How This Briefing Works
This report opens with key findings, then maps the gaps between what Knock2 discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Claims vs. Observed Behavior
Pending Analysis
“Claims extraction pending”
CDT analysis critical — deanon vendors core function is identity resolution (BTI-C14)
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Knock2
- →do not deploy without full behavioral audit
- →review consent mechanisms for identity resolution
If You're Evaluating Knock2
- →critical-priority recon investigation — deanon vendors require immediate behavioral analysis
Negotiation Leverage
- →Baseline detection only — behavioral analysis is critical for deanon vendors
- →Identity resolution vendors operate at the intersection of privacy law and surveillance
- →Require complete data flow documentation including identity graph sources and retention policies
IOC Manifest
Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
No indicators in this category
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
4 detection signatures across scripts, domains, cookies, and network endpoints