Sign in Subscribe
1 min read Newsletter

Sources & Methods Newsletter #1 - September 2022

This is the first edition of Sources & Methods! I started this newsletter to share interesting sources, tools, articles and tips I come across related to Cyber Threat Intelligence and adjacent topics. I hope you find something you can use or learn from in every issue.

πŸ“ Sources

Disposable Email Domains - list of disposable email domains, which are often used for nefarious purposes.

AWS Customer Security Incidents - archive of publicly-disclosed security incidents involving Amazon Web Services.

πŸ“° Articles

A Cyber Threat Intelligence Self-Study Plan: Part 2 #resources

[UPDATED 2022-09-12] Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices #analysis #linux #botnet

FIRST Releases Traffic Light Protocol Version 2.0 with important updates #standards

Dead or Alive? An Emotet Story #analysis

Intelligence Requirements: the Sancho Panza of CTI #presentation

Using Python to unearth a goldmine of threat intelligence from leaked chat logs #howto #python

πŸ›  Tools

changedetection.io

github.com/dgtlmoon/changedetection.io

Self-hostable monitoring for detecting web content changes. Endless potential uses.

Obsidian

obsidian.md

Obsidian is a Markdown knowledge base app for desktop and mobile devices. Portable data format, simple yet powerful system of linking and tagging, useful plugins.

OpenCTI-Terraform

github.com/QinetiQ-Cyber-Intelligence/OpenCTI-Terraform

QinetiQ were kind enough to share their Terraform configuration for deploying OpenCTI to AWS on ECS and Fargate along with various managed services. If you or your team can handle all of the cloud resources involved, this is a much better way to deploy OpenCTI than on a single server.

attack-lookup

github.com/curated-intel/attack-lookup

attack-lookup is a command-line tool for quickly looking up MITRE ATT&CK Tactics and Techniques by their numeric ID (or the opposite lookup).

crossfeed

github.com/cisagov/crossfeed

Crossfeed is an attack surface monitoring tool from the US Cybersecurity and Infrastructure Security Agency (CISA) and Defense Digital Service. Starting from a root domain name, Crossfeed identifies assets and their vulnerabilities, presented in a nice web-based report. It supports manual and automated scans.

πŸ’‘ Tip

Good news: OpenCTI now supports consuming JSON MISP feeds without running a MISP instance
via the MISP Feed connector. πŸŽ‰

Published by:

Matthew Conway

You might also like...

Apr
28

Sources & Methods Newsletter #18 - April 2024

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of
2 min read
Mar
10

Sources & Methods Newsletter #17 - March 2024

πŸ“ Sources Cloud Threat Landscape - Cloud-focused compilation of incidents, targeted tech, threat groups, tools, and techniques. Maintained by Wiz, who
2 min read
Jan
29

Sources & Methods Newsletter #16 - January 2024

Happy New Year! I hope your holidays were restful and you're ready to get back to it. At
2 min read
Dec
22

Sources & Methods Newsletter #15 - December 2023

I hope everyone had a great yearβ€”it was for Sources & Methods: * Moved the newsletter to Ghost.io to
3 min read
Nov
22

Sources & Methods Newsletter #14 - November 2023

Have questions or suggestions? Send them my way at sources.methods@protonmail.com. Thanks for reading, Matthew Conway (@mattreduce) πŸ“ Sources
2 min read

Member discussion