[hakantan]

This is a very good question. By now, there is a git repo (https://github.com/br-data/2019-winnti-analyse) for the more technical folks (includes yara, some scripts etc.)

We don't have focus groups, but we want to convey to our readers are certain understanding how these operations work. What threat hunting is, why it is important and all that.

At some point you have to make some certain decisions. One was not to explain what a rolling xor is. So yeah, we had to simplify a lot. The truth is, though, this stuff is hard for most people, myself included.

Hope that helps.

[yorwba]

I didn't expect you to deliver a crash course that would allow even non-technical readers to understand all details, so I realize that you had to leave out a lot. That puts you in an awkward spot where your explanation probably creates more new questions than it answers.

Some news websites hesitate to put external links in their articles because they lead readers off the site, but I think they can be helpful to provide jumping-off points for the interested reader. For example, the git repository could be linked somewhere in the article, or as part of the "about the project" section at the end.

PS: The top-level comment of this thread was flagged and hidden, so most users won't see your replies here. You might want to post another top-level comment with the additional information you provided here, or maybe ask the mods via hn@ycombinator.com to make your replies visible.

[akuji1993]

> Some news websites hesitate to put external links in their articles because they lead readers off the site

For me, this is almost always a sign, that they don't think that high about their own content. If your content is great and you write engaging articles that are interesting to the reader, he will return. Trying to stop the reader from leaving, in a browser tab he can close at any time, is kind of ridiculous to me..