2 min read

Sources & Methods Newsletter #18 - April 2024

Sources & Methods Newsletter #18 - April 2024
Photo by Tim Mossholder / Unsplash

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of collaboration and systems thinking in CTI, explore the latest updates to MITRE ATT&CK, and ponder the role of analysts in an AI-driven world. We also showcase some exciting new tools for enhancing your CTI workflows and share valuable insights from the community. Let's get started!

Thanks for reading,

Matthew Conway (@mattreduce)

๐Ÿ“ Sources

Bad OPSEC - Thanks to Detection Engineering Weekly for sharing this compilation of operations security failures a.k.a. "how they got caught." These stories are chock full of TTPs and infrastructure.

๐Ÿ“ฐ Information

Gert-Jan Bruggink - A Systems Thinking approach to Cyber Threat Intelligence #systems #collaboration #program

MITRE - ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights #ATTCK #knowledgebase

Karna McGarry - With AI, do we still need Analysts? #AI

Vertex Project - What is a Threat Cluster? #analysis #tooling #howto

Natto Team - Intrusion Truth Methods: How Can They Get It Right Again and Again? #investigation #methods

US CISA - Review of the Summer 2023 Microsoft Exchange Online Intrusion #analysis #intrusion #Storm-055 #PRC

Bellingcat - OSHIT: Seven Deadly Sins of Bad Open Source Research #OSINT

Bank Security - Mastering Cyber Threat Intelligence with Obsidian #tooling

@BushidoToken - Strengthening Proactive CTI Through Collaboration #RFIs #integration

๐Ÿ›  Tools

MITRE ATLAS connector for OpenCTI

mitre-atlas in OpenCTI-Platform/connectors

I created a scheduled import connector for OpenCTI that syncs the MITRE ATLAS (Adversarial Threat Landscape for AI Systems) knowledge base as Attack Patterns.

advanced-powerup-example

github.com/vertexproject/advanced-powerup-example

The Vertex Project created an example Advanced Power-Up for Synapse to help you build your own. Enjoy!

Gemini_Youtube_Researcher.ipynb

github.com/mshumer/ai-researcher/blob/main/Gemini_Youtube_Researcher.ipynb

Here is an excellent example of a time-saving use for generative AI. This code in this Jupyter Notebook demonstrates searching for YouTube videos, takes 5 results, "listens" to their audio tracks, summarizes each, then assembles a report from those summaries. Could be a nice way to get the gist of conference talks or quickly get up to speed on an unfamiliar technology or TTP.

opencti-chrome-extension

github.com/rguignard/opencti-chrome-extension

Extract Observables from a page to create a new analyst workbench in OpenCTI, applying labels in bulk if you want.

tg-channel-to-rss

github.com/hleb-kastseika/tg-channel-to-rss

This AWS Lambda function, written in Python, creates RSS feeds for following Telegram channels.

๐Ÿ’ก Tip

Try running a "pre-mortem" on your threat intelligence program by imagining a future scenario where a critical threat was missed and working backwards to identify potential gaps in your current approach.

๐Ÿ“† Events

BSidesSF

๐Ÿ“ San Francisco, CA, US
๐Ÿข City View at Metreon
๐Ÿ“… May 4-5
๐Ÿ”— https://bsidessf.org/

PIVOTcon

Invite-only, up to a maximum of 150 attendees

๐Ÿ“ Malaga, ES
๐Ÿข Hotel Pez Espada
๐Ÿ—ฃ๏ธ Fireside chat May 8
๐Ÿ“Š Conference May 9-10
๐Ÿ”— https://pivotcon.org/

SLEUTHCON

๐Ÿ“ Arlington, VA, US and online
๐Ÿข Hyatt Regency Crystal City
๐Ÿ“… May 24
๐Ÿ”— https://www.sleuthcon.com/

CTI-EU 2024

CFP ends June 28th

๐Ÿ“ Brussels, BE
๐Ÿข Location to be determined
๐Ÿ“† Conference Oct 1
๐Ÿ”— https://www.enisa.europa.eu/events/cti-conference
๐Ÿ“ง CFP: Email etl@enisa.europa.eu with subject "CTI Conference 2024"

OODAcon

CFP currently open

๐Ÿ“ Reston, VA, US
๐Ÿ“† Conference Nov 6
๐Ÿ”— https://www.oodaloop.com/oodacon-2024/
๐Ÿ”— CFP https://forms.gle/Kd6YCZUdV1dE8S8J9