Resources | Threat Hunting and Intelligence (4)

The Pyramid of Pain is a conceptual model created by David Bianco in 2013 that helps detection engineers and analysts understand how to best use threat intelligence to halt threat actors.

Threat Hunting and Intelligence

Pyramid of Pain: You Can't Tie Your Shoes That Way

Jul 02, 2024 3 min read

We identify ways hackers leverage everyday websites and tools to build a picture of a target organization they can use to gain initial access.

Threat Hunting and Intelligence

Big Brother Hacker - Attack Reconnaissance

Jun 05, 2024 5 min read

MITRE ATLAS is a globally accessible, living knowledge base of adversary tactics and techniques against Al-enabled systems based on real-world attack observations and realistic demonstrations from Al-red teams and security groups.

Threat Hunting and Intelligence

Navigating Skynet with MITRE ATLAS

May 20, 2024 2 min read

RADICL has observed an ongoing phishing campaign with the intent to steal a victim’s credit card information and other personal data such as email and physical address.

Threat Hunting and Intelligence

Cloudy With a Chance of Credit Card Theft

Mar 07, 2024 3 min read

Narrowing focus is the concept of drilling down from wide datasets to key reference points used to pivot the direction of a forensic investigation.

Threat Hunting and Intelligence

Narrowing Focus in Forensic Investigation

Feb 12, 2024 4 min read

BlackCat ransomware filed an SEC complaint against their own victim using new cyber incident reporting rules as an extortion lever.

Threat Hunting and Intelligence

Ransomware Meets Regulation: BlackCat Gang's Attack on MeridianLink

Dec 01, 2023 2 min read

Beyond contracting officers and primes, your SPRS score is on file with the federal government. If a cyber incident occurs and DoD investigators are examining your compliance history, your SPRS submission is part of the record.

Regulatory Compliance

What is SPRS? How Defense Contractors Are Scored on Cybersecurity

May 26, 2026 8 min read

Regulatory Compliance

What is DFARS 252.204-7012? A Guide for Defense Contractors

May 14, 2026 8 min read

Regulatory Compliance

CMMC Compliance Deadline 2026: Key Dates That Affect Your DoD Contract

Apr 13, 2026 6 min read

On May 18, 2026, RADICL observed an intrusion on a Windows endpoint originating from a trojanized ArcGIS Pro installer downloaded from a typosquatted domain.

Threat Hunting and Intelligence

Trojanized ArcGIS Installer Drops Dual-Channel RAT

May 28, 2026 8 min read

This is a detailed breakdown of a malicious VBS script discovered on an endpoint within RADICL’s customer base as a result of RADICL’s custom EDR detection logic. The script executes a multi-stage attack designed to achieve persistence, evade detection, and deploy a secondary payload.

Threat Hunting and Intelligence

Multi‑Stage VBScript Malware Analysis

Jul 23, 2025 7 min read

An initial access broker is a type of threat actor specializing in gaining initial persistent access to an environment.

Threat Hunting and Intelligence

Unmasking the Toy Maker Initial Access Broker

May 20, 2025 2 min read

Jacob Evans is IT Manager at two aerospace companies, where RADICL is a trusted cybersecurity and compliance partner.

Industry Analysis

How a Solo IT Manager Covers 100 Users & Two Companies with RADICL

Jun 08, 2026 7 min read

Koontz Electric passed its C3PAO assessment with help from the RADICL team.

Industry Analysis

How Koontz Electric Passed CMMC Level 2 with a 3-Person IT Team

Jun 01, 2026 5 min read

In this testimonial, Caitlin talks about what it's really like working with the RADICL team day-to-day: the responsiveness, the depth of expertise, and the honest guidance that keeps clients on the right track, even when that means redirecting internal efforts.

Industry Analysis

Havoc AI: CMMC Level 2 Compliance with a Team That Actually Cares

Apr 30, 2026 3 min read

Incident Response

What Are Incident Response Solutions?

Apr 13, 2026 7 min read

On the evening of 7/25/24, CrowdStrike pushed a content update which caused Windows systems to crash and/or enter a reboot loop, rendering the systems unusable.

Incident Response

A Day in the Life: Our vSOC Responds to the CrowdStrike Incident

Jul 24, 2024 2 min read

Ransoming an espionage victim carries several advantages that can make it an ideal move for nation-state threat actors.

