Welcome to issue six. I’m pleased to share that, as of this month, Sources & Methods has over 100 subscribers. Thanks for being one of them!
Details are shaping up for some of this year’s conferences. I chose four to feature across the United States, Mexico, and France. Check them out in the Events section at the end of the issue.
Thanks,
Matthew Conway (@mattreduce)
Initial Access Broker Landscape - The initial access ecosystem is extensive. This visualization (in PNG and SVG formats) might help you wrap your head around it, too.
Jamie Collier - Structured Analytical Techniques for Pragmatists #tradecraft
Proofpoint - OneNote Documents Increasingly Used to Deliver Malware #phishing #malware #trends
Scott Roberts - Effective Tagging in Synapse #tooling
SentinelOne - Cloud Credentials Phishing | Malicious Google Ads Target AWS Logins #phishing #analysis
Joe Słowik - Conceptualizing a Continuum of Cyber Threat Attribution #attribution
Bellingcat - Octosuite: A New Tool to Conduct Open Source Investigations on GitHub #osint #collection #tooling
github.com/bellingcat/octosuite
A new, extensive OSINT tool for collecting on GitHub users and organizations.
github.com/eclecticiq/stix-icons
A collection of icons representing STIX objects and relationships for reports, presentations, or anything you like. Each icon is available in black, white, RGB, and CMYK in normal or rounded style, in PDF/PNG/SVG formats. There’s even a custom font in four formats! Made open source by EclecticIQ with a Creative Commons Attribution 4.0 International License.
github.com/jconwell/fqdn_parser
A Python library for parsing fully-qualified domain names (FQDNs) into each of their components, along with context about top-level domains (TLDs). Intelligently handles multi-label TLDs like .co.uk
, Unicode, and “private suffixes” like herokuapp.com
.
github.com/vertexproject/synapse
The Vertex Project offer an open source “central intelligence system” you can use to collect, enrich, analyze, and integrate intelligence. There’s a great community around it and a powerful Enterprise version, as well.
SACTI provides a secure and anonymous mechanism to facilitate structural exchange of sightings and impact information in communities that employ the MISP platform.
Can’t figure out a security/intelligence-related term or acronym? Try searching @BushidoUK’s CTI Lexicon. It’s a sizable reference that was updated just last month.
📍 Strasbourg, FR
📚 Training: Apr 11
📊 Conference: Apr 12–14
🏢 Hilton Strasbourg
🔗 https://www.botconf.eu
Regional Internet Security Event co-hosted by LACNIC and Team Cymru
📍 Merida, MX
📊 Conference May 10-11
🔗 https://www.team-cymru.com/rise-mexico
Submit your talk proposal by March 31st! The conference will pay $500 for each full 30 minute talk.
📍 Arlington, VA, US & Virtual
📊 Conference May 12
🏢 Hilton National Landing
🔗 CFP: https://www.sleuthcon.com/cfp
🔗 Event: https://www.sleuthcon.com
📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
🔗 https://www.usenix.org/conference/usenixsecurity23