Sources & Methods Newsletter #10 - July 2023
Hello! This month, I'm celebrating another milestone in this newsletter's humble history—issue number ten. Here's to many more.
Thanks for reading,
Matthew Conway (@mattreduce)
📁 Sources
EmailRep - I recently discovered EmailRep, an email reputation service and API from Sublime Security, that you can use to quickly judge an email sender based on various reputational factors. Its API is free up to 250 queries per month, but if you need a higher limit or would like support, there are also paid plans. Hope you find it useful.
📰 Articles
Ondra Rojčík - From Descriptions to Impact: Unlocking the Power of Basic Cyber Threat Intelligence Questions #reporting #tradecraft
Scott Roberts - Getting Started with Synapse #tooling
Jamie Collier - From Information Sharing to Building a Collective View of Intelligence #sharing #community
Vertex Project - From Group to Individual: Modeling InformNapalm’s Article on Sergey Morgachev of APT28 #investigation #analysis #tooling
Matt Richard - Common Cyber Threat Intel Biases #analysis #bias
Wiz - Linux rootkits explained – Part 1: Dynamic linker hijacking #linux #rootkit #ttps
Atlantic Council - Cross-community perspectives on cyber threat intelligence and policy #policy
🛠 Tools
Prot1ntelligence
github.com/C3n7ral051nt4g3ncy/Prot1ntelligence
Convenient Python script that talks to the ProtonMail API to validate PM email addresses, reveal catch-all addresses, and estimate account creation date.
CTI Blueprints
github.com/center-for-threat-informed-defense/cti-blueprints
The Center for Threat Informed Defense released CTI Blueprints, a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.
Evidence
github.com/evidence-dev/evidence
Evidence is an open source toolkit for building reports involving data analysis using SQL and Markdown, connecting to datastores including Snowflake, PostgreSQL, and SQLite.
OSM Search
github.com/bellingcat/osm-search
A user friendly way to search OpenStreetMap data for features in proximity to each other, from Bellingcat.
mitre_attack_csv
github.com/stmtstk/mitre_attack_csv
This project provides CSV files of STIX SDO and SRO objects that make up the MITRE ATT&CK dataset, as well as a Python script to generate the CSVs for the ATT&CK matrix of your choice.
powerup-assemblyline
github.com/usaa/powerup-assemblyline
This Power Up for Vertex Synapse integrates the analysis platform with Assemblyline, an open source pipeline for triaging and analyzing suspicious files.
💡 Tip
Understanding the threat landscape as it relates to your organization is a powerful focusing and enabling factor for your entire security program. Don't hold out for perfection before you even get started on this work—if you want to know where to start, check out the Threat Profiling guide I shared in issue #9 by Tidal Cyber.
📆 Events
USENIX Security '23
📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
🔗 https://www.usenix.org/conference/usenixsecurity23
Underground Economy Conference 2023
📍 Prague, CZ
📊 Conference Sep 4-7
🏢 Prague Congress Center
🔗 Conference https://www.team-cymru.com/ue2023
Objective by the Sea v6
📍 Marbella, ES
📚 Training Oct 9-11
📊 Conference Oct 12-13
🏢 Don Pepe (Gran Meliá)
🔗 Conference https://objectivebythesea.org/v6/cfp.html
hack.lu and CTI Summit
📍 Dommeldange, Luxembourg City, LU
📊 CTI Summit Oct 16-17
📊 Hack.lu Oct 18-19
🏢 Alvisse Parc Hotel
🔗 Conference https://hack.lu/
ATT&CKcon 4.0
📍 McLean, VA, US & Virtual
📊 Conference Oct 24-25
🏢 MITRE campus, McLean, VA
🔗 https://www.mitre.org/events/attckcon-40
Member discussion