Hello! This month, I'm celebrating another milestone in this newsletter's humble history—issue number ten. Here's to many more.
Thanks for reading,
Matthew Conway (@mattreduce)
EmailRep - I recently discovered EmailRep, an email reputation service and API from Sublime Security, that you can use to quickly judge an email sender based on various reputational factors. Its API is free up to 250 queries per month, but if you need a higher limit or would like support, there are also paid plans. Hope you find it useful.
Vertex Project - From Group to Individual: Modeling InformNapalm’s Article on Sergey Morgachev of APT28 #investigation #analysis #tooling
Matt Richard - Common Cyber Threat Intel Biases #analysis #bias
Wiz - Linux rootkits explained – Part 1: Dynamic linker hijacking #linux #rootkit #ttps
Convenient Python script that talks to the ProtonMail API to validate PM email addresses, reveal catch-all addresses, and estimate account creation date.
The Center for Threat Informed Defense released CTI Blueprints, a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.
Evidence is an open source toolkit for building reports involving data analysis using SQL and Markdown, connecting to datastores including Snowflake, PostgreSQL, and SQLite.
A user friendly way to search OpenStreetMap data for features in proximity to each other, from Bellingcat.
This project provides CSV files of STIX SDO and SRO objects that make up the MITRE ATT&CK dataset, as well as a Python script to generate the CSVs for the ATT&CK matrix of your choice.
This Power Up for Vertex Synapse integrates the analysis platform with Assemblyline, an open source pipeline for triaging and analyzing suspicious files.
Understanding the threat landscape as it relates to your organization is a powerful focusing and enabling factor for your entire security program. Don't hold out for perfection before you even get started on this work—if you want to know where to start, check out the Threat Profiling guide I shared in issue #9 by Tidal Cyber.
USENIX Security '23
📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
Underground Economy Conference 2023
📍 Prague, CZ
📊 Conference Sep 4-7
🏢 Prague Congress Center
🔗 Conference https://www.team-cymru.com/ue2023
Objective by the Sea v6
📍 Marbella, ES
📚 Training Oct 9-11
📊 Conference Oct 12-13
🏢 Don Pepe (Gran Meliá)
🔗 Conference https://objectivebythesea.org/v6/cfp.html
hack.lu and CTI Summit
📍 Dommeldange, Luxembourg City, LU
📊 CTI Summit Oct 16-17
📊 Hack.lu Oct 18-19
🏢 Alvisse Parc Hotel
🔗 Conference https://hack.lu/
📍 McLean, VA, US & Virtual
📊 Conference Oct 24-25
🏢 MITRE campus, McLean, VA