The Cyber Tribunal is an open source intelligence blog focused on one thing: finding the trail threat actors leave behind.

Every attack, every campaign, every piece of malicious infrastructure starts somewhere. And more often than not, the evidence is hiding in plain sight — in certificate logs, passive DNS records, public threat feeds, and the corners of the open web that most people don't think to look.

This blog exists to show that work. Not just the conclusions, but the methodology. The pivots. The dead ends. The moments where one indicator leads to an entire network of malicious infrastructure.

The investigations here are built entirely from open source intelligence. No private feeds. No vendor access. Just the tools and techniques available to anyone willing to dig.

Who runs this?

A working cybersecurity practitioner with hands-on experience tracking threat actors and investigating incidents. The Tribunal operates independently — no vendor sponsorships, no affiliate deals, no agenda beyond publishing honest, practitioner-grade threat intelligence.

What to expect:

Case file investigations into active cyber threats, tool breakdowns based on real use, methodology walkthroughs that show the full process, and analysis that respects your intelligence as a reader.

If you want the work delivered to your inbox, subscribe below.

Collect. Analyze. Expose.