Sources & Methods
@sourcesmethods.com
Blog and monthly digest of Cyber Threat Intelligence (CTI) information sources, tools, articles, events, and helpful tips sourcesmethods.com by @mattreduce.com
Pinned
Sources & Methods
@sourcesmethods.com
· Aug 23
Sources & Methods Newsletter #25 - August 2025
Hello again! I'm glad to share this month that I joined Remitly to help build their Threat Intelligence program, ensuring the safety and security of a vital financial service for millions around the w...
sourcesmethods.com
Sources & Methods #CTI newsletter issue 25 is out with more articles, tools, and conferences for you 📨 sourcesmethods.com/sources-meth...
Reposted by Sources & Methods
Have questions about submitting to the #SOCON2026 CFP? We’ve got answers.
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
November 12, 2025 at 8:36 PM
Have questions about submitting to the #SOCON2026 CFP? We’ve got answers.
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
Reposted by Sources & Methods
Obsidian Importer now lets you generate Markdown files from a CSV.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
November 12, 2025 at 8:24 PM
Obsidian Importer now lets you generate Markdown files from a CSV.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
Reposted by Sources & Methods
cloud.google.com/blog/topics/...
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | Google Cloud Blog
An unauthenticated access vulnerability in Gladinet's Triofox platform, exploited by the threat actor UNC6485.
cloud.google.com
November 10, 2025 at 5:25 PM
cloud.google.com/blog/topics/...
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
Reposted by Sources & Methods
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
MITRE ATT&CKcon - ATT&CKcon 6.0 | MITRE ATT&CK®
attack.mitre.org
November 7, 2025 at 6:13 PM
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Reposted by Sources & Methods
There's an open role for a Staff CTI Analyst on my team here
@huntress.com
📢💫
✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
✨Do you like doing data analysis, and using this to make threat reports? 👇
@huntress.com
📢💫
✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
✨Do you like doing data analysis, and using this to make threat reports? 👇
November 7, 2025 at 6:37 PM
There's an open role for a Staff CTI Analyst on my team here
@huntress.com
📢💫
✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
✨Do you like doing data analysis, and using this to make threat reports? 👇
@huntress.com
📢💫
✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
✨Do you like doing data analysis, and using this to make threat reports? 👇
Reposted by Sources & Methods
"The DPRK IT worker threat is more than a fraud or sanctions evasion issue; it exposes systemic weaknesses in how identity is verified and managed across the global economy." Chandana Seshadri looks at DPRK IT worker typologies & identifies a path forward.
The Global Threat of DPRK IT Workers - 38 North: Informed Analysis of North Korea
The Democratic People’s Republic of Korea’s (North Korea or DPRK) is most often associated with ...
bit.ly
October 9, 2025 at 5:25 PM
"The DPRK IT worker threat is more than a fraud or sanctions evasion issue; it exposes systemic weaknesses in how identity is verified and managed across the global economy." Chandana Seshadri looks at DPRK IT worker typologies & identifies a path forward.
Reposted by Sources & Methods
Our new and improved Bellingcat Toolkit is one-year-old today! If you haven't used it yet its a one-stop shop for discovering useful open source tools, maintained by an amazing group of volunteers. You can find use cases, guidance and honest reviews for each tool. bellingcat.gitbook.io/toolkit
Home | Bellingcat's Online Investigation Toolkit
A toolkit for open source researchers
bellingcat.gitbook.io
September 24, 2025 at 12:28 PM
Our new and improved Bellingcat Toolkit is one-year-old today! If you haven't used it yet its a one-stop shop for discovering useful open source tools, maintained by an amazing group of volunteers. You can find use cases, guidance and honest reviews for each tool. bellingcat.gitbook.io/toolkit
Reposted by Sources & Methods
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog
BRICKSTORM is a stealthy backdoor used by suspected China-nexus actors for long-term espionage.
cloud.google.com
September 24, 2025 at 2:31 PM
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
Reposted by Sources & Methods
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
September 24, 2025 at 6:57 PM
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
Reposted by Sources & Methods
CFP closes this Friday, September 26th at 11:59pm EST!
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
September 23, 2025 at 6:15 PM
CFP closes this Friday, September 26th at 11:59pm EST!
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
Reposted by Sources & Methods
It is a good time to learn how to find accurate information online. We’re offering virtual training sessions over the month of October, teaching you Bellingcat’s investigative techniques…
September 21, 2025 at 3:48 PM
It is a good time to learn how to find accurate information online. We’re offering virtual training sessions over the month of October, teaching you Bellingcat’s investigative techniques…
Reposted by Sources & Methods
For more than a year I’ve spoken with Scattered Spider “caller” Noah Urban from a Florida jail. I wanted to know how they chose victims, their methods and how Noah became entangled in a virtually and physically violent world.
We’re publishing his story today: www.bloomberg.com/news/feature...
We’re publishing his story today: www.bloomberg.com/news/feature...
‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker
Noah Urban’s role in the notorious Scattered Spider gang was talking people into unwittingly giving criminals access to sensitive computer systems.
www.bloomberg.com
September 19, 2025 at 11:46 AM
For more than a year I’ve spoken with Scattered Spider “caller” Noah Urban from a Florida jail. I wanted to know how they chose victims, their methods and how Noah became entangled in a virtually and physically violent world.
We’re publishing his story today: www.bloomberg.com/news/feature...
We’re publishing his story today: www.bloomberg.com/news/feature...
Reposted by Sources & Methods
🔥🔥 Fresh research drop live from #labscon Arizona. @alex.leetnoob.com and @morecoffeeplz.bsky.social with @vkamluk.bsky.social
The Hunt for LLM-enabled malware #ai #cyber #threatintel
s1.ai/llm-mw
The Hunt for LLM-enabled malware #ai #cyber #threatintel
s1.ai/llm-mw
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
LLM-enabled malware poses new challenges for detection. SentinelLABS presents groundbreaking research on how to hunt for this new class of threats.
s1.ai
September 19, 2025 at 5:07 PM
🔥🔥 Fresh research drop live from #labscon Arizona. @alex.leetnoob.com and @morecoffeeplz.bsky.social with @vkamluk.bsky.social
The Hunt for LLM-enabled malware #ai #cyber #threatintel
s1.ai/llm-mw
The Hunt for LLM-enabled malware #ai #cyber #threatintel
s1.ai/llm-mw
Reposted by Sources & Methods
We're looking for some awesome folks to join our team!
If one of these roles catches your eye, we'd love to hear from you.
👩💻 greynoise.io/careers
If one of these roles catches your eye, we'd love to hear from you.
👩💻 greynoise.io/careers
September 15, 2025 at 6:35 PM
We're looking for some awesome folks to join our team!
If one of these roles catches your eye, we'd love to hear from you.
👩💻 greynoise.io/careers
If one of these roles catches your eye, we'd love to hear from you.
👩💻 greynoise.io/careers
Reposted by Sources & Methods
If you couldn't attend PIVOTcon live, our Threat Clustering Workshop is now available on the Vertex Intel-Sharing Synapse Instance!
Examine real-world data and answer the age-old question: “Is this a cluster? Or a CLUSTER!?”
Learn more here: vertex.link/blogs/threat...
Examine real-world data and answer the age-old question: “Is this a cluster? Or a CLUSTER!?”
Learn more here: vertex.link/blogs/threat...
Here at The Vertex Project, we spend a lot of time thinking about how we can make Synapse (and analysis in general) better. For example, on any given day, we might ask ourselves:
vertex.link
September 15, 2025 at 6:55 PM
If you couldn't attend PIVOTcon live, our Threat Clustering Workshop is now available on the Vertex Intel-Sharing Synapse Instance!
Examine real-world data and answer the age-old question: “Is this a cluster? Or a CLUSTER!?”
Learn more here: vertex.link/blogs/threat...
Examine real-world data and answer the age-old question: “Is this a cluster? Or a CLUSTER!?”
