Issue #3 - November 2022

Welcome to issue 003 of Sources & Methods newsletter, the CYBERWARCON edition. What am I changing for this special edition? Well, not much, actually. But I am publishing early this time to kick off the conference! Stay tuned for a recap of CYBERWARCON and BRUNCHCON (yes).

📁 Sources

ORKL Cyber Threat Intelligence Library - “Over time, the goal is to collect a complete corpus of all publicly released CTI reports to be used as a reference in scientific research and CTI reporting”

📰 Articles

Hundreds of U.S. news sites push malware in supply-chain attack #malware

Beneath the surface: Uncovering the shift in web skimming - especially important as holiday shopping intensifies #trends #retail

[VIDEO] Pivoting from Art to Science #tradecraft #presentation

ENISA Threat Landscape 2022 #FYSA #trends

DFIR Report: Follina Exploit Leads to Domain Compromise #analysis

A Menu of Threat Intelligence Use Cases #program #stakeholders

🛠 Tools

DocIntel

github.com/docintelapp/DocIntel

(Now open source!) Platform for storing, organizing, and searching documents related to cyber threats.

badflare

github.com/LeeBrotherston/badflare

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down.

slack-tlp

github.com/magoo/slack-tlp

Slack emojis to indicate Traffic Light Protocol (TLP) marking of information shared in chat. I recommend using this alongside text-only TLP markings for clarity and accessibility, with these images as eye-catching enhancements.

osintui

github.com/wssheldon/osintui

Terminal UI for querying various OSINT data sources.

mattreduce/cti-self-study

github.com/mattreduce/cti-self-study

Remember Katie Nickels’ (@likethecoins) CTI Self Study Plan series from issue 001? I converted Katie’s great list of suggested things to read, watch, do, and think about related to CTI to an Obsidian notebook. If you’re working through the atudy plan, I hope like me you use this notebook template to track your progress and keep notes on what you learn. It even includes a plugin for annotating assigned reading if they’re in PDF or ePub format.

💡 Tip

The TryHackMe training platform now has a free Intro to Cyber Threat Intel “room” that’ll introduce you to CTI, some frameworks, and tools like YARA, OpenCTI, and MISP.

📆 Events

Cyber Threat Intelligence Summit 2023

📍 Arlington, VA, US & Virtual
✍️ CFP is closed
📊 Summit: Jan 30-31 2023
📚 Training: Feb 1-6 2023
🔗 https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2023/

Nov. 10, 2022, 6 a.m.

[Sources & Methods] Issue 3