Security research across mobile platforms, product security, and applied AI

A sustained research program at Orion Labs producing two outputs together: a corpus of adversary-infrastructure analysis — roughly seventy signal bearers accumulated to date across compound fingerprints, technique classes, OPSEC patterns, cluster-shape signatures, and era-corrected attribution data — and the methodology, tooling, and analytical backend that makes the corpus possible. Current state human-led with AI assistance. Direction of travel a refined multi-agent system operating under the methodology as its discipline. The first dispatch in a new series.

Reproducing Citizen Lab and Lookout's 2016 Million Dollar Dissident infrastructure analysis with the 2026 connector stack: era-bound tool substitution, three previously-undisclosed NSO-attributed domains, and a V1 deployment 15 months earlier than the original disclosure documented.

A technical orientation to the Censys Platform as a threat intelligence primitive: scanning architecture, data model, historical data, the Threat Hunting Module, ASM, and CenQL.