Happy New Year! I hope your holidays were restful and you're ready to get back to it. At the risk of sounding cheesy, we know the adversaries are, so beat them to the punch.
Matthew Conway (@mattreduce)
Unprotect Project - Actively maintained knowledge base for evasion and obfuscation techniques used in malware. It includes code examples in multiple languages, something both red and blue teams can appreciate.
John Doyle - Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 2) #writing #trending
Jamf - Jamf Threat Labs discovers new malware embedded in pirated applications #macOS #malware
Troy Hunt - Inside the Massive Naz.API Credential Stuffing List #identity #credentials #stealers
Maltego - Improving your Intelligence Analysis with Structured Analytic Techniques #tradecraft #SAT
Adam Shostack - Threat Modeling Capabilities Released #threatmodeling #maturity
Red Canary - MSIX installer malware delivery on the rise across multiple campaigns #operational #TTPs #Windows
MITRE - Enriching Threat Intelligence with Mappings #defenses #actionability
Insikt Group - Leaks and Revelations: A Web of IRGC Networks and Cyber Companies [PDF] #strategic #Iran #IRGC #longreads
Filigran - OpenCTI for disinformation #tooling #disinformation
Freddy Murstad - Foresight Analysis: The Magic Eight Ball of Intelligence Analysis #strategic #foresight
A very interesting use of generative AI applied to CTI. Query MITRE ATT&CK's Groups dataset like a chatbot with Retrieval Augmented Generation (RAG). Note that it requires an OpenAI API key.
Here's a brand new tool from Project Discovery called
cvemap. It helps you navigate and map CVE data to proof of concept exploits, CISA Known Exploited Vulnerability data, bug bounty reports and more.
Rapid PowerUp for Vertex Synapse for checking file hashes against multiple databases of known files, including the NSRL RDS.
holehe to discover online accounts based on an email address.
Working with Sublime Security's Message Query Language (MQL)? Here's a Visual Studio Code extension you can use with MQL to define phishing rules for alerting and hunting.
grep: depending on your role, both are indispensable but they mix like oil and water. Unless you use
gron, which makes it easy to grep for parts of JSON data line-wise and see the path to that data. It makes your task easier whether you're quickly exploring an API or a dataset.
Don't forget to spend time building your technical knowledge—or maintaining it if you've been doing this a long time. That'll help you make sound connections and impactful recommendations, and isn't that the whole point?
📍 Berlin, DE
🏢 Mercure Hotel MOA
📊 April 15-17
CFP for workshops, villages, and BoF will close on February 5, 2024
📍 San Francisco, CA, US
📊 Conference May 4-5
🔗 CFP https://bsidessf.org/cfp
📍 Arlington, VA, US
📊 Conference May 24