2 min read

Sources & Methods Newsletter #18 - April 2024

Sources & Methods Newsletter #18 - April 2024
Photo by Tim Mossholder / Unsplash

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of collaboration and systems thinking in CTI, explore the latest updates to MITRE ATT&CK, and ponder the role of analysts in an AI-driven world. We also showcase some exciting new tools for enhancing your CTI workflows and share valuable insights from the community. Let's get started!

Thanks for reading,

Matthew Conway (@mattreduce)

πŸ“ Sources

Bad OPSEC - Thanks to Detection Engineering Weekly for sharing this compilation of operations security failures a.k.a. "how they got caught." These stories are chock full of TTPs and infrastructure.

πŸ“° Information

Gert-Jan Bruggink - A Systems Thinking approach to Cyber Threat Intelligence #systems #collaboration #program

MITRE - ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights #ATTCK #knowledgebase

Karna McGarry - With AI, do we still need Analysts? #AI

Vertex Project - What is a Threat Cluster? #analysis #tooling #howto

Natto Team - Intrusion Truth Methods: How Can They Get It Right Again and Again? #investigation #methods

US CISA - Review of the Summer 2023 Microsoft Exchange Online Intrusion #analysis #intrusion #Storm-055 #PRC

Bellingcat - OSHIT: Seven Deadly Sins of Bad Open Source Research #OSINT

Bank Security - Mastering Cyber Threat Intelligence with Obsidian #tooling

@BushidoToken - Strengthening Proactive CTI Through Collaboration #RFIs #integration

πŸ›  Tools

MITRE ATLAS connector for OpenCTI

mitre-atlas in OpenCTI-Platform/connectors

I created a scheduled import connector for OpenCTI that syncs the MITRE ATLAS (Adversarial Threat Landscape for AI Systems) knowledge base as Attack Patterns.



The Vertex Project created an example Advanced Power-Up for Synapse to help you build your own. Enjoy!



Here is an excellent example of a time-saving use for generative AI. This code in this Jupyter Notebook demonstrates searching for YouTube videos, takes 5 results, "listens" to their audio tracks, summarizes each, then assembles a report from those summaries. Could be a nice way to get the gist of conference talks or quickly get up to speed on an unfamiliar technology or TTP.



Extract Observables from a page to create a new analyst workbench in OpenCTI, applying labels in bulk if you want.



This AWS Lambda function, written in Python, creates RSS feeds for following Telegram channels.

πŸ’‘ Tip

Try running a "pre-mortem" on your threat intelligence program by imagining a future scenario where a critical threat was missed and working backwards to identify potential gaps in your current approach.

πŸ“† Events


πŸ“ San Francisco, CA, US
🏒 City View at Metreon
πŸ“… May 4-5
πŸ”— https://bsidessf.org/


Invite-only, up to a maximum of 150 attendees

πŸ“ Malaga, ES
🏒 Hotel Pez Espada
πŸ—£οΈ Fireside chat May 8
πŸ“Š Conference May 9-10
πŸ”— https://pivotcon.org/


πŸ“ Arlington, VA, US and online
🏒 Hyatt Regency Crystal City
πŸ“… May 24
πŸ”— https://www.sleuthcon.com/

CTI-EU 2024

CFP ends June 28th

πŸ“ Brussels, BE
🏒 Location to be determined
πŸ“† Conference Oct 1
πŸ”— https://www.enisa.europa.eu/events/cti-conference
πŸ“§ CFP: Email etl@enisa.europa.eu with subject "CTI Conference 2024"


CFP currently open

πŸ“ Reston, VA, US
πŸ“† Conference Nov 6
πŸ”— https://www.oodaloop.com/oodacon-2024/
πŸ”— CFP https://forms.gle/Kd6YCZUdV1dE8S8J9