings, or contact me directly at hello@pranithjain.qzz.io.