
The sales deck shows pins on every underground ecosystem. What ships is machine-translated headlines and keyword alerts — coverage you can see, intelligence you can't.
Read post →
The résumé is the least trustworthy document in the room — and it's the one nearly every vetting process leans on hardest.
Read post →
Operators leave default certificates, unchanged favicons, and framework credits sitting in the HTML. Every shortcut they take becomes a fingerprint — and fingerprints are searchable.
Read post →
张三 is China's John Doe. Before you build a profile on a Chinese name from a leak, make sure you're not chasing a placeholder.
Read post →
Some of the most valuable open-source intelligence on Chinese military activity isn't text — it's Douyin video. Here's how to work with it, even if you don't read Chinese.
Read post →
Leaked internal documents reveal 270 million monthly voiceprint collections, video analysis deployed to China's security apparatus, and deep integration with Huawei systems.
Read post →
A free, hands-on investigation that chains the clues from the surface web down to the source — the same tradecraft, as a challenge. No course required to play.
Enter the CTF →

Party members, veterans, grid watchers, militia warehouses, and 2,000 people whose every move is logged — a look inside a village-level CCP surveillance system on the North Korean border.
Read post →
A new alias doesn't mean a new actor. Behavioral patterns, opsec failures and linguistic habits persist — here's a framework for collapsing personas back into one operator.
Read post →
Decode the structure of PLA unit designations — what the MUCD numbers reveal about branch, function, and command, and how to search them.
Read post →
The day after a Chinese company hits the Entity List, a new one is registered in Hong Kong. Same address, same directors. Here are the patterns that give the cutouts away.
Read post →
You search 'Zhang Wei' and get 50 million results. Chinese name OSINT runs on different logic — and if you don't understand it, you're drowning in false positives or missing your target.
Read post →
Beijing's military-civil fusion doesn't hide in secret networks — it files patents, registers companies, and occasionally leaks documents. Here's where to actually start looking.
Read post →
XSS shut down, BreachForums got compromised, and a new forum quietly emerged to absorb the fallout. Spotting these shifts early is what separates reactive monitoring from proactive intelligence.
Read post →
China's 2025 AI Security Governance draft reads like standard regulatory noise — until you notice it's a playbook for AI-assisted offensive cyber operations at scale.
Read post →
No military background anywhere online. Then a routine 2019 civil-servant candidate list from Jingmen City gave up the whole profile.
Read post →
Some of the most actionable dark-web sources aren't buried in .onion forums — they're sitting in plain sight on paste sites. Here's how to pivot one overlooked paste into a live threat-actor network.
Read post →
Wix-style geo/VPN/TOR blockers rely on simple logic. Understand how they work and two out-of-the-box methods open the door — no VPN required.
Read post →
A familiar-looking logo on a dark web forum led us to its admin — through the image metadata they forgot to strip.
Read post →
10:55
QCC and Tianyancha block foreign traffic with DPI, not a geo-fence — which is why a VPN doesn't get you in. Live, unedited, the route through.
Watch →
1:21
Over 50 exposed government documents marked top secret or confidential — found with a single method, somewhere keywords return nothing.
Watch →
1:15
Seventy-five seconds. The technical restrictions that stop most Western practitioners cold, and the way through.
Watch →
5:58
The +86 is the join between an account and a person. Here is how to get one.
Watch →
13:01
RedNote leaks its users' mobile numbers. What that opens up, and the databases sitting behind it.
Watch →
6:02
Reaching gov.cn data past its technical restrictions. Methods we found ourselves — which is why they still work.
Watch →
8:24
CSDN shows you enough to know the answer is there, then holds the rest behind a +86 login. Step by step, without an account.
Watch →
16:56
Finding data, getting past site restrictions, and running CTI across China's landscape — tools, cases, and source development.
Watch →
11:41
Twelve minutes of an actual lesson. How we explore, search, and pivot in China's ecosystem — including the wrong turns.
Watch →
6:26
90% of CTI reports scratch the surface. Two reasons nobody in the industry wants to name — and what actually fixes it.
Watch →
4:23
A Genesis Market successor and a new leaks search engine — both caught while still in early development, before anyone was watching.
Watch →
10:18
For team leaders asking what their analysts will actually be able to do afterward. The full rundown — and an honest note on who it isn't for yet.
Watch →
3:54
Ask a Western analyst how to reach a blocked Chinese site and you get one answer. Those platforms were built assuming you'd bring exactly that.
Watch →
7:10
An overview of the Advanced program — what it covers, and who it is built for.
Watch →
5:18
A manual route from a Weibo image to the account behind it. One episode of Bytes of Clues — and a drop in the ocean, by our own admission.
Watch →
Not sure which program fits, or whether we cover what you need? Just ask.
We're happy to tell you whether a specific platform, or focus area is included in a given course — and if it's not, whether we can build it in.
Reach out to sales@epcyber.com about: