2 min read

Sources & Methods Newsletter #8 - April 2023

Welcome to issue eight! A lot has happened since the last edition, although I suppose that's the way it goes, eh? As you may have seen, both Breach Forums and Genesis Market are no more. Lockbit is even taking a crack at macOSβ€”but development is off to a rocky start.

I've been spending part of my weekends steadily working on a website and blog for Sources & Methods, which you can see in part today at sourcesmethods.com. While developing a series of how-to articles for that blog on OpenCTI connector development, I created a YARA connector that has been accepted by the project and sits proudly in this month's Tools section.

Thanks for reading,

Matthew Conway (@mattreduce)

πŸ“ Sources

Cloud Security Atlas - Datadog have released a new database of attacks, vulnerabilities, and misconfigurations affecting cloud infrastructure platforms.

πŸ“° Articles

SignalCorp - Getting Started with STIX Shifter #STIX #integration

Cado Security - Previously Undiscovered TeamTNT Payload Recently Surfaced #mining #operational #analysis

Jamie Collier - Driving Threat Intelligence the Right Way #program #requirements

Uptycs - MacStealer: New MacOS-based Stealer Malware Identified #macos #operational #analysis

Analytic Insider - Anticipating High Impact/Low Probability Events #strategic #tradecraft #reframing #SATs

Vertex Project - Analyzing a Suspected Russian Influence Operation with Synapse #analysis #tooling #howto

TheRecord - Lunch on The Record: Daniel Moore and Offensive Cyber Operations #CNO #interview #longreads

πŸ›  Tools

YARA connector for OpenCTI :tada:

yara in OpenCTI-Platform/connectors

This OpenCTI connector enriches Artifact Observables by scanning their contents using every YARA Indicator in the system. When a rule matches, the connector creates a relationship between the Artifact and Indicator.



A collection of free intelligence product templates from the book Intelligence-Driven Incident Response.



Red Canary's new Mac Monitor is a free, feature-rich monitoring tool for macOS built on top of Endpoint Security framework, available as a proper notarized executable with monitoring capabilities approved by Apple. You'll find it handy for security research and malware analysis. Thanks, Red Canary, and congrats on the initial release!



Fetch Wayback Machine (Internet Archive) URLs for a given domain from the command-line.

pandas v2.0


Version 2.0 of the pandas Python package is here, with enhancements, bug fixes, and performance improvements.

πŸ’‘ Tip

Making templates for written products saves you time, helps colleagues collaborate with you, and gives readers a consistent structure they can expect in the future. I even use a template (in Markdown) to create this newsletter each month!

πŸ“† Events

RISE Mexico 2023

Regional Internet Security Event co-hosted by LACNIC and Team Cymru

πŸ“ Merida, MX
πŸ“Š Conference May 10-11
πŸ”— https://www.team-cymru.com/rise-mexico


πŸ“ Arlington, VA, US & Virtual
πŸ“Š Conference May 12
🏒 Hilton National Landing
πŸ”— Event: https://www.sleuthcon.com

USENIX Security '23

πŸ“ Anaheim, CA, US
πŸ“Š Conference Aug 9–11
🏒 Anaheim Marriott
πŸ”— https://www.usenix.org/conference/usenixsecurity23

Underground Economy Conference 2023

πŸ“ Prague, CZ
πŸ“Š Conference Sep 4-7
🏒 Prague Congress Center
πŸ”— CFP https://capsllc.wufoo.com/forms/ue23-speaker-submission/
πŸ”— Conference https://www.team-cymru.com/ue2023

Objective by the Sea v6

CFP is open now, and will close on June 30th, 2023

πŸ“ Marbella, ES
πŸ“š Training Oct 9-11
πŸ“Š Conference Oct 12-13
🏒 Don Pepe (Gran MeliÑ)
πŸ”— CFP https://objectivebythesea.org/v6/cfp.html
πŸ”— Conference https://objectivebythesea.org/v6/cfp.html