Issue #6 - February 2023
Welcome to issue six. I’m pleased to share that, as of this month, Sources & Methods has over 100 subscribers. Thanks for being one of them!
Details are shaping up for some of this year’s conferences. I chose four to feature across the United States, Mexico, and France. Check them out in the Events section at the end of the issue.
Thanks,
Matthew Conway (@mattreduce)
📁 Sources
Initial Access Broker Landscape - The initial access ecosystem is extensive. This visualization (in PNG and SVG formats) might help you wrap your head around it, too.
📰 Articles
Jamie Collier - Structured Analytical Techniques for Pragmatists #tradecraft
Proofpoint - OneNote Documents Increasingly Used to Deliver Malware #phishing #malware #trends
Scott Roberts - Effective Tagging in Synapse #tooling
SentinelOne - Cloud Credentials Phishing | Malicious Google Ads Target AWS Logins #phishing #analysis
Joe Słowik - Conceptualizing a Continuum of Cyber Threat Attribution #attribution
Bellingcat - Octosuite: A New Tool to Conduct Open Source Investigations on GitHub #osint #collection #tooling
🛠 Tools
octosuite
github.com/bellingcat/octosuite
A new, extensive OSINT tool for collecting on GitHub users and organizations.
stix-icons
github.com/eclecticiq/stix-icons
A collection of icons representing STIX objects and relationships for reports, presentations, or anything you like. Each icon is available in black, white, RGB, and CMYK in normal or rounded style, in PDF/PNG/SVG formats. There’s even a custom font in four formats! Made open source by EclecticIQ with a Creative Commons Attribution 4.0 International License.
fqdn_parser
github.com/jconwell/fqdn_parser
A Python library for parsing fully-qualified domain names (FQDNs) into each of their components, along with context about top-level domains (TLDs). Intelligently handles multi-label TLDs like .co.uk, Unicode, and “private suffixes” like herokuapp.com.
Vertex Synapse
github.com/vertexproject/synapse
The Vertex Project offer an open source “central intelligence system” you can use to collect, enrich, analyze, and integrate intelligence. There’s a great community around it and a powerful Enterprise version, as well.
sacti
SACTI provides a secure and anonymous mechanism to facilitate structural exchange of sightings and impact information in communities that employ the MISP platform.
💡 Tip
Can’t figure out a security/intelligence-related term or acronym? Try searching @BushidoUK’s CTI Lexicon. It’s a sizable reference that was updated just last month.
📆 Events
Botconf 2023
📍 Strasbourg, FR
📚 Training: Apr 11
📊 Conference: Apr 12–14
🏢 Hilton Strasbourg
🔗 https://www.botconf.eu
RISE Mexico 2023
Regional Internet Security Event co-hosted by LACNIC and Team Cymru
📍 Merida, MX
📊 Conference May 10-11
🔗 https://www.team-cymru.com/rise-mexico
SLEUTHCON ‘23
Submit your talk proposal by March 31st! The conference will pay $500 for each full 30 minute talk.
📍 Arlington, VA, US & Virtual
📊 Conference May 12
🏢 Hilton National Landing
🔗 CFP: https://www.sleuthcon.com/cfp
🔗 Event: https://www.sleuthcon.com
USENIX Security ‘23
📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
🔗 https://www.usenix.org/conference/usenixsecurity23