Sign in Subscribe
2 min read Newsletter

Sources & Methods Newsletter #19 - July 2024

Sources & Methods Newsletter #19 - July 2024
Photo by Roman Kraft / Unsplash

Welcome to issue #19 of the Sources & Methods newsletter! I paused for a bit while visiting London and Dublin, which was a great trip. London had everything, and I could have cancelled my flight home and stayed in Dublin.

Thanks for waiting—now back to your regularly scheduled CTI goodness.

Matthew Conway (@mattreduce)

📁 Sources

Cloud Threat Landscape STIX - I've shared Wiz's Cloud Threat Landscape before, but now its content is available as a STIX 2.1 bundle, ready to import into your threat intelligence platform. Nice!

📰 Information

US CISA - People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action #PRC

Natto Team - i-SOON Toolkit: What is “TZ”? #i-Soon #PRC

OpenSSF - Enhancing Open Source Security: Introducing Siren by OpenSSF #sharing #supplychain

Amitai Cohen - Tabular Thinking #research #metacognition

Krebs - How Did Authorities Identify the Alleged Lockbit Boss? #attribution #cybercrime #Lockbit

Vertex Project - Investigating an Unfamiliar File with Synapse #tooling #howto

Niels G - Enhancing National Security: A Detailed Analysis of the U.S. Intelligence Community's Strategic Vision for Open Source Intelligence (2024-2026) #OSINT #natsec

Steven Harris - A Practical Guide To OSINT On the Russian Internet #OSINT #Russia

🛠 Tools

OpenCTI v6.2.0 Released

OpenCTI-Platform/opencti 6.2.0

Filigran released version 6.2.0 of OpenCTI, and while you might expect a minor update from the version number, this is a major step forward for the project. v6.2.0 brings Diamond Model support, automatic mapping from written Report content to entities in the system, automatic analyst workbench creation, and more.

Pivot Atlas

gopivot.ing

A great guide to CTI artifacts, fingerprints, and pivoting on observables from Amitai Cohen.

yara-x

github.com/VirusTotal/yara-x

Next-gen YARA written in the Rust programming language. Switch from the original YARA for great efficiency and safety with near-perfect compatability at the time of writing.

CTI-Analyst-Challenge

github.com/BushidoUK/CTI-Analyst-Challenge

A hands-on exercise to test and improve threat intelligence skills. This engaging challenge gives aspiring analysts a chance to tackle real-world scenarios, covering both proactive and reactive cyber threat intelligence tasks.

linkding

github.com/sissbruecker/linkding

Self-hostable bookmark manager that can be used by a team.

💡 Tip

Create a personal "threat intelligence journal" to track your thoughts, conclusions, and observations over time. Revisiting them periodically could reveal patterns in your thinking, unmitigated biases, and potential blind spots.

📆 Events

CTI-EU 2024

📍 Brussels, BE
🏢 Location to be determined
📆 Conference Oct 1
🔗 https://www.enisa.europa.eu/events/cti-conference

OODAcon

📍 Reston, VA, US
📆 Conference Nov 6
🔗 https://www.oodaloop.com/oodacon-2024/

Published by:

Matthew Conway

You might also like...

Nov
15

Sources & Methods Newsletter #20 - November 2024

📁 Sources OSSF Malicious Package Registry - the Securing Critical Projects Working Group of the Open Source Security Foundation (OpenSSF) maintains
2 min read
Apr
28

Sources & Methods Newsletter #18 - April 2024

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of
2 min read
Mar
10

Sources & Methods Newsletter #17 - March 2024

📁 Sources Cloud Threat Landscape - Cloud-focused compilation of incidents, targeted tech, threat groups, tools, and techniques. Maintained by Wiz, who
2 min read
Jan
29

Sources & Methods Newsletter #16 - January 2024

Happy New Year! I hope your holidays were restful and you're ready to get back to it. At
2 min read
Dec
22

Sources & Methods Newsletter #15 - December 2023

I hope everyone had a great year—it was for Sources & Methods: * Moved the newsletter to Ghost.io to
3 min read

Member discussion