Welcome to issue seven. Now that this newsletter has really hit its stride, I'd like to expand from this monthly roundup format to include other kinds of content on a regular cadence. I've started work on a Sources & Methods website and blog where I can post original analysis and gists of new reports to save you time. Stay tuned!
Thanks for reading,
Matthew Conway (@mattreduce)
GH Archive - If you need to review activity on GitHub.com as part of investigations or incident response, add GH Archive to your toolkit. It provides an archive of events on GitHub as gzipped JSON data. You can download an hour's worth of events if you know exactly when to look, or years of data since 2011 for an offline archive you can sift through later. The service itself is open source.
Robert M. Lee - Structuring Cyber Threat Intelligence Assessments: Musings and Recommendations #production #tradecraft
Sysdig - SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft #cloud #containers #analysis
UK Home Office - National Protective Security Authority begins work #gov #partnerships #espionage
Intelligence and National Security - Critical Intelligence Studies: A new framework for analysis #intelligence #longreads
Self-hostable web application that walks you through a series of questions to map adversary activities to ATT&CK.
IOK (Indicator Of Kit) is an open source ruleset of phishing threat actor tools and tactics.
These Obsidian templates for OSINT collectors leverage the tool's excellent features for capturing and reviewing the output from investigations.
If you use Vertex Synapse, this Power-Up can import data or enrich with SinkDB, a free (restricted-access) database of sinkholes.
pandance Python package provides additional relational operations—fuzzy and theta joins—for working with pandas DataFrames.
"Always think about the data on which your analysis is based. Think about the data you had access to and, more importantly, the data you didn't. Be as aware as possible of your biases."
Well said! And thanks for sharing.
📍 Strasbourg, FR
📚 Training: Apr 11
📊 Conference: Apr 12–14
🏢 Hilton Strasbourg
RISE Mexico 2023
Regional Internet Security Event co-hosted by LACNIC and Team Cymru
📍 Merida, MX
📊 Conference May 10-11
Submit your talk proposal by March 31st! The conference will pay $500 for each full 30 minute talk.
USENIX Security '23
📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott