QuantNest Radar
QuantNest
Radar
Process

Research Methodology

How we identify, research, verify, and publish cybersecurity intelligence — from initial signal detection to final publication.

Step 1 — Incident Signal Detection

We monitor a wide range of primary intelligence sources to identify significant cybersecurity events. Our signal sources include:

Official Advisories

CISA, US-CERT, NCSC (UK), BSI (Germany), ANSSI (France), and other national CERTs.

Vendor Disclosures

Security bulletins from Microsoft, Google, Apple, Cisco, Palo Alto, CrowdStrike, Mandiant, and others.

Research Publications

Published research from security conferences (DEF CON, Black Hat, CCS), academic journals, and independent researchers.

Threat Intelligence Feeds

CVE database, NVD, threat actor trackers, and open-source threat intelligence platforms.

Community Reporting

Security community Twitter/X, Mastodon, security researcher blogs, and tip submissions.

Dark Web Monitoring

Publicly accessible dark web forums, ransomware group leak sites, and threat actor announcements.

Step 2 — Coverage Decision

Not every incident warrants coverage. We evaluate incidents against the following criteria:

  • Scale and impact: Number of affected organisations, users, or systems
  • Novelty: New attack technique, previously undocumented malware, or new threat actor
  • Relevance to defenders: Does this incident provide actionable intelligence for security teams?
  • Technical depth available: Is there sufficient technical detail to provide meaningful analysis?
  • Responsible disclosure: Does publishing serve the public interest without enabling further harm?

Step 3 — Research & Data Collection

Once we decide to cover an incident, we conduct thorough research:

  • Cross-reference all primary sources to establish a factual baseline
  • Collect technical indicators (IOCs, TTPs, MITRE ATT&CK mappings where applicable)
  • Review historical context for related incidents and threat actor history
  • Identify affected systems, software versions, and configuration states
  • Research available mitigations, patches, and detection signatures
  • Document source URLs and access timestamps

We use AI-assisted tools to help process large volumes of technical data and structure analysis. All AI-generated analysis is reviewed and validated by our editorial process. See our Editorial Policy for full disclosure.

Step 4 — Article Structure

Our articles follow a consistent structure designed to serve both quick readers who need a summary and deep-dive readers who need full technical context:

  1. Executive Summary — key facts for executives and time-pressed professionals
  2. Incident Overview — what happened, when, and who is affected
  3. Technical Analysis — detailed breakdown of attack mechanics, malware behaviour, or vulnerability exploitation
  4. Attack Flow — step-by-step reconstruction of the attack chain
  5. Real-World Context — how this fits into the broader threat landscape
  6. Detection Guidance — IOCs, detection rules, and monitoring strategies for SOC teams
  7. Mitigation & Prevention — actionable steps to reduce risk and remediate
  8. Key Takeaways — concise summary of the most important points
  9. Sources — all primary sources cited

Step 5 — Editorial Review

Before publication, each article undergoes editorial review for:

  • Factual accuracy against primary sources
  • Technical correctness of security analysis
  • Appropriate hedging of unconfirmed claims
  • Compliance with responsible disclosure principles
  • Source attribution completeness
  • Clarity and readability for the target audience

Step 6 — Post-Publication

After publication, we monitor for:

  • New developments that require article updates
  • Correction requests from readers, affected parties, or researchers
  • Patch or mitigation availability that should be highlighted
  • Changes in attribution or legal proceedings affecting our reporting

Updated articles include a clear indication of what was changed and when. Major updates are noted at the top of the article.