$blackout --bti --inventory

FRAMEWORK INVENTORY10 Categories3 Published5 Gaps Identified

BTI_INVENTORY

Blackout Threat Intelligence — The CVE equivalent for MarTech. Complete inventory of threat categories, published advisories, and gap analysis.

BTSS_SCORING

Severity Levels

9.0-10.0CRITICALImmediate action, regulatory notification

7.0-8.9HIGHAddress within 30 days

4.0-6.9MEDIUMAddress within 90 days

0.1-3.9LOWInformational

Score Factors

4.0

Exploitability

How easy (0=insider, 4=trivial)

3.0

Data Sensitivity

Data type (0=anon, 3=financial)

2.0

Prevalence

How widespread

1.0

Detection Difficulty

How hard to detect

THREAT_CATEGORIES

10 Categories Defined

BTI-C01+2.0

Defeat Device

Scripts that detect auditors and modify behavior to appear compliant

MITRE: T1497 (Sandbox Evasion)

Parallel: Volkswagen Dieselgate

BTI-C02+1.5

Pre-Submit Capture

Form field data captured before submit button clicked

MITRE: T1056 (Input Capture)

Parallel: Banking Trojan Form Grabbers

BTI-C03+1.5

HEM Extractor

Scripts scanning browser storage for email/hash patterns

MITRE: T1539 (Web Session Cookie)

Parallel: Cookie Stealers

BTI-C04+1.0

White-Label

Tracking distributed through third parties, obscuring true origin

MITRE: T1195 (Supply Chain)

Parallel: SolarWinds Supply Chain

BTI-C05+1.0

Fourth Party

Data sent to vendors not in privacy policy

MITRE: T1041 (Exfil Over C2)

Parallel: C2 Communication

BTI-C06+1.0

Biometrics

Mouse movements, keystroke dynamics, touch gestures

MITRE: T1056 (Input Capture)

Parallel: Spyware

BTI-C07+0.5

Session Replay

Full session recording (FullStory, Hotjar, etc.)

MITRE: T1113 (Screen Capture)

Parallel: Screen Capture Malware

BTI-C08+0.5

Cookie Sync

ID syncing across ad networks and data brokers

MITRE: T1557 (AitM)

Parallel: Surveillance Networks

BTI-C09+1.5

Pre-Consent

Tracking executes before consent obtained

MITRE: T1562 (Impair Defenses)

Parallel: Authentication Bypass

BTI-C10+1.0

Fingerprinting

Canvas, WebGL, audio, font enumeration

MITRE: T1592 (Gather Host Info)

Parallel: Evercookies

PUBLISHED_ADVISORIES

3 Published

9.2BTSS

BTI-2025-0001CRITICALBTI-C01NO RESPONSE

RB2B(Retention.com)

50+ bot detection signatures disable tracking for compliance tools while maintaining full surveillance for real users. VW Dieselgate for MarTech.

Also:BTI-C03BTI-C09

VIEW

8.1BTSS

BTI-2025-0002HIGHBTI-C02DISCOVERED

ZoomInfo

Captures email addresses from form fields before submit, including browser autofill. Identical technique to banking trojan form grabbers.

Also:BTI-C09BTI-C06BTI-C10

VIEW

7.8BTSS

BTI-2025-0003HIGHBTI-C03DISCOVERED

IdentityMatrix

extractHems() function scans ALL browser storage for email addresses and hashes. Cookie stealer technique repackaged as 'identity resolution.'

Also:BTI-C05BTI-C08

PENDING_ADVISORIES

Mentioned but not published

BTI-2025-0004PENDING

Clay

BTI-C04

RB2B bundled invisibly to 1,500+ customers

BTI-2025-0005PENDING

Face2Face.io

BTI-C05

"stalkingSessionsCount" field

BTI-2025-0006PENDING

Sardine.ai

BTI-C06/C10

Pre-consent biometrics + fingerprinting

GAP_ANALYSIS

High-priority missing advisories

5 GAPS

Vendor	Category	Why Priority
Clay	BTI-C04	White-labels RB2B to 1,500+ customers
Warmly	BTI-C04	Bundles RB2B + Vector + Koala
6sense	Multiple	Major enterprise deployment
Clearbit	BTI-C03	HEM extraction at scale (HubSpot-owned)
Bombora	BTI-C08	Intent data syndication network

BTI_vs_BLK

BTI (Threat Intel)

Purpose: Offense — document what vendors are doing
Model: CVE-style advisories
Audience: Security teams, researchers
Scoring: BTSS (0-10)

BLK (Controls)

Purpose: Defense — detect if you're exposed
Model: ISO/NIST-style controls
Audience: GRC, legal, compliance
Scoring: HIGH/MEDIUM/LOW

Both are needed: BTI documents WHAT vendors are doing. BLK detects IF you're exposed.