Sources & Methods Newsletter #22 - February 2025
The past month has been a year. Let's pretend I published this two days ago when it was still February, okay? Okay.
Take care of yourselves and others,
Matthew Conway (@mattreduce)
π Sources
Cloud Vulnerability Database - A group of volunteers, sponsored by Wiz, have compiled a single database of known Cloud Service Provider (CSP) vulnerabilities. Since CSPs generally do not issue CVEs for vulnerabilities in their platforms, this project aims to inform cloud users of flaws and provide actionable guidance.
π° Information
Kevin Riehle - How do we know if an intelligence analytic product is good? #analysis #standards
Trail of Bits - The $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived #DPRK #cryptocurrency #strategic
Vertex Project - Researching the Chrome Extension Compromise Activity using Synapse #research #methodology
John Doyle - Beyond Meh-trics: Examining How CTI Programs Demonstrate Value Using Metrics #program #metrics
Freddy Murstad - Enhance your Cyber Threat Intelligence with the Admiralty System #frameworks #collection
Vertex Project - Categorizing Software with Code Families #tracking #methodology
CERT EU - 2024 Threat Landscape Report (PDF) #Europe #strategic
Bellingcat - How Code Notebooks Enable Open Source Research #OSINT #tooling
π Tools
Titleist
Suspicious/malicious domain discovery via Certstream monitoring.
Technique Inference Engine
center-for-threat-informed-defense.github.io
Given a set of techniques observed in use by a threat, this tool will infer which other techniques are likely to have been used. Bearing in mind these are educated guesses, the tool can help you direct your efforts in threat hunting and incident response.
OpenCTI Add On for Splunk
github.com/OpenCTI-Platform/splunk-add-on
Use Splunk? Use OpenCTI? This add-on for Splunk will get them talking to eachother.
vertexproject/synapse-workflow-examples
github.com/vertexproject/synapse-workflow-examples
The Vertex Project just released this compilation of Optic Workflow examples to get you started on developing your own for Synapse Enterprise.
ATT&CK Evaluations Library
Here are the complete plans to replicate MITRE's ATT&CK evaluations. They provide the TTPs and selected tools for emulating real threats like LockBit through particular attack flows.
stormgls
A programming language server that adds Storm support to the NeoVim text editor, built with pygls.
π Events
RISE USA
π San Francisco, CA, US
π April 8-9th, 2025
π https://www.team-cymru.com/rise-usa
PIVOTcon
Invite-only up to 155 attendees, ticket price includes accommodations.
π Malaga, ES
π May 7-9th, 2025
π’ Higueron Hotel MΓ‘laga
π Info https://pivotcon.org
π Request invite https://docs.google.com/forms/d/1zik9D1BIK9e8bF8nMtdGm22O4C94z-bXJ6Vrx4cWCBY/viewform
SLEUTHCON
πArlington, VA, US and online
π June 6th, 2025
π https://www.sleuthcon.com/
Underground Economy
π Strasbourg, FR
π September, 2025
π https://www.team-cymru.com/events
RISE Malaysia
π Putrajaya, MY
π December 9-10th, 2025
π https://www.team-cymru.com/events
Member discussion