Issue #8 - April 2023
Welcome to issue eight! A lot has happened since the last edition, although I suppose that’s the way it goes, eh? As you may have seen, both Breach Forums and Genesis Market are no more. Lockbit is even taking a crack at macOS—but development is off to a rocky start.
I’ve been spending part of my weekends steadily working on a website and blog for Sources & Methods, which you can see in part today at sourcesmethods.com. While developing a series of how-to articles for that blog on OpenCTI connector development, I created a YARA connector that has been accepted by the project and sits proudly in this month’s Tools section.
Thanks for reading,
Matthew Conway (@mattreduce)
📁 Sources
Cloud Security Atlas - Datadog have released a new database of attacks, vulnerabilities, and misconfigurations affecting cloud infrastructure platforms.
📰 Articles
SignalCorp - Getting Started with STIX Shifter #STIX #integration
Cado Security - Previously Undiscovered TeamTNT Payload Recently Surfaced #mining #operational #analysis
Jamie Collier - Driving Threat Intelligence the Right Way #program #requirements
Uptycs - MacStealer: New MacOS-based Stealer Malware Identified #macos #operational #analysis
Analytic Insider - Anticipating High Impact/Low Probability Events #strategic #tradecraft #reframing #SATs
Vertex Project - Analyzing a Suspected Russian Influence Operation with Synapse #analysis #tooling #howto
TheRecord - Lunch on The Record: Daniel Moore and Offensive Cyber Operations #CNO #interview #longreads
🛠 Tools
YARA connector for OpenCTI :tada:
yara in OpenCTI-Platform/connectors
This OpenCTI connector enriches Artifact Observables by scanning their contents using every YARA Indicator in the system. When a rule matches, the connector creates a relationship between the Artifact and Indicator.
intelligence-product-templates
github.com/intelligence-driven-incident-response/intelligence-product-templates
A collection of free intelligence product templates from the book Intelligence-Driven Incident Response.
mac-monitor
github.com/redcanaryco/mac-monitor
Red Canary’s new Mac Monitor is a free, feature-rich monitoring tool for macOS built on top of Endpoint Security framework, available as a proper notarized executable with monitoring capabilities approved by Apple. You’ll find it handy for security research and malware analysis. Thanks, Red Canary, and congrats on the initial release!
waybackurls
github.com/tomnomnom/waybackurls
Fetch Wayback Machine (Internet Archive) URLs for a given domain from the command-line.
pandas v2.0
Version 2.0 of the pandas Python package is here, with enhancements, bug fixes, and performance improvements.
💡 Tip
Making templates for written products saves you time, helps colleagues collaborate with you, and gives readers a consistent structure they can expect in the future. I even use a template (in Markdown) to create this newsletter each month!
📆 Events
RISE Mexico 2023
Regional Internet Security Event co-hosted by LACNIC and Team Cymru
📍 Merida, MX
📊 Conference May 10-11
🔗 https://www.team-cymru.com/rise-mexico
SLEUTHCON ‘23
📍 Arlington, VA, US & Virtual
📊 Conference May 12
🏢 Hilton National Landing
🔗 Event: https://www.sleuthcon.com
USENIX Security ‘23
📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
🔗 https://www.usenix.org/conference/usenixsecurity23
Underground Economy Conference 2023
📍 Prague, CZ
📊 Conference Sep 4-7
🏢 Prague Congress Center
🔗 CFP https://capsllc.wufoo.com/forms/ue23-speaker-submission/
🔗 Conference https://www.team-cymru.com/ue2023
Objective by the Sea v6
CFP is open now, and will close on June 30th, 2023
📍 Marbella, ES
📚 Training Oct 9-11
📊 Conference Oct 12-13
🏢 Don Pepe (Gran Meliá)
🔗 CFP https://objectivebythesea.org/v6/cfp.html
🔗 Conference https://objectivebythesea.org/v6/cfp.html