Sign in Subscribe
2 min read Newsletter

Sources & Methods Newsletter #13 - October 2023

📁 Sources

Living off the Foreign Land Cmdlets and Binaries - In the style of LOLBins, a collection of trusted Microsoft code that can be used against remote systems through compromised hosts, not on them—away from EDR visibility. The first in a series of articles explaining their use is under Information this month.

📰 Information

Amitai Cohen - Thrunting Grounds: When are IOCs not IOCs? Join me on a pedantic adventure #indicators #observables #hunting

SentinelOne - macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques #macOS #malware #trends

BITSADMIN - Living Off the Foreign Land - Part 1/3: Setup Linux VM for SOCKS routing #Windows #tradecraft

Mandiant - Assessed Cyber Structure and Alignments of North Korea in 2023 #strategic #analysis #DPRK

Chris Bronk, Nathan Jones - Cyber Cases: The PICCA Framework for Documenting Geopolitically Relevant Cyber Action #analysis #frameworks #papers

Akamai - How Account Opening Abuse Affects 6 Industries #abuse #impact

UK NCSC - Ransomware, extortion and the cyber crime ecosystem #strategic #analysis #extortion #ecosystems

Randolph H. Pherson - The Five Habits of the Master Thinker #analysis #tradecraft #papers

tl;dr sec - An Overview of Software Supply Chain Security #supplychain #explainer

🛠 Tools

TEx

telegramexplorer.readthedocs.io

TEx ("Telegram Explorer") is a background agent-based system for collecting data, media, and metadata from Telegram.

SaaS Attack Matrix

github.com/pushsecurity/saas-attacks

MITRE ATT&CK-esque matrix of software-as-a-service (SaaS) attack patterns that, unlike ATT&CK, includes techniques that may not have been observed in the wild or cited in reports.

cpe-guesser

cve-search.github.io/cpe-guesser

CLI- and web-based tool that'll guess a CPE name from keywords, which you can then use to search for CVEs.

FreshRSS

freshrss.org

Open source RSS feed aggregator and reader, also compatible with native desktop and mobile applications.

Name Variant Search Tool

bellingcat.github.io/name-variant-search

Open source web-based tool for generating plausible variations on a person's name along with quick links to search by those variations. For example, from "John Michael Smith," the tool generates alternate names like "Jon M Smith" and "Johnny Smith."

synapse-iocparser

github.com/EXC3L-ONE/synapse-iocparser

Vertex Synapse Power-Up that integrates with IOCParser to extract atomic IOCs from text like so:

ex.iocparser.text "example.com 1.1.1.1"

...or even content located at a URL:

[inet:url=https://pylos.co/2022/11/23/detailing-daily-domain-hunting/] | ex.iocparser.url --yield

📆 Events

ATT&CKcon 4.0

📍 McLean, VA, US & Virtual
📊 Conference Oct 24-25
🏢 MITRE campus
🔗 https://www.mitre.org/events/attckcon-40

CYBERWARCON

📍 Arlington, VA, US
📊 Conference Nov 9
🏢 Hyatt Regency Crystal City
🔗 https://www.cyberwarcon.com/

Published by:

Matthew Conway

You might also like...

Nov
15

Sources & Methods Newsletter #20 - November 2024

📁 Sources OSSF Malicious Package Registry - the Securing Critical Projects Working Group of the Open Source Security Foundation (OpenSSF) maintains
2 min read
Jul
09

Sources & Methods Newsletter #19 - July 2024

Welcome to issue #19 of the Sources & Methods newsletter! I paused for a bit while visiting London and Dublin,
2 min read
Apr
28

Sources & Methods Newsletter #18 - April 2024

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of
2 min read
Mar
10

Sources & Methods Newsletter #17 - March 2024

📁 Sources Cloud Threat Landscape - Cloud-focused compilation of incidents, targeted tech, threat groups, tools, and techniques. Maintained by Wiz, who
2 min read
Jan
29

Sources & Methods Newsletter #16 - January 2024

Happy New Year! I hope your holidays were restful and you're ready to get back to it. At
2 min read

Member discussion