Case files

Investigation logs

Synthetic, OPSEC-safe write-ups. We show the dead ends — that's the difference between a tool dump and an analyst report.

GEOINT · SYNTHETIC CASE2026-03-12 · 8 min

Geolocating a photo from shadow angle and a manhole pattern

One street photo, no EXIF, no landmarks in frame. We pivoted from sun azimuth + a municipal manhole casting to a three-block radius — then killed two false positives by hand.

Outcome: City district confirmed; exact building narrowed to two candidates pending ground truth.

Read full log →
IDENTITY · SYNTHETIC CASE2026-02-04 · 6 min

Linking a sock puppet to a real operator via recovery metadata

Fresh Discord account, burner email, VPN IP. The break wasn't a breach dump — it was a partial recovery hint and a reused username from a 2019 forum scrape.

Outcome: Two accounts tied to same operator with high confidence; no doxxing published.

Read full log →
BREACH · SYNTHETIC CASE2026-01-18 · 5 min

From corporate domain to exposed dev credentials

Client asked 'are we in stealer logs?' Automated scanners said no. Manual Hudson + stealer correlation found a contractor Jenkins token in a combo list.

Outcome: Credential rotated within SLA; no production access confirmed.

Read full log →