2 min read

Sources & Methods Newsletter #19 - July 2024

Welcome to issue #19 of the Sources & Methods newsletter! I paused for a bit while visiting London and Dublin, which was a great trip. London had everything, and I could have cancelled my flight home and stayed in Dublin.

Thanks for waiting—now back to your regularly scheduled CTI goodness.

Matthew Conway (@mattreduce)

📁 Sources

Cloud Threat Landscape STIX - I've shared Wiz's Cloud Threat Landscape before, but now its content is available as a STIX 2.1 bundle, ready to import into your threat intelligence platform. Nice!

📰 Information

US CISA - People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action #PRC

Natto Team - i-SOON Toolkit: What is “TZ”? #i-Soon #PRC

OpenSSF - Enhancing Open Source Security: Introducing Siren by OpenSSF #sharing #supplychain

Amitai Cohen - Tabular Thinking #research #metacognition

Krebs - How Did Authorities Identify the Alleged Lockbit Boss? #attribution #cybercrime #Lockbit

Vertex Project - Investigating an Unfamiliar File with Synapse #tooling #howto

Niels G - Enhancing National Security: A Detailed Analysis of the U.S. Intelligence Community's Strategic Vision for Open Source Intelligence (2024-2026) #OSINT #natsec

Steven Harris - A Practical Guide To OSINT On the Russian Internet #OSINT #Russia

🛠 Tools

OpenCTI v6.2.0 Released

OpenCTI-Platform/opencti 6.2.0

Filigran released version 6.2.0 of OpenCTI, and while you might expect a minor update from the version number, this is a major step forward for the project. v6.2.0 brings Diamond Model support, automatic mapping from written Report content to entities in the system, automatic analyst workbench creation, and more.

Pivot Atlas

gopivot.ing

A great guide to CTI artifacts, fingerprints, and pivoting on observables from Amitai Cohen.

yara-x

github.com/VirusTotal/yara-x

Next-gen YARA written in the Rust programming language. Switch from the original YARA for great efficiency and safety with near-perfect compatability at the time of writing.

CTI-Analyst-Challenge

github.com/BushidoUK/CTI-Analyst-Challenge

A hands-on exercise to test and improve threat intelligence skills. This engaging challenge gives aspiring analysts a chance to tackle real-world scenarios, covering both proactive and reactive cyber threat intelligence tasks.

linkding

github.com/sissbruecker/linkding

Self-hostable bookmark manager that can be used by a team.

💡 Tip

Create a personal "threat intelligence journal" to track your thoughts, conclusions, and observations over time. Revisiting them periodically could reveal patterns in your thinking, unmitigated biases, and potential blind spots.

📆 Events

CTI-EU 2024

📍 Brussels, BE
🏢 Location to be determined
📆 Conference Oct 1
🔗 https://www.enisa.europa.eu/events/cti-conference

OODAcon

📍 Reston, VA, US
📆 Conference Nov 6
🔗 https://www.oodaloop.com/oodacon-2024/