Threat research, security automation, and cybersecurity insights.https://jacobsantos.pages.dev/https://jacobsantos.pages.dev/blog/2026-02-05-infrastructure-hunting-beyond-iocs/https://jacobsantos.pages.dev/blog/2026-02-05-infrastructure-hunting-beyond-iocs/Moving up the Pyramid of Pain — from hash-based detection to hunting adversary infrastructure through behavioral fingerprints and network patterns.Thu, 05 Feb 2026 00:00:00 GMThttps://jacobsantos.pages.dev/blog/2026-01-15-building-mcp-servers/https://jacobsantos.pages.dev/blog/2026-01-15-building-mcp-servers/How I set up Model Context Protocol servers to bridge AI assistants with threat intelligence platforms — and what I learned about tool design along the way.Thu, 15 Jan 2026 00:00:00 GMThttps://jacobsantos.pages.dev/blog/2025-12-08-ransomware-hunting-daily-workflow/https://jacobsantos.pages.dev/blog/2025-12-08-ransomware-hunting-daily-workflow/The daily reality of proactive ransomware hunting — from YARA triggers and VirusTotal dashboards to naming new families and building attack chains from telemetry.Mon, 08 Dec 2025 00:00:00 GMThttps://jacobsantos.pages.dev/blog/2025-11-10-automating-inquiry-triage/https://jacobsantos.pages.dev/blog/2025-11-10-automating-inquiry-triage/How I built a 9-phase AI pipeline to handle threat intelligence inquiries that used to take a week — and what it taught me about building tools from real pain points.Mon, 10 Nov 2025 00:00:00 GMThttps://jacobsantos.pages.dev/blog/2025-09-20-from-osint-to-internal-hunting/https://jacobsantos.pages.dev/blog/2025-09-20-from-osint-to-internal-hunting/How shifting from external OSINT to internal telemetry hunting changed the way I approach threat research — and where most of my published work actually comes from.Sat, 20 Sep 2025 00:00:00 GMT