Skip to content
@tired-labs

TIRED Labs

Threat (Intelligence | Response | Emulation | Detection) Research
   ████████╗██╗██████╗ ███████╗██████╗     ██╗      █████╗ ██████╗ ███████╗
   ╚══██╔══╝██║██╔══██╗██╔════╝██╔══██╗    ██║     ██╔══██╗██╔══██╗██╔════╝
      ██║   ██║██████╔╝█████╗  ██║  ██║    ██║     ███████║██████╔╝███████╗
      ██║   ██║██╔══██╗██╔══╝  ██║  ██║    ██║     ██╔══██║██╔══██╗╚════██║
      ██║   ██║██║  ██║███████╗██████╔╝    ███████╗██║  ██║██████╔╝███████║
      ╚═╝   ╚═╝╚═╝  ╚═╝╚══════╝╚═════╝     ╚══════╝╚═╝  ╚═╝╚═════╝ ╚══════╝

TIRED(7)                          TIRED Labs                           TIRED(7)
===============================================================================

NAME
    TIRED Labs. These are our notes. We could be wrong. We usually are.

SYNOPSIS
    threat ( intelligence | response | emulation | detection )
    tired-labs [ research | tooling | process ]

DEFINITION
    TIRED /ˈtī(ə)rd/ n.
    1. A condition brought on by recurring cybersecurity failures and
       systemic red tape.
    2. An acronym for Threat Intelligence, Response, Emulation, and
       Detection. Four disciplines joined as a collective, advancing
       security through shared understanding and open research.

DESCRIPTION
    TIRED Labs is an independent research collective. We study how security
    teams understand, emulate, detect, and respond to adversary behavior.
    Our work is shared openly for educational and defensive use.

    The industry has a habit of selling you substitutes for understanding
    the adversary. It sells feeds, content, dashboards, and a framework to
    map your frameworks. The gap that actually matters is the one between
    understanding how an attack works and operating against it. We exist to
    close that gap, and we hand the instructions to anyone who wants them.

    We favor observations over assumptions. We favor working notes over
    final drafts. Every document is a living record that changes as the
    evidence does, and every contribution moves the work forward while
    accepting it will always be unfinished.

PRINCIPLES
    We trust nothing we have not stress-tested. Not the industry's best
    practices, and not our own. We poke holes in industry-accepted
    practices where they are weak. We poke the hardest holes in our own
    work.

    "Usually wrong" is not modesty. It is our method. What we ship is the
    result of many mistakes made over many years, with the fixes in place.

ARMS
    The collective operates in three arms. One argument told in three parts.

    research(7)   Understanding that survived scrutiny. Structured, lossless
                  captures of attack techniques, documented so any team can
                  build its own outputs from a shared technical
                  understanding. This is the claim.

    tooling(7)    The means to reach understanding the black box will not
                  give you. Instrumentation driven by our own research and
                  built around attacks we found ourselves. We are not a
                  clone-shop for things that already exist. This is the
                  capability.

    process(7)    The proof it pays off in practice. A generic, tool-agnostic
                  reference model for running a threat program, built to drop
                  in so the research changes how a team operates instead of
                  dying in a repository. This is the demonstration, and the
                  manual.

OPTIONS
    TIRED Labs accepts no configuration flags. The presentation layer ships
    with --collaboration enabled and the option is not exposed. For the
    professional build, see process(7), where the humor compilation flag is
    disabled.

AUTHORS
    A small, invite-only collection of active practitioners. You may propose
    to contribute. Acceptance is not guaranteed, and it is not personal.
    Mostly.

BUGS
    Known issue: we are frequently wrong.
    Status: WONTFIX. Working as intended.

    The system is functioning correctly. We accept reproductions,
    counterarguments, and corrections as patches, and we welcome them
    openly and transparently. If you find a mistake in our products, you
    have done the work the way it is meant to be done. We will thank you and
    update the notes appropriately.

SEE ALSO
    cDc(7), L0pht(7), at-stake(7), and the early internet, back when
    creativity was worth more than ad impressions and a thing could be built
    for the love of building it.

===============================================================================
© TIRED Labs 2025-2026

Popular repositories Loading

  1. techniques techniques Public

    A public repository of quality research on cyber attack techniques. This is the backend for the Technique Research Report (TRR) Library.

    Go 28 8

  2. library library Public

    Frontend for the TRR Library.

    JavaScript 2

  3. tiredize tiredize Public

    Python 2 1

  4. .github .github Public

    Repository containing README on organization's public landing page

  5. insomnia insomnia Public

    Reporting dashboard for tracking metrics generated by narcolepsy

    JavaScript

Repositories

Showing 5 of 5 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…