Feb. 26, 2023, 7:04 p.m.

[Sources & Methods] Issue 6

Sources & Methods

Issue #6 - February 2023

Welcome to issue six. I’m pleased to share that, as of this month, Sources & Methods has over 100 subscribers. Thanks for being one of them!

Details are shaping up for some of this year’s conferences. I chose four to feature across the United States, Mexico, and France. Check them out in the Events section at the end of the issue.

Thanks,

Matthew Conway (@mattreduce)

📁 Sources

Initial Access Broker Landscape - The initial access ecosystem is extensive. This visualization (in PNG and SVG formats) might help you wrap your head around it, too.

📰 Articles

Jamie Collier - Structured Analytical Techniques for Pragmatists #tradecraft

Proofpoint - OneNote Documents Increasingly Used to Deliver Malware #phishing #malware #trends

Scott Roberts - Effective Tagging in Synapse #tooling

SentinelOne - Cloud Credentials Phishing | Malicious Google Ads Target AWS Logins #phishing #analysis

Joe Słowik - Conceptualizing a Continuum of Cyber Threat Attribution #attribution

Bellingcat - Octosuite: A New Tool to Conduct Open Source Investigations on GitHub #osint #collection #tooling

🛠 Tools

octosuite

github.com/bellingcat/octosuite

A new, extensive OSINT tool for collecting on GitHub users and organizations.

stix-icons

github.com/eclecticiq/stix-icons

A collection of icons representing STIX objects and relationships for reports, presentations, or anything you like. Each icon is available in black, white, RGB, and CMYK in normal or rounded style, in PDF/PNG/SVG formats. There’s even a custom font in four formats! Made open source by EclecticIQ with a Creative Commons Attribution 4.0 International License.

fqdn_parser

github.com/jconwell/fqdn_parser

A Python library for parsing fully-qualified domain names (FQDNs) into each of their components, along with context about top-level domains (TLDs). Intelligently handles multi-label TLDs like .co.uk, Unicode, and “private suffixes” like herokuapp.com.

Vertex Synapse

github.com/vertexproject/synapse

The Vertex Project offer an open source “central intelligence system” you can use to collect, enrich, analyze, and integrate intelligence. There’s a great community around it and a powerful Enterprise version, as well.

sacti

github.com/COSSAS/sacti

SACTI provides a secure and anonymous mechanism to facilitate structural exchange of sightings and impact information in communities that employ the MISP platform.

💡 Tip

Can’t figure out a security/intelligence-related term or acronym? Try searching @BushidoUK’s CTI Lexicon. It’s a sizable reference that was updated just last month.

📆 Events

Botconf 2023

📍 Strasbourg, FR
📚 Training: Apr 11
📊 Conference: Apr 12–14
🏢 Hilton Strasbourg
🔗 https://www.botconf.eu

RISE Mexico 2023

Regional Internet Security Event co-hosted by LACNIC and Team Cymru

📍 Merida, MX
📊 Conference May 10-11
🔗 https://www.team-cymru.com/rise-mexico

SLEUTHCON ‘23

Submit your talk proposal by March 31st! The conference will pay $500 for each full 30 minute talk.

📍 Arlington, VA, US & Virtual
📊 Conference May 12
🏢 Hilton National Landing
🔗 CFP: https://www.sleuthcon.com/cfp
🔗 Event: https://www.sleuthcon.com

USENIX Security ‘23

📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
🔗 https://www.usenix.org/conference/usenixsecurity23

You just read issue #6 of Sources & Methods. You can also browse the full archives of this newsletter.

Share on Twitter Share on LinkedIn
Find Sources & Methods elsewhere: GitHub Twitter Mastodon
Brought to you by Buttondown, the easiest way to start and grow your newsletter.