Sign in Subscribe
2 min read Newsletter

Sources & Methods Newsletter #14 - November 2023

Have questions or suggestions? Send them my way at sources.methods@protonmail.com.

Thanks for reading,

Matthew Conway (@mattreduce)

๐Ÿ“ Sources

Breach Report Collection - A collection public breach reports from companies that shared the TTPs they observed.

๐Ÿ“ฐ Information

Mandiant - The CTI Process Hyperloop: A Practical Implementation of the CTI Process Lifecycle #intelligence #process

US CISA - Scattered Spider advisory #ScatteredSpider #0ktapus

Embee Research - Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike #infrastructure #analysis #tradecraft

Brian Warehime - Collection Maturity Model Framework #collection #maturitymodels #metrics

Vertex Project - Using Spotlight Extractors for Arbitrary Data #tooling #synapse

TrendMicro - How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime #cybercrime #infrastructure

MITRE - ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections #frameworks #ATTCK

Bellingcat - Following the Money: A Beginnerโ€™s Guide to Using the OpenCorporates API #OSINT #sources

Filigran - Optimize Incident Response and Investigations with OpenCTI Case Management #investigation #tooling

๐Ÿ›  Tools

dog

dns.lookup.dog

A command-line DNS client that's nice to use, with colorized output and convenient flags for DNS-over-HTTPS and DNS-over-TLS.

mitaka

github.com/ninoseki/mitaka

Browser extension for quick access to search or scan email addresses, URLs, CVEs, wallet addresses and more across many services including VirusTotal and BlockChair.

Telerecon

github.com/sockysec/Telerecon

A particularly powerful and feature-rich Telegram collection tool. For gathering an user's activity, understanding their network and associates, detecting identifiers such as email addresses and phone numbers (configurable via regex), and even extracting GPS coordinates from EXIF metadata for visualization.

SliverC2-Forensics

github.com/Immersive-Labs-Sec/SliverC2-Forensics

A collection of tools and detections for the Sliver C2 Framework, popular with red teams and real threats alike.

geopandas

geopandas.org/en/stable/

Pandas enhancements for working with geographic data, "enables you to easily do operations in python that would otherwise require a spatial database such as PostGIS."

๐Ÿ“† Events

Coming up in 2024:

SANS CTI SUMMIT

๐Ÿ“ Washington, DC, US and online
๐Ÿ“Š Summit: Jan 29-30
๐Ÿ“Š Training: Jan 31 - Feb 5
๐Ÿ”— https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2024/

BSidesSF

๐Ÿ“ San Francisco, CA, US
๐Ÿ“Š Conference May 4-5
๐Ÿ”— https://bsidessf.org/cfp

Published by:

Matthew Conway

You might also like...

Nov
15

Sources & Methods Newsletter #20 - November 2024

๐Ÿ“ Sources OSSF Malicious Package Registry - theย Securing Critical Projects Working Groupย of theย Open Source Security Foundation (OpenSSF) maintains
2 min read
Jul
09

Sources & Methods Newsletter #19 - July 2024

Welcome to issue #19 of the Sources & Methods newsletter! I paused for a bit while visiting London and Dublin,
2 min read
Apr
28

Sources & Methods Newsletter #18 - April 2024

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of
2 min read
Mar
10

Sources & Methods Newsletter #17 - March 2024

๐Ÿ“ Sources Cloud Threat Landscape - Cloud-focused compilation of incidents, targeted tech, threat groups, tools, and techniques. Maintained by Wiz, who
2 min read
Jan
29

Sources & Methods Newsletter #16 - January 2024

Happy New Year! I hope your holidays were restful and you're ready to get back to it. At
2 min read

Member discussion