Sources & Methods Newsletter #23 - March 2025
๐ Sources
What is this Stealer - Here's a collection of examples of credential stealer information formats, and accompanying YARA rules to help you automatically match on stealer logs and determine the malware family used.
๐ฐ Information
MSTIC - Silk Typhoon targeting IT supply chain #PRC #supplychain
Ondra Rojฤรญk - Communicating Uncertainties: A Guide to Estimative Language and Confidence Levels in CTI Reporting #reporting #confidence
Kraven Security - How to Plan a CTI Project: Key Documentation You Need #program #howto
BushidoUK - The CTI Research Guide #research #howto
Mandiant - Securing Cryptocurrency Organizations #cryptocurrency #defenses
CMU - Applying Threat Intelligence to Operational Resilience and Risk Management Frameworks #risk #crossdiscipline
Vertex Project - From Code Families to Software Ecosystems: Documenting Relationships Between Tools and Other Resources #tracking #methodology
๐ Tools
censeye
github.com/Censys-Research/censeye
New tool from Censys for finding similar hosts based on criteria shared with a target host. Requires censys-python and a Censys API key.
OctoSQL
A CLI that enables querying across multiple databases, JSON, Parquet, or CSV/TSV using SQL. Sorcery!
Awesome Shodan Search Queries
github.com/jakejarvis/awesome-shodan-queries
Not a tool in the usual sense, but a collection of Shodan queries you can use directly or as inspiration for your own queries.
goyeti
github.com/yeti-platform/goyeti
New Golang-based API client for the Yeti threat intelligence platform.
Docs
An excellent, free collaborative document platform made open source by the French government. Works offline, shows cursor of other editors in real time, and supports exporting to a variety of standard formats. Built with Django and React, can be run with Docker and Compose.
enola
Golang CLI tool for finding social media accounts by username, with a very polished user experience. Requires Go 1.23, can also be run via Docker.
๐ Events
RISE USA
๐ San Francisco, CA, US
๐ April 8-9th, 2025
๐ https://www.team-cymru.com/rise-usa
FIRST CTI
๐ Berlin, DE
๐ April 21-23rd, 2025
๐ข Mercure Hotel MOA Berlin
๐ https://www.first.org/conference/firstcti25/
PIVOTcon
Invite-only up to 155 attendees, ticket price includes accommodations.
๐ Malaga, ES
๐ May 7-9th, 2025
๐ข Higueron Hotel Mรกlaga
๐ Info https://pivotcon.org
๐ Request invite https://docs.google.com/forms/d/1zik9D1BIK9e8bF8nMtdGm22O4C94z-bXJ6Vrx4cWCBY/viewform
SLEUTHCON
๐Arlington, VA, US and online
๐ June 6th, 2025
๐ข Hyatt Regency Crystal City
๐ https://www.sleuthcon.com/
Underground Economy
๐ Strasbourg, FR
๐ September, 2025
๐ https://www.team-cymru.com/events
RISE Malaysia
๐ Putrajaya, MY
๐ December 9-10th, 2025
๐ https://www.team-cymru.com/events
Member discussion