2 min read

Sources & Methods Newsletter #23 - March 2025

๐Ÿ“ Sources

What is this Stealer - Here's a collection of examples of credential stealer information formats, and accompanying YARA rules to help you automatically match on stealer logs and determine the malware family used.

๐Ÿ“ฐ Information

MSTIC - Silk Typhoon targeting IT supply chain #PRC #supplychain

Ondra Rojฤรญk - Communicating Uncertainties: A Guide to Estimative Language and Confidence Levels in CTI Reporting #reporting #confidence

Kraven Security - How to Plan a CTI Project: Key Documentation You Need #program #howto

BushidoUK - The CTI Research Guide #research #howto

Mandiant - Securing Cryptocurrency Organizations #cryptocurrency #defenses

CMU - Applying Threat Intelligence to Operational Resilience and Risk Management Frameworks #risk #crossdiscipline

Vertex Project - From Code Families to Software Ecosystems: Documenting Relationships Between Tools and Other Resources #tracking #methodology

๐Ÿ›  Tools

censeye

github.com/Censys-Research/censeye

New tool from Censys for finding similar hosts based on criteria shared with a target host. Requires censys-python and a Censys API key.

OctoSQL

github.com/cube2222/octosql

A CLI that enables querying across multiple databases, JSON, Parquet, or CSV/TSV using SQL. Sorcery!

Awesome Shodan Search Queries

github.com/jakejarvis/awesome-shodan-queries

Not a tool in the usual sense, but a collection of Shodan queries you can use directly or as inspiration for your own queries.

goyeti

github.com/yeti-platform/goyeti

New Golang-based API client for the Yeti threat intelligence platform.

Docs

docs.numerique.gouv.fr

An excellent, free collaborative document platform made open source by the French government. Works offline, shows cursor of other editors in real time, and supports exporting to a variety of standard formats. Built with Django and React, can be run with Docker and Compose.

enola

github.com/TheYahya/enola

Golang CLI tool for finding social media accounts by username, with a very polished user experience. Requires Go 1.23, can also be run via Docker.

๐Ÿ“† Events

RISE USA

๐Ÿ“ San Francisco, CA, US
๐Ÿ“† April 8-9th, 2025
๐Ÿ”— https://www.team-cymru.com/rise-usa

FIRST CTI

๐Ÿ“ Berlin, DE
๐Ÿ“† April 21-23rd, 2025
๐Ÿข Mercure Hotel MOA Berlin
๐Ÿ”— https://www.first.org/conference/firstcti25/

PIVOTcon

Invite-only up to 155 attendees, ticket price includes accommodations.

๐Ÿ“ Malaga, ES
๐Ÿ“† May 7-9th, 2025
๐Ÿข Higueron Hotel Mรกlaga
๐Ÿ”— Info https://pivotcon.org
๐Ÿ”— Request invite https://docs.google.com/forms/d/1zik9D1BIK9e8bF8nMtdGm22O4C94z-bXJ6Vrx4cWCBY/viewform

SLEUTHCON

๐Ÿ“Arlington, VA, US and online
๐Ÿ“† June 6th, 2025
๐Ÿข Hyatt Regency Crystal City
๐Ÿ”— https://www.sleuthcon.com/

Underground Economy

๐Ÿ“ Strasbourg, FR
๐Ÿ“† September, 2025
๐Ÿ”— https://www.team-cymru.com/events

RISE Malaysia

๐Ÿ“ Putrajaya, MY
๐Ÿ“† December 9-10th, 2025
๐Ÿ”— https://www.team-cymru.com/events