2 min read

Sources & Methods Newsletter #10 - July 2023

Hello! This month, I'm celebrating another milestone in this newsletter's humble history—issue number ten. Here's to many more.

Thanks for reading,

Matthew Conway (@mattreduce)

📁 Sources

EmailRep - I recently discovered EmailRep, an email reputation service and API from Sublime Security, that you can use to quickly judge an email sender based on various reputational factors. Its API is free up to 250 queries per month, but if you need a higher limit or would like support, there are also paid plans. Hope you find it useful.

📰 Articles

Ondra Rojčík - From Descriptions to Impact: Unlocking the Power of Basic Cyber Threat Intelligence Questions #reporting #tradecraft

Scott Roberts - Getting Started with Synapse #tooling

Jamie Collier - From Information Sharing to Building a Collective View of Intelligence #sharing #community

Vertex Project - From Group to Individual: Modeling InformNapalm’s Article on Sergey Morgachev of APT28 #investigation #analysis #tooling

Matt Richard - Common Cyber Threat Intel Biases #analysis #bias

Wiz - Linux rootkits explained – Part 1: Dynamic linker hijacking #linux #rootkit #ttps

Atlantic Council - Cross-community perspectives on cyber threat intelligence and policy #policy

🛠 Tools

Prot1ntelligence

github.com/C3n7ral051nt4g3ncy/Prot1ntelligence

Convenient Python script that talks to the ProtonMail API to validate PM email addresses, reveal catch-all addresses, and estimate account creation date.

CTI Blueprints

github.com/center-for-threat-informed-defense/cti-blueprints

The Center for Threat Informed Defense released CTI Blueprints, a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.

Evidence

github.com/evidence-dev/evidence

Evidence is an open source toolkit for building reports involving data analysis using SQL and Markdown, connecting to datastores including Snowflake, PostgreSQL, and SQLite.

github.com/bellingcat/osm-search

A user friendly way to search OpenStreetMap data for features in proximity to each other, from Bellingcat.

mitre_attack_csv

github.com/stmtstk/mitre_attack_csv

This project provides CSV files of STIX SDO and SRO objects that make up the MITRE ATT&CK dataset, as well as a Python script to generate the CSVs for the ATT&CK matrix of your choice.

powerup-assemblyline

github.com/usaa/powerup-assemblyline

This Power Up for Vertex Synapse integrates the analysis platform with Assemblyline, an open source pipeline for triaging and analyzing suspicious files.

💡 Tip

Understanding the threat landscape as it relates to your organization is a powerful focusing and enabling factor for your entire security program. Don't hold out for perfection before you even get started on this work—if you want to know where to start, check out the Threat Profiling guide I shared in issue #9 by Tidal Cyber.

📆 Events

USENIX Security '23

📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
🔗 https://www.usenix.org/conference/usenixsecurity23

Underground Economy Conference 2023

📍 Prague, CZ
📊 Conference Sep 4-7
🏢 Prague Congress Center
🔗 Conference https://www.team-cymru.com/ue2023

Objective by the Sea v6

📍 Marbella, ES
📚 Training Oct 9-11
📊 Conference Oct 12-13
🏢 Don Pepe (Gran Meliá)
🔗 Conference https://objectivebythesea.org/v6/cfp.html

hack.lu and CTI Summit

📍 Dommeldange, Luxembourg City, LU
📊 CTI Summit Oct 16-17
📊 Hack.lu Oct 18-19
🏢 Alvisse Parc Hotel
🔗 Conference https://hack.lu/

ATT&CKcon 4.0

📍 McLean, VA, US & Virtual
📊 Conference Oct 24-25
🏢 MITRE campus, McLean, VA
🔗 https://www.mitre.org/events/attckcon-40