Sign in Subscribe
3 min read Newsletter

Sources & Methods Newsletter #9 - May 2023

Hello again! I'm getting around to the May issue a little late, so I'll keep this bit short then dig into this month's source, articles, tools, tip, and events.

I'm happy to report that I've created another OpenCTI connector to share with you, this time for active DNS enrichment with Google DNS. Check it out under Tools.

Thanks for reading,

Matthew Conway (@mattreduce)

πŸ“ Sources

Ransomchats - A new repository of chat messages from ransomware negotiations in JSON format. The project also includes a convenient site for viewing the messages as a conversation if you don't need the raw data.

πŸ“° Articles

Andy Piazza - CTI is Better Served with Context: Getting better value from IOCs #IOCs #tactical #value

Google releases 8 new top-level domains #infrastructure #FYSA

Permiso - Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor #analysis #cloud

CERT-EU - Decoding the double-edged sword of Generative AI #strategic #analysis #AI #LLM

TrendMicro: New Info Stealer Bandit Stealer Targets Browsers, Wallets #malware #analysis #stealer

Tidal - The Ultimate Guide to Cyber Threat Profiling #threatprofile #howto

Mandiant - Navigating the Trade-Offs of Cyber Attribution #attribution #philosophy

πŸ›  Tools

Google DNS connector for OpenCTI :tada:

google-dns in OpenCTI-Platform/connectors

This OpenCTI connector provides active DNS enrichment of Domain Name Observables via Google's Public DNS API, which is free to use. I made it for access to timely, complete*, and inexpensive data about domains and hope it serves you well!

YETI 2.0 in alpha

github.com/yeti-platform/yeti@2.0-Alpha

The open source threat intelligence platform YETI sees a new 2.0 versionβ€”currently in alpha, so it's early daysβ€”that supports deployment via Docker and includes a whole new user interface. This version also removes investigation features.

synapse-webhook

github.com/captainGeech42/synapse-webhook

Here's a Rapid Power-Up for Vertex Synapse that enables posting to Slack, Discord, and Microsoft Teams via webhooks. You can incorporate it into automation as well as one-off queries.

Mango Languages

mangolanguages.com/find-mango

I've personally enjoyed and benefitted from learning new languages with Mango. I thought I'd share this resource since I found out you can use Mango free through many public libraries in the United States. Support your local public library, and try learning a new language to apply in your job (or just for fun)!

storm-snippets

github.com/vertexproject/storm-snippets

A new collection of interesting and useful snippets of the Storm query language, for use with Vertex Synapse.

PEAK Threat Hunting Framework

splunk.com/en_us/blog/security/peak-threat-hunting-framework

Splunk have introduced a new framework for threat hunting that they call PEAK, which stands for "Prepare, Execute, and Act with Knowledge." It covers three kinds of threat hunts: Hypothesis-Driven, Baseline, and Model-Assisted Threat Hunts (M-ATH). Check out the overview in this introductory blog post then read through the deeper dives they've posted since then.

ArchiveBox

archivebox.io

ArchiveBox is an open source, self-hosted tool for web archiving. It takes in URLs/browser history/bookmarks/Pocket/Pinboard/etc. and archives contents as HTML, JS, PDFs, media, and more. Import one at a time or on a scheduled basis. You might find it useful during research or investigation, when you can be sure you have source material saved and not observable by a third party.

πŸ’‘ Tip

"In order for answers to become clear, the questions have to be clear."

-- Abdulkarim Soroush

πŸ“† Events

USENIX Security '23

πŸ“ Anaheim, CA, US
πŸ“Š Conference Aug 9–11
🏒 Anaheim Marriott
πŸ”— https://www.usenix.org/conference/usenixsecurity23

Underground Economy Conference 2023

πŸ“ Prague, CZ
πŸ“Š Conference Sep 4-7
🏒 Prague Congress Center
πŸ”— CFP https://capsllc.wufoo.com/forms/ue23-speaker-submission/
πŸ”— Conference https://www.team-cymru.com/ue2023

Objective by the Sea v6

CFP is open now, and will close on June 30th.

πŸ“ Marbella, ES
πŸ“š Training Oct 9-11
πŸ“Š Conference Oct 12-13
🏒 Don Pepe (Gran MeliÑ)
πŸ”— CFP https://objectivebythesea.org/v6/cfp.html
πŸ”— Conference https://objectivebythesea.org/v6/cfp.html

hack.lu and CTI Summit

Two more weeks to submit a talk! You've got until 23:59 (Europe/Luxembourg) on June 16th.

πŸ“ Dommeldange, Luxembourg City, LU
πŸ“Š CTI Summit Oct 16-17
πŸ“Š Hack.lu Oct 18-19
🏒 Alvisse Parc Hotel
πŸ”— CFP https://pretalx.com/hack-lu-2023/cfp
πŸ”— Conference https://hack.lu/

Published by:

Matthew Conway

You might also like...

Apr
28

Sources & Methods Newsletter #18 - April 2024

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of
2 min read
Mar
10

Sources & Methods Newsletter #17 - March 2024

πŸ“ Sources Cloud Threat Landscape - Cloud-focused compilation of incidents, targeted tech, threat groups, tools, and techniques. Maintained by Wiz, who
2 min read
Jan
29

Sources & Methods Newsletter #16 - January 2024

Happy New Year! I hope your holidays were restful and you're ready to get back to it. At
2 min read
Dec
22

Sources & Methods Newsletter #15 - December 2023

I hope everyone had a great yearβ€”it was for Sources & Methods: * Moved the newsletter to Ghost.io to
3 min read
Nov
22

Sources & Methods Newsletter #14 - November 2023

Have questions or suggestions? Send them my way at sources.methods@protonmail.com. Thanks for reading, Matthew Conway (@mattreduce) πŸ“ Sources
2 min read

Member discussion