Sources & Methods Newsletter #18 - April 2024
Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of collaboration and systems thinking in CTI, explore the latest updates to MITRE ATT&CK, and ponder the role of analysts in an AI-driven world. We also showcase some exciting new tools for enhancing your CTI workflows and share valuable insights from the community. Let's get started!
Thanks for reading,
Matthew Conway (@mattreduce)
๐ Sources
Bad OPSEC - Thanks to Detection Engineering Weekly for sharing this compilation of operations security failures a.k.a. "how they got caught." These stories are chock full of TTPs and infrastructure.
๐ฐ Information
Gert-Jan Bruggink - A Systems Thinking approach to Cyber Threat Intelligence #systems #collaboration #program
MITRE - ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights #ATTCK #knowledgebase
Karna McGarry - With AI, do we still need Analysts? #AI
Vertex Project - What is a Threat Cluster? #analysis #tooling #howto
Natto Team - Intrusion Truth Methods: How Can They Get It Right Again and Again? #investigation #methods
US CISA - Review of the Summer 2023 Microsoft Exchange Online Intrusion #analysis #intrusion #Storm-055 #PRC
Bellingcat - OSHIT: Seven Deadly Sins of Bad Open Source Research #OSINT
Bank Security - Mastering Cyber Threat Intelligence with Obsidian #tooling
@BushidoToken - Strengthening Proactive CTI Through Collaboration #RFIs #integration
๐ Tools
MITRE ATLAS connector for OpenCTI
mitre-atlas in OpenCTI-Platform/connectors
I created a scheduled import connector for OpenCTI that syncs the MITRE ATLAS (Adversarial Threat Landscape for AI Systems) knowledge base as Attack Patterns.
advanced-powerup-example
github.com/vertexproject/advanced-powerup-example
The Vertex Project created an example Advanced Power-Up for Synapse to help you build your own. Enjoy!
Gemini_Youtube_Researcher.ipynb
github.com/mshumer/ai-researcher/blob/main/Gemini_Youtube_Researcher.ipynb
Here is an excellent example of a time-saving use for generative AI. This code in this Jupyter Notebook demonstrates searching for YouTube videos, takes 5 results, "listens" to their audio tracks, summarizes each, then assembles a report from those summaries. Could be a nice way to get the gist of conference talks or quickly get up to speed on an unfamiliar technology or TTP.
opencti-chrome-extension
github.com/rguignard/opencti-chrome-extension
Extract Observables from a page to create a new analyst workbench in OpenCTI, applying labels in bulk if you want.
tg-channel-to-rss
github.com/hleb-kastseika/tg-channel-to-rss
This AWS Lambda function, written in Python, creates RSS feeds for following Telegram channels.
๐ก Tip
Try running a "pre-mortem" on your threat intelligence program by imagining a future scenario where a critical threat was missed and working backwards to identify potential gaps in your current approach.
๐ Events
BSidesSF
๐ San Francisco, CA, US
๐ข City View at Metreon
๐
May 4-5
๐ https://bsidessf.org/
PIVOTcon
Invite-only, up to a maximum of 150 attendees
๐ Malaga, ES
๐ข Hotel Pez Espada
๐ฃ๏ธ Fireside chat May 8
๐ Conference May 9-10
๐ https://pivotcon.org/
SLEUTHCON
๐ Arlington, VA, US and online
๐ข Hyatt Regency Crystal City
๐
May 24
๐ https://www.sleuthcon.com/
CTI-EU 2024
CFP ends June 28th
๐ Brussels, BE
๐ข Location to be determined
๐ Conference Oct 1
๐ https://www.enisa.europa.eu/events/cti-conference
๐ง CFP: Email etl@enisa.europa.eu with subject "CTI Conference 2024"
OODAcon
CFP currently open
๐ Reston, VA, US
๐ Conference Nov 6
๐ https://www.oodaloop.com/oodacon-2024/
๐ CFP https://forms.gle/Kd6YCZUdV1dE8S8J9
Member discussion