This is the first edition of Sources & Methods! I started this newsletter to share interesting sources, tools, articles and tips I come across related to Cyber Threat Intelligence and adjacent topics. I hope you find something you can use or learn from in every issue.
Disposable Email Domains - list of disposable email domains, which are often used for nefarious purposes.
AWS Customer Security Incidents - archive of publicly-disclosed security incidents involving Amazon Web Services.
Dead or Alive? An Emotet Story #analysis
Intelligence Requirements: the Sancho Panza of CTI #presentation
Self-hostable monitoring for detecting web content changes. Endless potential uses.
Obsidian is a Markdown knowledge base app for desktop and mobile devices. Portable data format, simple yet powerful system of linking and tagging, useful plugins.
QinetiQ were kind enough to share their Terraform configuration for deploying OpenCTI to AWS on ECS and Fargate along with various managed services. If you or your team can handle all of the cloud resources involved, this is a much better way to deploy OpenCTI than on a single server.
attack-lookup is a command-line tool for quickly looking up MITRE ATT&CK Tactics and Techniques by their numeric ID (or the opposite lookup).
Crossfeed is an attack surface monitoring tool from the US Cybersecurity and Infrastructure Security Agency (CISA) and Defense Digital Service. Starting from a root domain name, Crossfeed identifies assets and their vulnerabilities, presented in a nice web-based report. It supports manual and automated scans.
Good news: OpenCTI now supports consuming JSON MISP feeds without running a MISP instance
via the MISP Feed connector. 🎉