China’s bug-hunting scene is maturing - more players, bigger prizes, tighter structure, and a growing focus on domestic products, driven by profit, prestige, and national security.| nattothoughts.substack.com
China’s early hacking training grounds weren’t classrooms or hacking contests, but online forums, real-world targets, and freely shared offensive tools and vulnerabilities.| Natto Thoughts
Chinese companies face conflicting pressures between MAPP’s non-disclosure requirements and domestic policies that incentivize or mandate vulnerability disclosure to the state.| nattothoughts.substack.com
From 'Trouser Belt Project' to 'Patching the Sky': Qi An Xin’s Butian platform serves as cradle for nurturing new talent and smelter for refining seasoned hackers’ skills| nattothoughts.substack.com
Qingyuan Polytechnic's focus on vulnerability studies highlights China's continued efforts in gathering vulnerability resources| nattothoughts.substack.com
A case study of the i-SOON indictment and leaks reveals that source information may vary but it is important to compare and evaluate information for unique insights.| nattothoughts.substack.com
China's new vulnerability management system mandates reporting to MIIT within 48 hours, restricting pre-patch publication and POC code.| Atlantic Council
A year after the i-SOON leaks, a deep dive into the Pangu Team reveals new insight into the relationships between elite vulnerability researchers and government-contracted hackers| nattothoughts.substack.com
Formerly very public, Sichuan Silence has gone quiet since 2020; but as part of a circle of Chengdu-based jack-of-all-trades infosec companies, it serves the state in cyber-enabled operations| nattothoughts.substack.com
Matrix Cup aligns with China’s strategy to enhance its offensive and defensive cyber capabilities by increasing the volume of vulnerabilities available domestically and fostering young hacking talent.| nattothoughts.substack.com
Who are the mysterious hacker whisperers Intrusion Truth? What kinds of tradecraft have they used? What can cyber threat analysts learn from them?| nattothoughts.substack.com
A lawsuit casts light on the ecosystem of IT companies related to Chengdu 404, the company allegedly behind Chinese state-sponsored hacking group APT41.| nattothoughts.substack.com
