Sources & Methods Newsletter #24 - June 2025
Well we're nearly half-way through 2025. ๐ฎโ๐จ Kicking off June sharing a new tool of my own, synapse-claude
, and looking forward to SLEUTHCON this Friday! I'll be attending remotely and suffering from FOMO from all the posts by folks attending in-person.
Thanks for reading,
Matthew Conway (@mattreduce)
๐ Sources
OSINT Treasure Trove - Extensive bibliography (or reading list, if you like) of written works on open source intelligence. The list is indexed by author, year, keyword, and more. Dare I say it deserves a place in the bookmarks bar on your browser?
๐ฐ Information
Cisco Talos - Defining a new methodology for modeling and tracking compartmentalized threats #tracking
Recorded Future - Fusion Center Thinking (eBook) #crossdomain #program
Scott J. Roberts - LLM SATs FTW #tradecraft #SATs #AI
Datadog - The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions #malware #crypto
Mandiant - Mark Your Calendar: APT41 Innovative Tactics #APT41 #PRC #C2
Vertex Project - It's All Connected: Align and Validate Your Tactical and Strategic Intelligence #tooling
Koifsec - Practical Cyber Deception โ Introduction to โChaotic Goodโ #deception
Unit 42 - Threat Group Assessment: Muddled Libra (Updated May 16, 2025) #cybercrime
SANS - 2025 CTI Survey #industry #surveys
๐ Tools
synapse-claude
github.com/srcmtd/synapse-claude
Here's a tool of my own this month: a Rapid Power-Up for Vertex Synapse that integrates with Claude AI. So far, you can ask Claude questions without breaking your focus and leaving Synapse:
storm> claude.ask "What are some malicious uses of AppleScript/JXA?"
Sending prompt to Claude...
Claude Response:
==================================================
AppleScript and JXA (JavaScript for Automation) can be abused for various malicious activities:
**System Access & Persistence**
- Keylogging via accessibility features and input monitoring
- Screen capture and recording without user awareness
...
Next, I plan to support summarizing reports and translating articles with Claude. So you could use a trigger to automatically summarize new threat reports as they come in. You could also translate content you're collecting in another language such as articles, forum posts, or Telegram messages. Stay tuned!
Cradle
A new open source threat intelligence platform from Prodaft that supports collaborative analysis, entity/relationship visualization, and report generation. Deployable via Docker and Compose, it has a Python and Django backend with an Electron/React frontend, Redis and Postgres datastores.
Attribution to IP
github.com/curated-intel/Attribution-to-IP
Not so much a tool as it is a collection of many tools and information sources, compiled to help you find the owner or user of an IP address.
pycti-mcp
MCP server that allows you to work with OpenCTI from an AI system like ChatGPT or Claude. The project is brand new, so far you can use it to look up observables already stored in OpenCTI.
markitdown
github.com/microsoft/markitdown
An unexpected new tool from Microsoft, this Python library converts Office documents and other types of files to Markdown for easier indexing and text analysis. You might find this useful if you want to pre-process slideshows and Word docs before adding them to an LLM's context, or a database with full-text search capabilities.
๐ Events
SLEUTHCON
๐Arlington, VA, US and online
๐ June 6th, 2025
๐ข Hyatt Regency Crystal City
๐ https://www.sleuthcon.com/
Underground Economy
๐ Strasbourg, FR
๐ September 1-4th, 2025
๐ https://www.team-cymru.com/gate/underground-economy-2025
RISE Malaysia
๐ Putrajaya, MY
๐ December 9-10th, 2025
๐ https://www.team-cymru.com/events
Member discussion