Sources & Methods Newsletter #21 - January 2025
π Sources
JA4+ Database - Online and downloadable database of JA4+ TLS fingerprints
π° Information
Vertex Project - More Than Malware Families: Retooling Our Approach to Tracking Software #tracking #methodology
@BushidoToken - Tips for Investigating Cybercrime Infrastructure #infrastructure #pivoting
Orange - The hidden network: How China unites state, corporate, and academic assets for cyber offensive campaigns #strategic #PRC
Anastasia Sentsova - Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground? #threatactors #criminology
VirusTotal - VirusTotal moves to YARA-X #tooling #YARA
Team Cymru - An Introduction to Operational Relay Box (ORB) Networks - Unpatched, Forgotten, and Obscured #infrastructure #ORB
David R. Mandel, Daniel Irwin - Beyond Bias Minimization: Improving Intelligence with Optimization and Human Augmentation #analysts #bias
Jamf - APT Actors Embed Malware within macOS Flutter Applications #macOS #malware #operational
@cyint_dude - Pen-To-Paper and The Finished Report: The Key To Generating Threat Intelligence - CTI SUMMIT 2017 #reporting
π Tools
Obsidian Interpreter
Interpreter is a web clipper for the Obsidian Markdown editor that allows you to extract and process text from web pages to create notes using templates and an LLM (local supported). With it, you can extract, summarize, translate, and convert formats. It's a powerful tool for OSINT, threat research, and study.
urlfinder
github.com/projectdiscovery/urlfinder
New CLI tool from Project Discovery for passive URL discovery using AlienVault, Common Crawl, urlscan.io, Wayback Machine, and VirusTotal.
people-researcher
github.com/langchain-ai/people-researcher
Given a person of interest, this AI agent will search the web about them using the Tavily API, returning results as structured JSON.
DC3-MWCP
github.com/dod-cyber-crime-center/DC3-MWC
This Python-based package, CLI, and HTTP API parses malware configuration from sample files. It comes with built-in parsers, but you can write your own rules for it, as well. It extracts C2 connection details, passwords, filenames, and mutex names, among other things. If you want a STIX 2.1 bundle, it can generate those, too!
AIL Framework v6.0
ail-project/ail-framework#v6.0
This new version of AIL Framework (Analysis Information Leak Framework) brings an updated dashboard, support for detecting barcodes, and a new daily analysis view.
blueskynet
github.com/jakecreps/blueskynet
Here's a new web app from Jake Creps that enables OSINT researchers to scour Bluesky users and posts with powerful filtering and CSV export capabilities. Bluesky is a newer social media platform akin to X/Twitter that has significantly increased in popularity.
π‘ Tip
Check out Vertex Project's free Synapse Bootcamp training whether you haven't learned Synapse yet or could use some help getting to the next level with it. There are slides, practical exercises with an answer key to check your work, and additional resources to help you use Synapse.
π Events
SANS CTI Summit
π Alexandria, VA, US and online
π January 27-28th, 2025
π https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2025/
RISE USA
π San Francisco, CA, US
π April 8-9th, 2025
π https://www.team-cymru.com/rise-usa
PIVOTcon
Invite-only up to 155 attendees, ticket price includes accommodations. CFP closes February 7th, 2025 23:59:59 CET.
π Malaga, ES
π May 7-9th, 2025
π’ Higueron Hotel MΓ‘laga
π Info https://pivotcon.org
π CFP https://pretalx.com/pivotcon25/cfp
π Request invite https://docs.google.com/forms/d/1zik9D1BIK9e8bF8nMtdGm22O4C94z-bXJ6Vrx4cWCBY/viewform?edit_requested=true
Underground Economy
π Strasbourg, FR
π September, 2025
π https://www.team-cymru.com/events
RISE Malaysia
π Putrajaya, MY
π December 9-10th, 2025
π https://www.team-cymru.com/events
Member discussion