Sign in Subscribe
3 min read Newsletter

Sources & Methods Newsletter #15 - December 2023

I hope everyone had a great yearโ€”it was for Sources & Methods:

In 2024, expect more original analysis under The Finished Product, the launch of The Gist, more open source development work in the CTI community, and of course the monthly newsletter.

Happy holidays,

Matthew Conway (@mattreduce)

๐Ÿ“ Sources

RMM Catalogue - Open source collection of (aspirationally) all known Remote Management and Monitoring (RMM) tools. See any tools missing? Help everyone out and open a Pull Request!

๐Ÿ“ฐ Information

John Doyle - Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 1) #writing #trending

OSINT Combine - OSINT Collection Schema #OSINT #collection

Joe Slowik - Orienting Intelligence Requirements to the Small Business Space #requirements #SMB

Amitai Cohen - Achieving Research Fluency #research #tradecraft

ENISA Threat Landscape 2023 #landscape #EU #longreads

mthcht - How Threat Actors Use GitHub #operational #analysis #infrastructure

MITRE - How does an idea become a MITRE ATT&CKยฎ technique? #ATTCK

ROK-NIS, UK-NCSC - DPRK state-linked cyber actors conduct software supply chain attacks #operational #analysis #DPRK #supplychain

SANS - FOR589: Cybercrime Intelligence - NEW SANS DFIR Course coming in 2024 #training #cybercrime

US CISA - Enabling Threat-Informed Cybersecurity: Evolving CISAโ€™s Approach to Cyber Threat Information Sharing #gov #sharing

๐Ÿ›  Tools

OpenCVE

github.com/opencve/opencve

Thanks to Scott Small from Tidal Cyber for the heads-up about this free and open source CVE alerting platform. OpenCVE is a web-based system for monitoring new CVEs, exploring them by vendor and product, and receiving notifications when new CVEs are issued that meet your criteria (product, score, references, etc).

go-hhhash

github.com/hrbrmstr/go-hhhash

Here's a Golang implementation of HTTP Headers Hashing (HHHash). With it, you can fingerprint a given HTTP server using that technique in your Go-based scripts or other automation.

IOC Parser

iocparser.com

Free service and API for extracting atomic IOCs from a piece of text or web content at a URL.

lingua-py

github.com/pemistahl/lingua-py

A Python library for detecting natural language in short or long samples, no external service or API required. You could use this when handling everything from open source data to strings in binaries. Check this out:

>>> from lingua import Language, LanguageDetectorBuilder
>>> languages = [Language.ENGLISH, Language.FRENCH, Language.GERMAN, Language.SPANISH]
>>> detector = LanguageDetectorBuilder.from_languages(*languages).build()
>>> language = detector.detect_language_of("languages are awesome")
>>> language
Language.ENGLISH
>>> language.iso_code_639_1
IsoCode639_1.EN
>>> language.iso_code_639_1.name
'EN'
>>> language.iso_code_639_3
IsoCode639_3.ENG
>>> language.iso_code_639_3.name
'ENG'

cwe2stix

github.com/signalscorps/cwe2stix

Turn MITRE Common Weakness Enumerations (CWEs) into STIX 2.1 Objects from the command line.

scrapedown

github.com/ozanmakes/scrapedown

This self-hostable API runs as a Cloudflare Worker and, given a URL pointing to some public material, will extract content and metadata. It can even scrape article contents excluding sidebars, ads, and article suggestions that can muddy automatically ingested reports.

MetaOSINT v3

metaosint.github.io

Version 3 of MetaOSINT refreshes an essential starting point for OSINT investigations. Not only does it point you in the direction of OSINT tools and resources, but you'll know which of them are popular among practitioners, saving you from trying 5 tools to find they're broken or superseded.

memos

usememos.com

A very polished collaborative note-taking service you can run yourself to ensure privacy and operations security. Supports Markdown content, runnable with Docker, has a REST API. Maybe this is the right fit for your research or sharing group.

๐Ÿ’ก Tip

Keep a personal notebook on threat groups, malware, and TTPs you find interesting, then update it every time you read about or discuss those things. It could be as simple as a single Markdown file, to a more advanced note taking system like Obsidian, or a personal deployment of Vertex Synapse or OpenCTI. Stay tuned for tips on how to use OpenCTI this way on Sources & Methods.

๐Ÿ“† Events

2023 is practically over! Here are some great events you can attend in 2024:

SANS CTI SUMMIT

๐Ÿ“ Washington, DC, US and online
๐Ÿ“Š Summit: Jan 29-30
๐Ÿ“Š Training: Jan 31 - Feb 5
๐Ÿ”— https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2024/

FIRST CTI

๐Ÿ“ Mercure Hotel MOA Berlin
๐Ÿ“Š April 15-17
https://www.first.org/conference/firstcti24/

BSidesSF

CFP for presentations and panels closes January 8, 2024
CFP for workshops, villages, and BoF will close on February 5, 2024

๐Ÿ“ San Francisco, CA, US
๐Ÿ“Š Conference May 4-5
๐Ÿ”— CFP https://bsidessf.org/cfp

Published by:

Matthew Conway

You might also like...

Apr
28

Sources & Methods Newsletter #18 - April 2024

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of
2 min read
Mar
10

Sources & Methods Newsletter #17 - March 2024

๐Ÿ“ Sources Cloud Threat Landscape - Cloud-focused compilation of incidents, targeted tech, threat groups, tools, and techniques. Maintained by Wiz, who
2 min read
Jan
29

Sources & Methods Newsletter #16 - January 2024

Happy New Year! I hope your holidays were restful and you're ready to get back to it. At
2 min read
Nov
22

Sources & Methods Newsletter #14 - November 2023

Have questions or suggestions? Send them my way at sources.methods@protonmail.com. Thanks for reading, Matthew Conway (@mattreduce) ๐Ÿ“ Sources
2 min read
Oct
17

Sources & Methods Newsletter #13 - October 2023

๐Ÿ“ Sources Living off the Foreign Land Cmdlets and Binaries - In the style of LOLBins, a collection of trusted Microsoft
2 min read

Member discussion