Sign in Subscribe
2 min read Newsletter

Sources & Methods Newsletter #25 - August 2025

Hello again! I'm glad to share this month that I joined Remitly to help build their Threat Intelligence program, ensuring the safety and security of a vital financial service for millions around the world.

Hope you're all doing well,

Matthew Conway (@mattreduce)

๐Ÿ“ Sources

FT3 - Stripe just open sourced a framework they call FT3, or "Fraud Tools, Tactics and Techniques." The ATT&CK-inspired taxonomy is meant to aid understanding and cataloging financial crimes and other kinds of fraud. Contributions are welcome.

๐Ÿ“ฐ Information

Unit 42 - Introducing Unit 42's Attribution Framework #attribution #frameworks

Vertex Project - Using Tactical and Strategic Analysis to Track Threat Actor Targeting #tooling #tracking

Joe Slowik - Will the Real Salt Typhoon Please Stand Up #attribution #targeting

CheckFirst - Decoding Secrets Through Symbols: How Military Insignia Revealed Russia's Hidden SIGINT Network #RU #SIGINT #actors

MITRE - Vizualize, Understand, and Share with Attack Flow 3 #frameworks #tooling

Nicholas Peterson - Trust But Verify: Evaluating the Accuracy of LLMs in Normalizing Threat Data Feeds #tooling #LLM #research

DomainTools - Mapping Hidden Alliances in Russian-Affiliated Ransomware #ransomware #RU #infographics

Abuse.ch - Creating sustainability for abuse.ch and its community #sources

๐Ÿ›  Tools

Thorium

github.com/cisagov/thorium

New file analysis platform from CISA for building pipelines of analysis tools with full-text searchable results.

Flowintel

github.com/flowintel/flowintel

New open source web app for organizing threat intelligence from case management and tasks to templates, with MISP integration.

vim-storm

github.com/rakuy0/vim-storm

Vim syntax highlighting for the Storm query language (Vertex Synapse).

Fabric

github.com/blackstork-io/fabric

An open source CLI tool for creating various security-related reports from templates with LLM capabilities.

helm-opencti

github.com/devops-ia/helm-opencti

If you use Kubernetes or have a DevOps team that does, here's a Helm Chart that will simplify OpenCTI deployment for you.

๐Ÿ“† Events

Underground Economy

๐Ÿ“ Strasbourg, FR
๐Ÿ“† September 1-4th, 2025
๐Ÿ”— https://www.team-cymru.com/gate/underground-economy-2025

ATT&CKcon 6.0

๐Ÿ“ McLean, VA, US
๐Ÿ“Š October 14-15th
๐Ÿข MITRE ATT&CK HQ
๐Ÿ”— https://na.eventscloud.com/website/82912/

State of Statecraft

CFP closes September 1st, 2025

๐Ÿ“ Bruxelles, BE
๐Ÿ“† October 28th, 2025
๐Ÿข Location will be shared after registration
๐Ÿ”— https://www.stateofstatecraft.com/
๐Ÿ”— CFP https://www.stateofstatecraft.com/cfp

RISE Malaysia

๐Ÿ“ Putrajaya, MY
๐Ÿ“† December 9-10th, 2025
๐Ÿ”— https://www.team-cymru.com/events

Published by:

Matthew Conway

You might also like...

Jun
02

Sources & Methods Newsletter #24 - June 2025

Well we're nearly half-way through 2025. ๐Ÿ˜ฎโ€๐Ÿ’จ Kicking off June sharing a new tool of my own, synapse-claude, and
2 min read
Mar
31

Sources & Methods Newsletter #23 - March 2025

๐Ÿ“ Sources What is this Stealer - Here's a collection of examples of credential stealer information formats, and accompanying
2 min read
Mar
02

Sources & Methods Newsletter #22 - February 2025

The past month has been a year. Let's pretend I published this two days ago when it was
2 min read
Jan
28

Sources & Methods Newsletter #21 - January 2025

๐Ÿ“ Sources JA4+ Database - Online and downloadable database of JA4+ TLS fingerprints ๐Ÿ“ฐ Information Vertex Project - More Than Malware Families:
2 min read
Nov
15

Sources & Methods Newsletter #20 - November 2024

๐Ÿ“ Sources OSSF Malicious Package Registry - theย Securing Critical Projects Working Groupย of theย Open Source Security Foundation (OpenSSF) maintains
2 min read

Member discussion