Learn more here: vertex.link/blogs/threat...
Reposted by Sources & Methods
Three things I wish I knew before starting in CTI:
1. You are going to repeat yourself a lot, and that is normal. You may often find yourself saying “remember I told you about this weeks ago.” It is easy to get frustrated when nobody reads your report, but repetition is part of the job.
1. You are going to repeat yourself a lot, and that is normal. You may often find yourself saying “remember I told you about this weeks ago.” It is easy to get frustrated when nobody reads your report, but repetition is part of the job.
September 5, 2025 at 6:49 PM
Three things I wish I knew before starting in CTI:
1. You are going to repeat yourself a lot, and that is normal. You may often find yourself saying “remember I told you about this weeks ago.” It is easy to get frustrated when nobody reads your report, but repetition is part of the job.
1. You are going to repeat yourself a lot, and that is normal. You may often find yourself saying “remember I told you about this weeks ago.” It is easy to get frustrated when nobody reads your report, but repetition is part of the job.
Reposted by Sources & Methods
Reposted by Sources & Methods
New research from @milenkowski.bsky.social (S1) and @kennethkinion.bsky.social (Validin):
🇰🇵 Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
Research: www.sentinelone.com/labs/contagi...
Reuters story: www.reuters.com/world/asia-p...
🇰🇵 Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
Research: www.sentinelone.com/labs/contagi...
Reuters story: www.reuters.com/world/asia-p...
Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
DPRK-aligned threat actors abuse CTI platforms to detect infrastructure exposure and scout for new assets.
www.sentinelone.com
September 4, 2025 at 2:45 PM
New research from @milenkowski.bsky.social (S1) and @kennethkinion.bsky.social (Validin):
🇰🇵 Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
Research: www.sentinelone.com/labs/contagi...
Reuters story: www.reuters.com/world/asia-p...
🇰🇵 Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
Research: www.sentinelone.com/labs/contagi...
Reuters story: www.reuters.com/world/asia-p...
Reposted by Sources & Methods
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
RationalEdge - Intelligence Meets Accuracy
Advanced malware analysis and threat intelligence solutions by RationalEdge
rationaledge.io
August 28, 2025 at 12:22 PM
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
Reposted by Sources & Methods
an important, and often overlooked skill in threat intel, is being funny
August 28, 2025 at 6:10 PM
an important, and often overlooked skill in threat intel, is being funny
Reposted by Sources & Methods
CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
CYBERWARCON
www.cyberwarcon.com
August 28, 2025 at 5:35 PM
CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
Reposted by Sources & Methods
August 18, 2025 at 3:19 PM
Sources & Methods #CTI newsletter issue 25 is out with more articles, tools, and conferences for you 📨 sourcesmethods.com/sources-meth...
Sources & Methods Newsletter #25 - August 2025
Hello again! I'm glad to share this month that I joined Remitly to help build their Threat Intelligence program, ensuring the safety and security of a vital financial service for millions around the w...
sourcesmethods.com
August 23, 2025 at 9:10 PM
Sources & Methods #CTI newsletter issue 25 is out with more articles, tools, and conferences for you 📨 sourcesmethods.com/sources-meth...
Reposted by Sources & Methods
Less than 3 hours left until our OCCRP Briefing | New Sanctions Evasion Playbook.
Don't forget to sign up to join us2.campaign-archive.com?u=8a7b7dd3a0...
Don't forget to sign up to join us2.campaign-archive.com?u=8a7b7dd3a0...
July 30, 2025 at 12:05 PM
Less than 3 hours left until our OCCRP Briefing | New Sanctions Evasion Playbook.
Don't forget to sign up to join us2.campaign-archive.com?u=8a7b7dd3a0...
Don't forget to sign up to join us2.campaign-archive.com?u=8a7b7dd3a0...
Reposted by Sources & Methods
We should use Clue (1986) to explain Analysis of Competing Hypotheses to incoming analysts.
May 9, 2025 at 11:14 PM
We should use Clue (1986) to explain Analysis of Competing Hypotheses to incoming analysts.