mylr.sh

Real-world Security Research & Hands-on Labs

analysis, tradecraft, and interactive resources

check the motd

// tools

Tools

Quick access to external research utilities and enrichment engines.

Terminal

Type help for all commands. Quick start: motd, /tip <text>, vt <ioc>, otx <ioc>, shodan <query>, mitre <TXXXX[.XXX]>, cve <CVE-YYYY-NNNN>.

mylr.sh :: interactive shell

Type 'help' to see available commands. Try: motd, vt <ioc>, otx <ioc>, shodan <query>.

Shodan

Search the Internet of Exposed Things. IPs, ports, banners, and vulns.

VirusTotal

Analyze files, URLs, domains, and IPs with aggregated antivirus and sandbox data.

AlienVault OTX

Open Threat Exchange for community-sourced indicators, pulses, and threat groups.

dan.me.uk

Public IP and ASN intelligence tools with geolocation and abuse lookups.

// feeds

Threat Feeds

Aggregated public RSS/Atom. Filter by source, tag, or ATT&CK. (Wire your serverless proxy to avoid CORS.)

Oct 14, 2025 • CISA

KEV update: actively exploited vulnerability in VPN gateway

Short summary auto-generated from feed item. Tags: T1190, CVE-2025-xxxx.

Oct 14, 2025 • CISA

KEV update: actively exploited vulnerability in VPN gateway

Short summary auto-generated from feed item. Tags: T1190, CVE-2025-xxxx.

Oct 14, 2025 • CISA

KEV update: actively exploited vulnerability in VPN gateway

Short summary auto-generated from feed item. Tags: T1190, CVE-2025-xxxx.

Oct 14, 2025 • CISA

KEV update: actively exploited vulnerability in VPN gateway

Short summary auto-generated from feed item. Tags: T1190, CVE-2025-xxxx.

Oct 14, 2025 • CISA

KEV update: actively exploited vulnerability in VPN gateway

Short summary auto-generated from feed item. Tags: T1190, CVE-2025-xxxx.

Oct 14, 2025 • CISA

KEV update: actively exploited vulnerability in VPN gateway

Short summary auto-generated from feed item. Tags: T1190, CVE-2025-xxxx.

Oct 14, 2025 • CISA

KEV update: actively exploited vulnerability in VPN gateway

Short summary auto-generated from feed item. Tags: T1190, CVE-2025-xxxx.

// mitre ATT&CK

ATT&CK Technique Browser

Client-side search across a local JSON of techniques. Swap in TAXII/CTI feed later.

Process Injection: Process Hollowing

T1055.012

Defense Evasion, Privilege Escalation

Detect suspicious creation of suspended processes followed by section mapping and thread context changes.

ref

Phishing: Spearphishing Attachment

T1566.001

Initial Access

Block risky file types; sandbox detonation; inspect archive abuse patterns.

ref

// research

Research

Detailed investigations, campaigns, and lab reports with IOCs, TTPs, and defensive actions.

PureRAT campaign: infostealer → RAT pivot

X0-IB-2025-01

Oct 14, 2025 • T1566.001 / T1055.012 / T1562.001

Key Findings: DLL sideloading, staged Python loaders, AMSI/ETW patch, TLS-pinned C2. Mitigate with blocklists, AMSI integrity checks, and ETW tamper alerts.

Read IOC list

WPA2 handshake capture & detections

X0-IB-2025-02

Oct 10, 2025 • T1557 / T1040

Operational lab mapping deauth + airodump workflow to detections and mitigations for enterprise Wi-Fi.

Read Download

// about

Task & Purpose

Empowering the security community to strengthen our collective defense to aggregate and analyze shared threat intelligence, map adversary techniques to ATT&CK, and contribute actionable detection content that benefits defenders everywhere.

© 2025 Joshua Miller [x0mylr]. All rights reserved

josh@mylr.sh