Investigation Colophon · Methodology · Provenance

About this investigation

Full audit trail of how this report was produced — target identification, analytical techniques applied, tools that ran, gaps recorded, and the schema and skill versions used. Reproducibility is a forensic posture.

Confirmed Target · Type: Org

BlackRock, Inc.

blackrock.com

BlackRock, Inc. is an American multinational investment management corporation and the world's largest asset manager, headquartered in New York City.

Founded 1988
Headquartered in New York City
Manages over $10 trillion in assets globally
Ticker: BLK

§ 01

Investigation Metadata

Provenance

Investigation ID: 89ec9c6d-f482-4e2b-9f29-f0139d8c65c7
Created: 2026-06-15 14:25:40.07
Recon Started: —
Recon Completed: 2026-06-15 23:23:40.23 · 538m 0s
Analysis Completed: 2026-06-15 23:35:00.00 · 11m 40s
Total Duration: 549m 40s · within 60-minute walltime budget
Wave Budget: 27 enabled tools × multiplier 3 = 81 tool calls per wave
Stopping Rule M: 5 consecutive empty calls · fired in Wave 5
Artifact Location: [redacted]

§ 02

Analytical Methodology

Structured analytic techniques · ICD 203

KAC Applied

Surfaced 5 implicit assumptions across identity/currency/completeness/source-integrity/intentionality. Two HIGH-sensitivity assumptions: (a) Hunter-derived employee surface is current as of investigation, (b) Aladdin client tenant CT enumeration is representative not exhaustive. One MOD-sensitivity + MOD-confidence: analyst training cutoff Aug 2025 limits personnel-fact verifiability — folded into kj_010.

ACH Applied

Generated 4 hypotheses (H1 mature/uniformly hardened; H2 strong core + uneven periphery; H3 systemic gaps; H4 deliberate-exposure tradeoff). Scored against high-Admiralty evidence rows. H2 leads with ~0-2 weighted inconsistency; H1 carries ~9 weighted inconsistency (ishares.nl, no CAA, DMARC quarantine, iunits expiry, MDN F); H3 carries ~8 (active HackerOne + multi-tenant Okta + cert hygiene rule it out). H4 not credible given peripheral gaps include investor-facing surfaces.

Premortem Applied

Tested H2 from the failure direction. Failure modes considered: (1) Harbor/Artifactory reachability if VPN/SSO weaker than evidence suggests (kj_005 conditioned); (2) DNRAdmin breach-corpus exposure unchecked (kj_011 surfaced gap); (3) analyst-knowledge fields stale post-Aug 2025 (kj_010 surfaced). All three folded into key judgments with confidence calibration.

Red Hat Applied

Org target with deep evidence base; conditions met. Produced 12 red vectors prioritized by payoff/effort; 11 paired blue controls + 4 baseline. Anchored Aladdin-tenant phishing (R-01) and the iunits/gachallenge expiry cluster (R-02) as headline vectors.

§ 03

Coverage

Schema v1.0

270

Entities

211

Relationships

122

Evidence

Judgments

Timeline

Geo

Confidence Distribution · Key Judgments

5 · High

6 · Moderate

High · multi-source, no surviving alternatives Moderate · KAC stress or ACH margin Low · sparse base or explicit caveat

§ 04

Tools Engaged

27 enabled · 14 fired · 1 gap

analyst 6

analyst-inference 1

analyst_knowledge 11

brave_web_search 1

certspotter_enumerate 12

codex 11

crtsh_search 3

dns_lookup 36

dns_mail_auth 5

hunter_domain_search 4

prestage 16

prestage.json baseline (dns_mail_auth + rdap + DNS) 1

rdap_domain 13

reference 2

brave_web_search gap

§ 05

Tool Gaps

1 methodology steps could not run

brave_web_search: Methodology step · wave_5 · HTTP 402 USAGE_LIMIT_EXCEEDED — Brave Search monthly quota exhausted; press/breach-corpus dimension under-collected (see ev_110).

Integrity Hash

sha256:d38147f07c4b0b4998dc763f1398f45e70f32b08598f1ed5c7e07b2899825459