2 min read

Sources & Methods Newsletter #17 - March 2024

๐Ÿ“ Sources

Cloud Threat Landscape - Cloud-focused compilation of incidents, targeted tech, threat groups, tools, and techniques. Maintained by Wiz, who add new incidents every week. I used FetchRSS to generate a feed I can subscribe to.

๐Ÿ“ฐ Information

Anton Chuvakin - Frameworks for DE-Friendly CTI (Part 5) #detection

Mandiant - AI and the Five Phases of the Threat Intelligence Lifecycle #tooling #AI

Robin Dimyanoglu - Geopolitical Cyber Risk: Going Beyond the Industry and Region #landscape #threatmodeling

Vertex Project - Vertex Tag Tree Overview #tooling #taxonomies

@BushidoToken - Tracking Adversaries: UAC-0050, Cracking The DaVinci Code #groups

Pulsedive - CTI Networking Report 2024 #sharing

Proofpoint - Bumblebee Buzzes Back in Black #malware #analysis

Objective See - Apple Gets an 'F' for Slicing Apples #macOS #research

๐Ÿ›  Tools

AIL framework v5.3

github.com/ail-project/ail-framework/releases/tag/v5.3

AIL (Analysis of Information Leaks) framework 5.3 released with chat explorer, Discord and Telegram monitoring, automatic translation, new features and various bugs fixed.

CALDERA v5

Announcing MITRE Calderaโ„ข v5!

MITRE released a major new version of their CALDERA adversary emulation framework with a completely refreshed UI and improved usability.

auto-archiver

pypi.org/project/auto-archiver

Bellingcat's auto-archiver helps you automatically collect links to online content of interest like videos and social media posts.

excalibur

github.com/The-OSINT-Newsletter/excalibur

This new CLI tool from Jake Creps of The OSINT Newsletter (which I recommend) will tell you if a given Twitter account is archived, and find associated Medium, Product Hunt, and Mastodon accounts.

argos-translate

github.com/argosopentech/argos-translate

Can't, or don't want to, use Google Translate on a project? Argos Translate is an open source alternative using OpenNMT that works offline as a Python library or CLI tool. Web and native GUI interfaces are available, as well.

๐Ÿ’ก Tip

Next time you're threat hunting, try the Pomodoro Technique to limit yourself to intense bursts of focus mixed with short breaks. Using the technique to its fullest will help you plan and timebox your hunts, stay sharp while working, and keep from burning out.

๐Ÿ“† Events

FIRST CTI

๐Ÿ“ Berlin, DE
๐Ÿข Mercure Hotel MOA
๐Ÿ“… April 15-17
๐Ÿ”— https://www.first.org/conference/firstcti24/

BSidesSF

CFP for workshops, villages, and BoF will close on February 5th

๐Ÿ“ San Francisco, CA, US
๐Ÿข City View at Metreon
๐Ÿ“… May 4-5
๐Ÿ”— https://bsidessf.org/
๐Ÿ”— CFP https://bsidessf.org/cfp

PIVOTcon

Invite-only, up to a maximum of 150 attendees

๐Ÿ“ Malaga, ES
๐Ÿข Hotel Pez Espada
๐Ÿ—ฃ๏ธ Fireside chat May 8
๐Ÿ“Š Conference May 9-10
๐Ÿ”— https://pivotcon.org/

SLEUTHCON

CFP closes April 5th

๐Ÿ“ Arlington, VA, US and online
๐Ÿข Hyatt Regency Crystal City
๐Ÿ“… May 24
๐Ÿ”— https://www.sleuthcon.com/
๐Ÿ”— CFP https://www.sleuthcon.com/cfp