Sources & Methods Newsletter #8 - April 2023
Welcome to issue eight! A lot has happened since the last edition, although I suppose that's the way it goes, eh? As you may have seen, both Breach Forums and Genesis Market are no more. Lockbit is even taking a crack at macOSโbut development is off to a rocky start.
I've been spending part of my weekends steadily working on a website and blog for Sources & Methods, which you can see in part today at sourcesmethods.com. While developing a series of how-to articles for that blog on OpenCTI connector development, I created a YARA connector that has been accepted by the project and sits proudly in this month's Tools section.
Thanks for reading,
Matthew Conway (@mattreduce)
๐ Sources
Cloud Security Atlas - Datadog have released a new database of attacks, vulnerabilities, and misconfigurations affecting cloud infrastructure platforms.
๐ฐ Articles
SignalCorp - Getting Started with STIX Shifter #STIX #integration
Cado Security - Previously Undiscovered TeamTNT Payload Recently Surfaced #mining #operational #analysis
Jamie Collier - Driving Threat Intelligence the Right Way #program #requirements
Uptycs - MacStealer: New MacOS-based Stealer Malware Identified #macos #operational #analysis
Analytic Insider - Anticipating High Impact/Low Probability Events #strategic #tradecraft #reframing #SATs
Vertex Project - Analyzing a Suspected Russian Influence Operation with Synapse #analysis #tooling #howto
TheRecord - Lunch on The Record: Daniel Moore and Offensive Cyber Operations #CNO #interview #longreads
๐ Tools
YARA connector for OpenCTI :tada:
yara in OpenCTI-Platform/connectors
This OpenCTI connector enriches Artifact Observables by scanning their contents using every YARA Indicator in the system. When a rule matches, the connector creates a relationship between the Artifact and Indicator.
intelligence-product-templates
github.com/intelligence-driven-incident-response/intelligence-product-templates
A collection of free intelligence product templates from the book Intelligence-Driven Incident Response.
mac-monitor
github.com/redcanaryco/mac-monitor
Red Canary's new Mac Monitor is a free, feature-rich monitoring tool for macOS built on top of Endpoint Security framework, available as a proper notarized executable with monitoring capabilities approved by Apple. You'll find it handy for security research and malware analysis. Thanks, Red Canary, and congrats on the initial release!
waybackurls
github.com/tomnomnom/waybackurls
Fetch Wayback Machine (Internet Archive) URLs for a given domain from the command-line.
pandas v2.0
Version 2.0 of the pandas Python package is here, with enhancements, bug fixes, and performance improvements.
๐ก Tip
Making templates for written products saves you time, helps colleagues collaborate with you, and gives readers a consistent structure they can expect in the future. I even use a template (in Markdown) to create this newsletter each month!
๐ Events
RISE Mexico 2023
Regional Internet Security Event co-hosted by LACNIC and Team Cymru
๐ Merida, MX
๐ Conference May 10-11
๐ https://www.team-cymru.com/rise-mexico
SLEUTHCON '23
๐ Arlington, VA, US & Virtual
๐ Conference May 12
๐ข Hilton National Landing
๐ Event: https://www.sleuthcon.com
USENIX Security '23
๐ Anaheim, CA, US
๐ Conference Aug 9โ11
๐ข Anaheim Marriott
๐ https://www.usenix.org/conference/usenixsecurity23
Underground Economy Conference 2023
๐ Prague, CZ
๐ Conference Sep 4-7
๐ข Prague Congress Center
๐ CFP https://capsllc.wufoo.com/forms/ue23-speaker-submission/
๐ Conference https://www.team-cymru.com/ue2023
Objective by the Sea v6
CFP is open now, and will close on June 30th, 2023
๐ Marbella, ES
๐ Training Oct 9-11
๐ Conference Oct 12-13
๐ข Don Pepe (Gran Meliรก)
๐ CFP https://objectivebythesea.org/v6/cfp.html
๐ Conference https://objectivebythesea.org/v6/cfp.html
Member discussion