1 min read

Sources & Methods Newsletter #3 - November 2022

Welcome to issue 003 of Sources & Methods newsletter, the CYBERWARCON edition. What am I changing for this special edition? Well, not much, actually. But I am publishing early this time to kick off the conference! Stay tuned for a recap of CYBERWARCON and BRUNCHCON (yes).

πŸ“ Sources

ORKL Cyber Threat Intelligence Library - "Over time, the goal is to collect a complete corpus of all publicly released CTI reports to be used as a reference in scientific research and CTI reporting"

πŸ“° Articles

Hundreds of U.S. news sites push malware in supply-chain attack #malware

Beneath the surface: Uncovering the shift in web skimming - especially important as holiday shopping intensifies #trends #retail

[VIDEO] Pivoting from Art to Science #tradecraft #presentation

ENISA Threat Landscape 2022 #FYSA #trends

DFIR Report: Follina Exploit Leads to Domain Compromise #analysis

A Menu of Threat Intelligence Use Cases #program #stakeholders

πŸ›  Tools



(Now open source!) Platform for storing, organizing, and searching documents related to cyber threats.



OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down.



Slack emojis to indicate Traffic Light Protocol (TLP) marking of information shared in chat. I recommend using this alongside text-only TLP markings for clarity and accessibility, with these images as eye-catching enhancements.



Terminal UI for querying various OSINT data sources.



Remember Katie Nickels' (@likethecoins) CTI Self Study Plan series from issue 001? I converted Katie's great list of suggested things to read, watch, do, and think about related to CTI to an Obsidian notebook. If you're working through the atudy plan, I hope like me you use this notebook template to track your progress and keep notes on what you learn. It even includes a plugin for annotating assigned reading if they're in PDF or ePub format.

πŸ’‘ Tip

The TryHackMe training platform now has a free Intro to Cyber Threat Intel "room" that'll introduce you to CTI, some frameworks, and tools like YARA, OpenCTI, and MISP.

πŸ“† Events

Cyber Threat Intelligence Summit 2023

πŸ“ Arlington, VA, US & Virtual
✍️ CFP is closed
πŸ“Š Summit: Jan 30-31 2023
πŸ“š Training: Feb 1-6 2023
πŸ”— https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2023/