Welcome to issue eight! A lot has happened since the last edition, although I suppose that’s the way it goes, eh? As you may have seen, both Breach Forums and Genesis Market are no more. Lockbit is even taking a crack at macOS—but development is off to a rocky start.
I’ve been spending part of my weekends steadily working on a website and blog for Sources & Methods, which you can see in part today at sourcesmethods.com. While developing a series of how-to articles for that blog on OpenCTI connector development, I created a YARA connector that has been accepted by the project and sits proudly in this month’s Tools section.
Thanks for reading,
Matthew Conway (@mattreduce)
Cloud Security Atlas - Datadog have released a new database of attacks, vulnerabilities, and misconfigurations affecting cloud infrastructure platforms.
SignalCorp - Getting Started with STIX Shifter #STIX #integration
Cado Security - Previously Undiscovered TeamTNT Payload Recently Surfaced #mining #operational #analysis
Jamie Collier - Driving Threat Intelligence the Right Way #program #requirements
Uptycs - MacStealer: New MacOS-based Stealer Malware Identified #macos #operational #analysis
Analytic Insider - Anticipating High Impact/Low Probability Events #strategic #tradecraft #reframing #SATs
Vertex Project - Analyzing a Suspected Russian Influence Operation with Synapse #analysis #tooling #howto
TheRecord - Lunch on The Record: Daniel Moore and Offensive Cyber Operations #CNO #interview #longreads
yara in OpenCTI-Platform/connectors
This OpenCTI connector enriches Artifact Observables by scanning their contents using every YARA Indicator in the system. When a rule matches, the connector creates a relationship between the Artifact and Indicator.
A collection of free intelligence product templates from the book Intelligence-Driven Incident Response.
Red Canary’s new Mac Monitor is a free, feature-rich monitoring tool for macOS built on top of Endpoint Security framework, available as a proper notarized executable with monitoring capabilities approved by Apple. You’ll find it handy for security research and malware analysis. Thanks, Red Canary, and congrats on the initial release!
Fetch Wayback Machine (Internet Archive) URLs for a given domain from the command-line.
Version 2.0 of the
pandas Python package is here, with enhancements, bug fixes, and performance improvements.
Making templates for written products saves you time, helps colleagues collaborate with you, and gives readers a consistent structure they can expect in the future. I even use a template (in Markdown) to create this newsletter each month!
Regional Internet Security Event co-hosted by LACNIC and Team Cymru
📍 Merida, MX
📊 Conference May 10-11
📍 Arlington, VA, US & Virtual
📊 Conference May 12
🏢 Hilton National Landing
🔗 Event: https://www.sleuthcon.com
📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
📍 Prague, CZ
📊 Conference Sep 4-7
🏢 Prague Congress Center
🔗 CFP https://capsllc.wufoo.com/forms/ue23-speaker-submission/
🔗 Conference https://www.team-cymru.com/ue2023
CFP is open now, and will close on June 30th, 2023
📍 Marbella, ES
📚 Training Oct 9-11
📊 Conference Oct 12-13
🏢 Don Pepe (Gran Meliá)
🔗 CFP https://objectivebythesea.org/v6/cfp.html
🔗 Conference https://objectivebythesea.org/v6/cfp.html