An independent lab for incident response, infrastructure defense, and operational resilience.
Deretti Cyber Labs publishes IR 2.0, the /quantum/ post-quantum cryptography section, and a 17-year threat-research archive. Frameworks under CC BY 4.0, reference code under MIT. Built to be tested, adapted, and argued with.
Three streams, one library.
A framework you can adopt and adapt, a post-quantum cryptography section for operators below hyperscaler scale, and an archive of reference material that survives the news cycle. All published openly. All written from operational experience.
Governance, Architecture, Technology, Culture — bound together by a single Calm Loop (Sense → Decide → Act → Learn). Scales from a 3-person team to a 3,000-person enterprise via Crawl → Walk → Run phases.
Read the frameworkEducational and operator-tooling layer for the PQC transition. Five audience-tier briefings, a foundation whitepaper, glossary, standards reference, decision tree, and five operator tools with XLSX/PDF downloads.
Read the sectionHistorical and current research notes on malware, vulnerabilities, infrastructure risk, hardware-rooted trust, and major operational incidents.
Browse the archiveA working library for practitioners.
An applied research initiative. The output is technical reference material developed from operational experience, published openly so it can be tested, adapted, and improved by the teams using it.
Is — A framework, a post-quantum cryptography section, and an archive: IR 2.0 (incident-response operating model), /quantum/ (PQC reference, briefings, and operator tools), and 14 threat-research entries spanning 2008–2025.
Is for — Security engineers, infrastructure teams, incident responders, cryptography leads, and researchers working through real operational problems.
Is not — A compliance product, an insurance pre-approval, or a substitute for professional legal, regulatory, or insurance advice. Maps to NIST CSF, NIST 800-61, CIS Controls, FIPS 203/204/205, CNSA 2.0, and CISA procurement guidance; does not replace them.
Practitioners who need reference material that holds up.
Written for the people who have to make it work, not for the news cycle. Get in touch for research collaborations, citation questions, or framework discussions.
Most recent research notes.
Recent entries from the 17-year archive. Each card links to the full research note.
Dell ControlVault3 vulnerability chain. What firmware trust assumptions broke, what didn't, and where this leaves laptop attestation models.
An EDR content update that knocked Windows offline at global scale. What the incident says about kernel-mode trust, content validation, and recovery design.
A modular toolkit purpose-built for industrial control systems. Why this changed the bar for OT defenders and how it maps to current ICS playbooks.
See all 14 entries in the archive →
Active research.
Open analyses and work-in-progress reference material. Distinct from archived entries in that the substance is current rather than preserved.
Harvest Now, Decrypt Later and enterprise PQC transition risk. Living exposure-class analysis covering the mismatch between data confidentiality lifetimes and cryptographic migration timelines.
Active research on trust verification layers atop GNSS and military-grade constellation protocols. Includes spoofing attack surface analysis, drift-detection heuristics, and integration paths for hardware-rooted trust anchors.
Audience-tier briefings, foundation whitepaper, glossary, standards reference, decision tree, and five operator tools (inventory worksheet, vendor RFP rubric, interactive maturity self-assessment, tabletop scenario, executive one-pager). XLSX and PDF downloads.