Sources & Methods Newsletter #2 - October 2022

Hello to all the new subscribers—I hope you get something out of every issue. I have a few updates this time:

• SRC&MTD IRL: I'll be at CYBERWARCON November 10-11 in Washington, D.C. I hope to see some of you there!
• Custom domain: I've moved newsletter archives to newsletter.sourcesmethods.com and email delivery to sourcesmethods.com. Please update your contacts or email rules accordingly, which should stay the same going forward.
• Events: I've also added a new Events section to announce dates for conferences and other happenings. If there are any upcoming dates I should be aware of or conferences I should track every year, let me know at hello@sourcesmethods.com.

📁 Sources

deepdarkCTI - Collection of Cyber Threat Intelligence sources from the deep and dark web

📰 Articles

Introducing Campaigns to MITRE ATT&CK #standards

8220 Gang Cloud Botnet Targets Misconfigured Cloud Workloads #analysis #botnet

The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities #analysis #malware

Welcome “Frappo” – The New Phishing-As-A-Service Used By Cybercriminals To Attack Customers Of Major Financial Institutions And Online-Retailers #phishing #ecosystem

MISP 2.4.164 released with new tag relationship feature, improvements and a security fix #tools #MISP

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 #analysis #Exchange #vulnerability

Breaking Into the CTI Field: Demystifying the Interview Process and Practice Interview Questions #career

🛠 Tools

markwhen

github.com/kochrt/markwhen

Markwhen is a text-to-timeline tool. You write markdown-ish text and it gets converted into a nice looking cascading timeline.

vk-url-scraper

github.com/bellingcat/vk-url-scraper

Scrape VK URLs to fetch info and media - Python API or command line tool.

stixview

github.com/traut/stixview

STIX2 graph visualisation library in JS.

telegram-phone-number-checker

github.com/bellingcat/telegram-phone-number-checker

Script to check whether a specific phone number is connected to a Telegram account.

yari

github.com/avast/yari

yari is an interactive debugger for YARA.

Periodic Table of Visualization Methods

www.visual-literacy.org/periodic_table/periodic_table.html

An interesting reference to help you find the right visualization for the data/information you're describing. Hopefully this provides some inspiration for your documents and slides!

💡 Tip

Did you know you can build your own Vertex Synapse Power-Up? Check out the official guide and give it a go.

📆 Events

FIRST Cyber Threat Intelligence Symposium 2022

📍 Berlin, DE
📚 Training Nov 1
📊 Conference Nov 2-3
🏢 Mercure Hotel MOA
🔗 https://www.first.org/events/symposium/berlin2022/program

CYBERWARCON 2022

📍 Arlington, VA, US & Virtual
📊 Conference Nov 10
🍳 BRUNCHCON Nov 11 - Hilton Crystal City
🏢 Hyatt Regency Crystal City
🔗 https://www.cyberwarcon.com/
🔗 https://www.cyberwarcon.com/brunchcon

Cyber Threat Intelligence Summit 2023

Submit your talk proposal by tomorrow, October 18th, to speak next January!

📍 Arlington, VA, US & Virtual
✍️ CFP closes Tuesday, October 18th at 5 pm CDT
📊 Summit: Jan 30-31 2023
📚 Training: Feb 1-6 2023
🔗 CFP: https://www.sans.org/mlp/cti-summit-cfp/
🔗 Event: https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2023/