Sources & Methods Newsletter #8 - April 2023

Welcome to issue eight! A lot has happened since the last edition, although I suppose that's the way it goes, eh? As you may have seen, both Breach Forums and Genesis Market are no more. Lockbit is even taking a crack at macOS—but development is off to a rocky start.

I've been spending part of my weekends steadily working on a website and blog for Sources & Methods, which you can see in part today at sourcesmethods.com. While developing a series of how-to articles for that blog on OpenCTI connector development, I created a YARA connector that has been accepted by the project and sits proudly in this month's Tools section.

Thanks for reading,

Matthew Conway (@mattreduce)

📁 Sources

Cloud Security Atlas - Datadog have released a new database of attacks, vulnerabilities, and misconfigurations affecting cloud infrastructure platforms.

📰 Articles

SignalCorp - Getting Started with STIX Shifter #STIX #integration

Cado Security - Previously Undiscovered TeamTNT Payload Recently Surfaced #mining #operational #analysis

Jamie Collier - Driving Threat Intelligence the Right Way #program #requirements

Uptycs - MacStealer: New MacOS-based Stealer Malware Identified #macos #operational #analysis

Analytic Insider - Anticipating High Impact/Low Probability Events #strategic #tradecraft #reframing #SATs

Vertex Project - Analyzing a Suspected Russian Influence Operation with Synapse #analysis #tooling #howto

TheRecord - Lunch on The Record: Daniel Moore and Offensive Cyber Operations #CNO #interview #longreads

🛠 Tools

YARA connector for OpenCTI :tada:

yara in OpenCTI-Platform/connectors

This OpenCTI connector enriches Artifact Observables by scanning their contents using every YARA Indicator in the system. When a rule matches, the connector creates a relationship between the Artifact and Indicator.

intelligence-product-templates

github.com/intelligence-driven-incident-response/intelligence-product-templates

A collection of free intelligence product templates from the book Intelligence-Driven Incident Response.

mac-monitor

github.com/redcanaryco/mac-monitor

Red Canary's new Mac Monitor is a free, feature-rich monitoring tool for macOS built on top of Endpoint Security framework, available as a proper notarized executable with monitoring capabilities approved by Apple. You'll find it handy for security research and malware analysis. Thanks, Red Canary, and congrats on the initial release!

waybackurls

github.com/tomnomnom/waybackurls

Fetch Wayback Machine (Internet Archive) URLs for a given domain from the command-line.

pandas v2.0

Changelog

Version 2.0 of the pandas Python package is here, with enhancements, bug fixes, and performance improvements.

💡 Tip

Making templates for written products saves you time, helps colleagues collaborate with you, and gives readers a consistent structure they can expect in the future. I even use a template (in Markdown) to create this newsletter each month!

📆 Events

RISE Mexico 2023

Regional Internet Security Event co-hosted by LACNIC and Team Cymru

📍 Merida, MX
📊 Conference May 10-11
🔗 https://www.team-cymru.com/rise-mexico

SLEUTHCON '23

📍 Arlington, VA, US & Virtual
📊 Conference May 12
🏢 Hilton National Landing
🔗 Event: https://www.sleuthcon.com

USENIX Security '23

📍 Anaheim, CA, US
📊 Conference Aug 9–11
🏢 Anaheim Marriott
🔗 https://www.usenix.org/conference/usenixsecurity23

Underground Economy Conference 2023

📍 Prague, CZ
📊 Conference Sep 4-7
🏢 Prague Congress Center
🔗 CFP https://capsllc.wufoo.com/forms/ue23-speaker-submission/
🔗 Conference https://www.team-cymru.com/ue2023

Objective by the Sea v6

CFP is open now, and will close on June 30th, 2023

📍 Marbella, ES
📚 Training Oct 9-11
📊 Conference Oct 12-13
🏢 Don Pepe (Gran Meliá)
🔗 CFP https://objectivebythesea.org/v6/cfp.html
🔗 Conference https://objectivebythesea.org/v6/cfp.html