Alt + Intel by RishSec

Threat Intelligence Dispatch

Alt+Intel

Alternative intelligence for real practitioners

Not a recap of what Twitter already said. Every Sunday at 8 AM IST, this dispatch lands in your inbox with findings from active research — dark web patterns, threat actor moves, OSINT techniques, and what they mean for practitioners working in the field.

Free. No recycled news. Unsubscribe any time.

Alt + Intel

By Rishika Desai
RishSec · Issue #001

Sunday Edition 8:00 AM IST · Weekly Dispatch

Lead Story

Dark Web Forums Are Selling Access to Indian BFSI Infrastructure

Three separate threat actors listed verified RDP access to banking systems this week. What the listings reveal about current intrusion methods — and what defenders can do right now.

OSINT

One Shodan Query. 2,400 Exposed Devices.

The exact search syntax, what we found, and the disclosure process that followed.

Career Intel

What Hiring Managers in Indian SOCs Actually Look For

Notes from three conversations with team leads at tier-1 security firms.

Dark web monitoring◆ Threat actor TTPs◆ OSINT techniques◆ India-specific threat intelligence◆ Career moves in cybersecurity◆ IOC analysis◆ APT tracking◆ Real investigations◆ Every Sunday · 8 AM IST◆ Dark web monitoring◆ Threat actor TTPs◆ OSINT techniques◆ India-specific threat intelligence◆ Career moves in cybersecurity◆ IOC analysis◆ APT tracking◆ Real investigations◆ Every Sunday · 8 AM IST◆

What is
Alt + Intel

Not a summary.
A dispatch from the field.

Most cybersecurity newsletters summarise what happened. Alt + Intel is written by someone who is actively doing the research — investigating dark web forums, running OSINT queries, mapping threat actor infrastructure, and publishing findings at CloudSEK.

The difference shows in the content. When a new malware campaign appears, you won't get a rewrite of the vendor advisory. You'll get the MITRE mapping, the infrastructure correlation, the dark web conversation that preceded it, and what a practitioner would actually do with that information.

Who reads it: SOC analysts, threat intelligence practitioners, security researchers, cybersecurity students breaking into the field, and founders who need to understand the threat landscape their business sits inside.

5K+

Community members

52×

Issues per year

8AM

Every Sunday IST

Every Sunday · 8 AM IST · In your inbox

What lands in your inbox every week

🕳️

The Lead

One primary investigation — a threat actor, a campaign, a dark web finding, or an infrastructure discovery. Written from primary research, not secondary sources.

🔍

OSINT in the Open

One repeatable OSINT technique or query walkthrough per issue. Tools, syntax, what we found, and what you can replicate yourself.

🎭

Threat Actor Watch

Movement updates on tracked APT groups and financially-motivated actors. MITRE ATT&CK mapping, new infrastructure, and tactical shifts.

🇮🇳

India Threat Pulse

India-specific intelligence — dark web listings, targeted campaigns, sector-specific threats to BFSI, telecom, and government infrastructure.

🧭

Career Intel

What's moving in the cybersecurity job market — which skills are being demanded, which certifications actually matter, and what practitioners are being hired to do.

📡

The IOC Drop

Actionable indicators of compromise from the week's research. IPs, domains, hashes, YARA snippets. For the practitioners who need the artefacts, not just the story.

Publishing schedule

Sunday 8 AM.
Without exception.

Consistency is a commitment to your time. Alt + Intel goes out every Sunday at 8 AM IST — not "most Sundays," not "when there's something worth saying." Clockwork, so you can plan around it. The research happens all week so the dispatch is ready when you wake up.

Mon–Tue

Dark web monitoring · Forum tracking · IOC collection Background

Wed–Thu

OSINT investigations · Threat actor infrastructure mapping Research

Friday

Findings review · Lead story selection · Outline Planning

Saturday

Writing · Editing · Final review · Scheduled to send Production

Sunday

Alt + Intel lands in your inbox 8:00 AM IST

👩‍💻

Written by

Rishika Desai

Cyber Threat Researcher · CloudSEK · RishSec

Rishika is an active threat intelligence researcher at CloudSEK, where she investigates dark web activity, tracks threat actors, and publishes findings that have been cited by Forbes, Dark Reading, and The CyberWire. She was named Rising Star of the Year 2025 at BSides Bangalore and Top 100 Cybersecurity Influencer 2025 by CF100 Club. She has spoken at OWASP AppSec Days Singapore, AVAR Malaysia, and delivered a keynote at ASCIS 2025.

Forbes Quoted Dark Reading The CyberWire BSides Bangalore Rising Star 2025 CF100 Top 100 · 2025 OWASP AppSec Singapore CloudSEK Researcher

From the archives

Issues launching soon

Issue #001 · Coming Soon

Dark Web

What Dark Web Forums Are Saying About Indian Infrastructure Right Now

Three verified access listings, two active discussion threads, and what the timing tells us about upcoming campaign cycles.

First issue

Issue #002 · Coming Soon

OSINT

The Shodan Query That Found 2,400 Exposed Devices in 11 Minutes

Full walkthrough: the syntax, the results, the disclosure, and the replicable methodology for your own hunting sessions.

Week 2

Issue #003 · Coming Soon

APT

APT41 Infrastructure Shift: What New C2 Registrations Reveal

Recent domain registrations correlated with known APT41 patterns. What changed, what it signals, and the MITRE techniques to watch.

Week 3

Subscribe · Free · Every Sunday 8 AM IST

Don't follow the
threat landscape.
Track it.

Join practitioners who read Alt + Intel for intelligence that doesn't appear anywhere else — because it comes from the research, not from rewriting vendor reports.

No spam. No recycled news. Unsubscribe any time.