Sign in Subscribe
1 min read Newsletter

Sources & Methods Newsletter #3 - November 2022

Welcome to issue 003 of Sources & Methods newsletter, the CYBERWARCON edition. What am I changing for this special edition? Well, not much, actually. But I am publishing early this time to kick off the conference! Stay tuned for a recap of CYBERWARCON and BRUNCHCON (yes).

πŸ“ Sources

ORKL Cyber Threat Intelligence Library - "Over time, the goal is to collect a complete corpus of all publicly released CTI reports to be used as a reference in scientific research and CTI reporting"

πŸ“° Articles

Hundreds of U.S. news sites push malware in supply-chain attack #malware

Beneath the surface: Uncovering the shift in web skimming - especially important as holiday shopping intensifies #trends #retail

[VIDEO] Pivoting from Art to Science #tradecraft #presentation

ENISA Threat Landscape 2022 #FYSA #trends

DFIR Report: Follina Exploit Leads to Domain Compromise #analysis

A Menu of Threat Intelligence Use Cases #program #stakeholders

πŸ›  Tools

DocIntel

github.com/docintelapp/DocIntel

(Now open source!) Platform for storing, organizing, and searching documents related to cyber threats.

badflare

github.com/LeeBrotherston/badflare

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down.

slack-tlp

github.com/magoo/slack-tlp

Slack emojis to indicate Traffic Light Protocol (TLP) marking of information shared in chat. I recommend using this alongside text-only TLP markings for clarity and accessibility, with these images as eye-catching enhancements.

osintui

github.com/wssheldon/osintui

Terminal UI for querying various OSINT data sources.

mattreduce/cti-self-study

github.com/mattreduce/cti-self-study

Remember Katie Nickels' (@likethecoins) CTI Self Study Plan series from issue 001? I converted Katie's great list of suggested things to read, watch, do, and think about related to CTI to an Obsidian notebook. If you're working through the atudy plan, I hope like me you use this notebook template to track your progress and keep notes on what you learn. It even includes a plugin for annotating assigned reading if they're in PDF or ePub format.

πŸ’‘ Tip

The TryHackMe training platform now has a free Intro to Cyber Threat Intel "room" that'll introduce you to CTI, some frameworks, and tools like YARA, OpenCTI, and MISP.

πŸ“† Events

Cyber Threat Intelligence Summit 2023

πŸ“ Arlington, VA, US & Virtual
✍️ CFP is closed
πŸ“Š Summit: Jan 30-31 2023
πŸ“š Training: Feb 1-6 2023
πŸ”— https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2023/

Published by:

Matthew Conway

You might also like...

Mar
10

Sources & Methods Newsletter #17 - March 2024

πŸ“ Sources Cloud Threat Landscape - Cloud-focused compilation of incidents, targeted tech, threat groups, tools, and techniques. Maintained by Wiz, who
2 min read
Jan
29

Sources & Methods Newsletter #16 - January 2024

Happy New Year! I hope your holidays were restful and you're ready to get back to it. At
2 min read
Dec
22

Sources & Methods Newsletter #15 - December 2023

I hope everyone had a great yearβ€”it was for Sources & Methods: * Moved the newsletter to Ghost.io to
3 min read
Nov
22

Sources & Methods Newsletter #14 - November 2023

Have questions or suggestions? Send them my way at sources.methods@protonmail.com. Thanks for reading, Matthew Conway (@mattreduce) πŸ“ Sources
2 min read
Oct
17

Sources & Methods Newsletter #13 - October 2023

πŸ“ Sources Living off the Foreign Land Cmdlets and Binaries - In the style of LOLBins, a collection of trusted Microsoft
2 min read

Member discussion