The presentation starts with the introduction of Hourglass Model 2.0, a research framework allowing researchers with limited access to underground marketplace to further collect security intelligence leads that can be used for both threat prevention and and mitigation plan development. To better understand how to utilise this model, the second part of this talk will use an on-going research on 2FA bypassing underground services based in Southeast Asia, as an example. Researchers took an unseen, underground advertisement and initiated serious research on threat actor profiles, tools, tactics, procedures, victims, and the overall underground market landscape. The presentation is designed to share what we have learned so far and provide early warnings to the security community.