████████╗██╗██████╗ ███████╗██████╗ ██╗ █████╗ ██████╗ ███████╗
╚══██╔══╝██║██╔══██╗██╔════╝██╔══██╗ ██║ ██╔══██╗██╔══██╗██╔════╝
██║ ██║██████╔╝█████╗ ██║ ██║ ██║ ███████║██████╔╝███████╗
██║ ██║██╔══██╗██╔══╝ ██║ ██║ ██║ ██╔══██║██╔══██╗╚════██║
██║ ██║██║ ██║███████╗██████╔╝ ███████╗██║ ██║██████╔╝███████║
╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═════╝ ╚══════╝╚═╝ ╚═╝╚═════╝ ╚══════╝
TIRED(7) TIRED Labs TIRED(7)
===============================================================================
NAME
TIRED Labs. These are our notes. We could be wrong. We usually are.
SYNOPSIS
threat ( intelligence | response | emulation | detection )
tired-labs [ research | tooling | process ]
DEFINITION
TIRED /ˈtī(ə)rd/ n.
1. A condition brought on by recurring cybersecurity failures and
systemic red tape.
2. An acronym for Threat Intelligence, Response, Emulation, and
Detection. Four disciplines joined as a collective, advancing
security through shared understanding and open research.
DESCRIPTION
TIRED Labs is an independent research collective. We study how security
teams understand, emulate, detect, and respond to adversary behavior.
Our work is shared openly for educational and defensive use.
The industry has a habit of selling you substitutes for understanding
the adversary. It sells feeds, content, dashboards, and a framework to
map your frameworks. The gap that actually matters is the one between
understanding how an attack works and operating against it. We exist to
close that gap, and we hand the instructions to anyone who wants them.
We favor observations over assumptions. We favor working notes over
final drafts. Every document is a living record that changes as the
evidence does, and every contribution moves the work forward while
accepting it will always be unfinished.
PRINCIPLES
We trust nothing we have not stress-tested. Not the industry's best
practices, and not our own. We poke holes in industry-accepted
practices where they are weak. We poke the hardest holes in our own
work.
"Usually wrong" is not modesty. It is our method. What we ship is the
result of many mistakes made over many years, with the fixes in place.
ARMS
The collective operates in three arms. One argument told in three parts.
research(7) Understanding that survived scrutiny. Structured, lossless
captures of attack techniques, documented so any team can
build its own outputs from a shared technical
understanding. This is the claim.
tooling(7) The means to reach understanding the black box will not
give you. Instrumentation driven by our own research and
built around attacks we found ourselves. We are not a
clone-shop for things that already exist. This is the
capability.
process(7) The proof it pays off in practice. A generic, tool-agnostic
reference model for running a threat program, built to drop
in so the research changes how a team operates instead of
dying in a repository. This is the demonstration, and the
manual.
OPTIONS
TIRED Labs accepts no configuration flags. The presentation layer ships
with --collaboration enabled and the option is not exposed. For the
professional build, see process(7), where the humor compilation flag is
disabled.
AUTHORS
A small, invite-only collection of active practitioners. You may propose
to contribute. Acceptance is not guaranteed, and it is not personal.
Mostly.
BUGS
Known issue: we are frequently wrong.
Status: WONTFIX. Working as intended.
The system is functioning correctly. We accept reproductions,
counterarguments, and corrections as patches, and we welcome them
openly and transparently. If you find a mistake in our products, you
have done the work the way it is meant to be done. We will thank you and
update the notes appropriately.
SEE ALSO
cDc(7), L0pht(7), at-stake(7), and the early internet, back when
creativity was worth more than ad impressions and a thing could be built
for the love of building it.
===============================================================================
© TIRED Labs 2025-2026
TIRED Labs
Threat (Intelligence | Response | Emulation | Detection) Research
Popular repositories Loading
-
techniques
techniques PublicA public repository of quality research on cyber attack techniques. This is the backend for the Technique Research Report (TRR) Library.
-
-
insomnia
insomnia PublicReporting dashboard for tracking metrics generated by narcolepsy
JavaScript
Repositories
Showing 5 of 5 repositories
- tiredize Public
tired-labs/tiredize’s past year of commit activity - techniques Public
A public repository of quality research on cyber attack techniques. This is the backend for the Technique Research Report (TRR) Library.
tired-labs/techniques’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…