2 min read

Sources & Methods Newsletter #6 - February 2023

Welcome to issue six. I'm pleased to share that, as of this month, Sources & Methods has over 100 subscribers. Thanks for being one of them!

Details are shaping up for some of this year's conferences. I chose four to feature across the United States, Mexico, and France. Check them out in the Events section at the end of the issue.


Matthew Conway (@mattreduce)

πŸ“ Sources

Initial Access Broker Landscape - The initial access ecosystem is extensive. This visualization (in PNG and SVG formats) might help you wrap your head around it, too.

πŸ“° Articles

Jamie Collier - Structured Analytical Techniques for Pragmatists #tradecraft

Proofpoint - OneNote Documents Increasingly Used to Deliver Malware #phishing #malware #trends

Scott Roberts - Effective Tagging in Synapse #tooling

SentinelOne - Cloud Credentials Phishing | Malicious Google Ads Target AWS Logins #phishing #analysis

Joe SΕ‚owik - Conceptualizing a Continuum of Cyber Threat Attribution #attribution

Bellingcat - Octosuite: A New Tool to Conduct Open Source Investigations on GitHub #osint #collection #tooling

πŸ›  Tools



A new, extensive OSINT tool for collecting on GitHub users and organizations.



A collection of icons representing STIX objects and relationships for reports, presentations, or anything you like. Each icon is available in black, white, RGB, and CMYK in normal or rounded style, in PDF/PNG/SVG formats. There's even a custom font in four formats! Made open source by EclecticIQ with a Creative Commons Attribution 4.0 International License.



A Python library for parsing fully-qualified domain names (FQDNs) into each of their components, along with context about top-level domains (TLDs). Intelligently handles multi-label TLDs like .co.uk, Unicode, and "private suffixes" like herokuapp.com.

Vertex Synapse


The Vertex Project offer an open source "central intelligence system" you can use to collect, enrich, analyze, and integrate intelligence. There's a great community around it and a powerful Enterprise version, as well.



SACTI provides a secure and anonymous mechanism to facilitate structural exchange of sightings and impact information in communities that employ the MISP platform.

πŸ’‘ Tip

Can't figure out a security/intelligence-related term or acronym? Try searching @BushidoUK's CTI Lexicon. It's a sizable reference that was updated just last month.

πŸ“† Events

Botconf 2023

πŸ“ Strasbourg, FR
πŸ“š Training: Apr 11
πŸ“Š Conference: Apr 12–14
🏒 Hilton Strasbourg
πŸ”— https://www.botconf.eu

RISE Mexico 2023

Regional Internet Security Event co-hosted by LACNIC and Team Cymru

πŸ“ Merida, MX
πŸ“Š Conference May 10-11
πŸ”— https://www.team-cymru.com/rise-mexico


Submit your talk proposal by March 31st! The conference will pay $500 for each full 30 minute talk.

πŸ“ Arlington, VA, US & Virtual
πŸ“Š Conference May 12
🏒 Hilton National Landing
πŸ”— CFP: https://www.sleuthcon.com/cfp
πŸ”— Event: https://www.sleuthcon.com

USENIX Security '23

πŸ“ Anaheim, CA, US
πŸ“Š Conference Aug 9–11
🏒 Anaheim Marriott
πŸ”— https://www.usenix.org/conference/usenixsecurity23