Threat Research &
Reference Archive.
Historical and current research notes on malware, vulnerabilities, infrastructure risk, hardware-rooted trust, and major operational incidents. Written to remain useful long after the events have passed from the news cycle.
What this archive covers.
Four working areas. Entries are tagged so they remain useful as cross-references long after the original event.
- Embedded & chip-level
- Hardware-rooted trust
- Zero-trust at scale
- Cyber-physical & OT
Dell ControlVault3 vulnerability chain. What firmware trust assumptions broke, what didn't, and where this leaves laptop attestation models.
An EDR content update that knocked Windows offline at global scale. What the incident says about kernel-mode trust, content validation, and recovery design.
A modular toolkit purpose-built for industrial control systems. Why this changed the bar for OT defenders and how it maps to current ICS playbooks.
An unauthenticated remote-code-execution path in Apache Log4j 2. What the response cycle looked like, what supply-chain inventory teams learned, and what stayed broken afterward.
A pre-auth wormable SMBv3 flaw on Windows 10. The fix shipped, the proof-of-concept followed, and the patch-deploy gap is the actual story.
A cluster of vulnerabilities in the Treck TCP/IP stack affecting hundreds of millions of embedded devices across industries. The supply-chain visibility problem made visible.
In progress.
Open analyses and work-in-progress reference material. Distinct from archived entries in that the substance is current rather than preserved.
How personal data exposure, credential architecture failures, data broker ecosystems, and account recovery weaknesses combine into a persistent human-centered attack surface that bypasses traditional IT controls. Covers PADFAA, GDPR, NIS2, EU AI Act, ENISA ETL 2025, and EDPB CEF 2026.
Long-horizon exposure created by the mismatch between data confidentiality lifetimes and cryptographic migration timelines. Living exposure-class analysis covering enterprise inventory, vendor posture, and disciplined-urgency migration sequencing.
Trust verification layers atop GNSS and military-grade constellation protocols. Includes spoofing attack-surface analysis, drift-detection heuristics, and integration paths for hardware-rooted trust anchors.
Reference material, not a feed.
Three things to know before you cite, link, or rely on an entry.
Preserved threat research, current investigations, and reference material connected to resilience, infrastructure defense, incident response, and the operational conditions that determine whether technology systems recover cleanly.
Use archive entries as historical context, tabletop prompts, control-mapping references, and examples of how technical incidents affect business resilience. Use active research for current analysis and evolving notes.
Historical entries preserve the original operating context around older malware, vulnerability, and infrastructure events. Active research reflects current analysis, open questions, and developing technical relevance.
Archive entries are maintained for historical and educational use. Older material may reflect terminology, assumptions, and source availability from its original period, and should be read alongside current vendor advisories, threat intelligence, and incident-response guidance.
For citation, the publisher is Deretti Cyber Labs, with the entry title and a date stamp — for example, NotPetya, Threat Archive, Deretti Cyber Labs, 2017.