Sign in Subscribe
2 min read Newsletter

Sources & Methods Newsletter #23 - March 2025

๐Ÿ“ Sources

What is this Stealer - Here's a collection of examples of credential stealer information formats, and accompanying YARA rules to help you automatically match on stealer logs and determine the malware family used.

๐Ÿ“ฐ Information

MSTIC - Silk Typhoon targeting IT supply chain #PRC #supplychain

Ondra Rojฤรญk - Communicating Uncertainties: A Guide to Estimative Language and Confidence Levels in CTI Reporting #reporting #confidence

Kraven Security - How to Plan a CTI Project: Key Documentation You Need #program #howto

BushidoUK - The CTI Research Guide #research #howto

Mandiant - Securing Cryptocurrency Organizations #cryptocurrency #defenses

CMU - Applying Threat Intelligence to Operational Resilience and Risk Management Frameworks #risk #crossdiscipline

Vertex Project - From Code Families to Software Ecosystems: Documenting Relationships Between Tools and Other Resources #tracking #methodology

๐Ÿ›  Tools

censeye

github.com/Censys-Research/censeye

New tool from Censys for finding similar hosts based on criteria shared with a target host. Requires censys-python and a Censys API key.

OctoSQL

github.com/cube2222/octosql

A CLI that enables querying across multiple databases, JSON, Parquet, or CSV/TSV using SQL. Sorcery!

Awesome Shodan Search Queries

github.com/jakejarvis/awesome-shodan-queries

Not a tool in the usual sense, but a collection of Shodan queries you can use directly or as inspiration for your own queries.

goyeti

github.com/yeti-platform/goyeti

New Golang-based API client for the Yeti threat intelligence platform.

Docs

docs.numerique.gouv.fr

An excellent, free collaborative document platform made open source by the French government. Works offline, shows cursor of other editors in real time, and supports exporting to a variety of standard formats. Built with Django and React, can be run with Docker and Compose.

enola

github.com/TheYahya/enola

Golang CLI tool for finding social media accounts by username, with a very polished user experience. Requires Go 1.23, can also be run via Docker.

๐Ÿ“† Events

RISE USA

๐Ÿ“ San Francisco, CA, US
๐Ÿ“† April 8-9th, 2025
๐Ÿ”— https://www.team-cymru.com/rise-usa

FIRST CTI

๐Ÿ“ Berlin, DE
๐Ÿ“† April 21-23rd, 2025
๐Ÿข Mercure Hotel MOA Berlin
๐Ÿ”— https://www.first.org/conference/firstcti25/

PIVOTcon

Invite-only up to 155 attendees, ticket price includes accommodations.

๐Ÿ“ Malaga, ES
๐Ÿ“† May 7-9th, 2025
๐Ÿข Higueron Hotel Mรกlaga
๐Ÿ”— Info https://pivotcon.org
๐Ÿ”— Request invite https://docs.google.com/forms/d/1zik9D1BIK9e8bF8nMtdGm22O4C94z-bXJ6Vrx4cWCBY/viewform

SLEUTHCON

๐Ÿ“Arlington, VA, US and online
๐Ÿ“† June 6th, 2025
๐Ÿข Hyatt Regency Crystal City
๐Ÿ”— https://www.sleuthcon.com/

Underground Economy

๐Ÿ“ Strasbourg, FR
๐Ÿ“† September, 2025
๐Ÿ”— https://www.team-cymru.com/events

RISE Malaysia

๐Ÿ“ Putrajaya, MY
๐Ÿ“† December 9-10th, 2025
๐Ÿ”— https://www.team-cymru.com/events

Published by:

Matthew Conway

You might also like...

Mar
02

Sources & Methods Newsletter #22 - February 2025

The past month has been a year. Let's pretend I published this two days ago when it was
2 min read
Jan
28

Sources & Methods Newsletter #21 - January 2025

๐Ÿ“ Sources JA4+ Database - Online and downloadable database of JA4+ TLS fingerprints ๐Ÿ“ฐ Information Vertex Project - More Than Malware Families:
2 min read
Nov
15

Sources & Methods Newsletter #20 - November 2024

๐Ÿ“ Sources OSSF Malicious Package Registry - theย Securing Critical Projects Working Groupย of theย Open Source Security Foundation (OpenSSF) maintains
2 min read
Jul
09

Sources & Methods Newsletter #19 - July 2024

Welcome to issue #19 of the Sources & Methods newsletter! I paused for a bit while visiting London and Dublin,
2 min read
Apr
28

Sources & Methods Newsletter #18 - April 2024

Welcome to the April 2024 issue of the Sources & Methods newsletter! This month, we dive into the importance of
2 min read

Member discussion