Research

Publications

Technical notes, methods, and research artifacts. Updates are published when research is complete.

Top tags

Threat Intelligence (2)Infrastructure Hunting (2)Methodology (2)NSO Group (1)Pegasus (1)Certificate Transparency (1)WHOIS History (1)Era Translation (1)Censys (1)Spyware (1)CenQL (1)Product Security (1)

From Disclosure to Reproduction: Hunting NSO Pegasus V1 Infrastructure — Part 2

2026-05-03

Threat IntelligenceNSO GroupPegasusCertificate Transparency

Reproducing Citizen Lab and Lookout's 2016 Million Dollar Dissident infrastructure analysis with the 2026 connector stack: era-bound tool substitution, three previously-undisclosed NSO-attributed domains, and a V1 deployment 15 months earlier than the original disclosure documented.

Hunting Nation-State Spyware Infrastructure with Censys — Part 1

2026-02-26

Threat IntelligenceCensysSpywareInfrastructure Hunting

A technical orientation to the Censys Platform as a threat intelligence primitive: scanning architecture, data model, historical data, the Threat Hunting Module, ASM, and CenQL.

Research Notes: Scope and Publication Model

2025-12-19

MethodologyProduct Security

How Orion Labs structures research work and what we publish (and what we don't).