2 min read

Sources & Methods Newsletter #19 - July 2024

Sources & Methods Newsletter #19 - July 2024
Photo by Roman Kraft / Unsplash

Welcome to issue #19 of the Sources & Methods newsletter! I paused for a bit while visiting London and Dublin, which was a great trip. London had everything, and I could have cancelled my flight home and stayed in Dublin.

Thanks for waiting—now back to your regularly scheduled CTI goodness.

Matthew Conway (@mattreduce)

📁 Sources

Cloud Threat Landscape STIX - I've shared Wiz's Cloud Threat Landscape before, but now its content is available as a STIX 2.1 bundle, ready to import into your threat intelligence platform. Nice!

📰 Information

US CISA - People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action #PRC

Natto Team - i-SOON Toolkit: What is “TZ”? #i-Soon #PRC

OpenSSF - Enhancing Open Source Security: Introducing Siren by OpenSSF #sharing #supplychain

Amitai Cohen - Tabular Thinking #research #metacognition

Krebs - How Did Authorities Identify the Alleged Lockbit Boss? #attribution #cybercrime #Lockbit

Vertex Project - Investigating an Unfamiliar File with Synapse #tooling #howto

Niels G - Enhancing National Security: A Detailed Analysis of the U.S. Intelligence Community's Strategic Vision for Open Source Intelligence (2024-2026) #OSINT #natsec

Steven Harris - A Practical Guide To OSINT On the Russian Internet #OSINT #Russia

🛠 Tools

OpenCTI v6.2.0 Released

OpenCTI-Platform/opencti 6.2.0

Filigran released version 6.2.0 of OpenCTI, and while you might expect a minor update from the version number, this is a major step forward for the project. v6.2.0 brings Diamond Model support, automatic mapping from written Report content to entities in the system, automatic analyst workbench creation, and more.

Pivot Atlas


A great guide to CTI artifacts, fingerprints, and pivoting on observables from Amitai Cohen.



Next-gen YARA written in the Rust programming language. Switch from the original YARA for great efficiency and safety with near-perfect compatability at the time of writing.



A hands-on exercise to test and improve threat intelligence skills. This engaging challenge gives aspiring analysts a chance to tackle real-world scenarios, covering both proactive and reactive cyber threat intelligence tasks.



Self-hostable bookmark manager that can be used by a team.

💡 Tip

Create a personal "threat intelligence journal" to track your thoughts, conclusions, and observations over time. Revisiting them periodically could reveal patterns in your thinking, unmitigated biases, and potential blind spots.

📆 Events

CTI-EU 2024

📍 Brussels, BE
🏢 Location to be determined
📆 Conference Oct 1
🔗 https://www.enisa.europa.eu/events/cti-conference


📍 Reston, VA, US
📆 Conference Nov 6
🔗 https://www.oodaloop.com/oodacon-2024/