Incident Response

I Spy a Ransomware Attack

Jul 16, 2024 2 min read

There was a joint advisory this week (AA26-097A) warning of active exploitation of internet-facing Programmable Logic Controllers (PLCs).

Attack Surface and Vulnerability Management

Iranian APT Actors Are Targeting Your PLCs — Here's What to Do

Apr 09, 2026 2 min read

Attack Surface and Vulnerability Management

CMMC Enclave: What It Is, When It Works, and How to Build the Right Compliance Boundary

Mar 26, 2026 11 min read

Attack Surface and Vulnerability Management

EP 9 - Palo Alto Networks' Daryan Dehghanpisheh on Vulnerability Management

Jan 23, 2026 1 min read

Security Operations & vSOC

Top SOC Service Providers (SOCaaS) for 2026

Mar 26, 2026 11 min read

Security Operations & vSOC

Best MDR Providers for Regulated Industry & DIB Contractors (2026)

Mar 12, 2026 16 min read

DIB Innovators

Cyber Resilience at the Crossroads

Apr 10, 2025 2 min read

Micro-Ant's Charles McCarrick on Innovation and Opportunity in the DIB

DIB Innovators

Ep 1: Charles McCarrick on Innovation and Opportunity in the DIB

Dec 08, 2023 2 min read

DIB Innovators

EP 100 — Outlander VC's Paige Craig On Funding Defense's Black Sheep Before Anyone Else Will

Jun 04, 2026 1 min read

DIB Innovators

EP 99 — AI Strategy Corporation's David Mroczka On Cutting U.S. Army Tech Scouting From 12 Months To 2 Weeks

May 28, 2026 1 min read

DIB Innovators

EP 98 — AimLock's Bryan Bockmon on Keeping Humans in the Kill Decision While Automating the Rest

May 21, 2026 1 min read

Pyramid of Pain: You Can't Tie Your Shoes That Way

Big Brother Hacker - Attack Reconnaissance

Navigating Skynet with MITRE ATLAS

Cloudy With a Chance of Credit Card Theft

Narrowing Focus in Forensic Investigation

Ransomware Meets Regulation: BlackCat Gang's Attack on MeridianLink

THE DIB CYBERSECURITY MATURITY REPORT 2025 EDITION

Regulatory Compliance

What is SPRS? How Defense Contractors Are Scored on Cybersecurity

What is DFARS 252.204-7012? A Guide for Defense Contractors

CMMC Compliance Deadline 2026: Key Dates That Affect Your DoD Contract

Threat Hunting & Intelligence

Trojanized ArcGIS Installer Drops Dual-Channel RAT

Multi‑Stage VBScript Malware Analysis

Unmasking the Toy Maker Initial Access Broker

Industry Analysis

How a Solo IT Manager Covers 100 Users & Two Companies with RADICL

How Koontz Electric Passed CMMC Level 2 with a 3-Person IT Team

Havoc AI: CMMC Level 2 Compliance with a Team That Actually Cares

Incident Response

What Are Incident Response Solutions?

A Day in the Life: Our vSOC Responds to the CrowdStrike Incident

I Spy a Ransomware Attack

Attack Surface & Vulnerability Management

Iranian APT Actors Are Targeting Your PLCs — Here's What to Do

CMMC Enclave: What It Is, When It Works, and How to Build the Right Compliance Boundary

EP 9 - Palo Alto Networks' Daryan Dehghanpisheh on Vulnerability Management

Security Operations & vSOC

Top SOC Service Providers (SOCaaS) for 2026

Best MDR Providers for Regulated Industry & DIB Contractors (2026)

Operational Resilience

Cyber Resilience at the Crossroads

Ep 1: Charles McCarrick on Innovation and Opportunity in the DIB

The DIB Innovators

EP 100 — Outlander VC's Paige Craig On Funding Defense's Black Sheep Before Anyone Else Will

EP 99 — AI Strategy Corporation's David Mroczka On Cutting U.S. Army Tech Scouting From 12 Months To 2 Weeks

EP 98 — AimLock's Bryan Bockmon on Keeping Humans in the Kill Decision While Automating the Rest