Sources & Methods's Avatar

Sources & Methods

@sourcesmethods.com.bsky.social

Blog and monthly digest of Cyber Threat Intelligence (CTI) information sources, tools, articles, events, and helpful tips sourcesmethods.com by @mattreduce.com

50 Followers  |  60 Following  |  10 Posts  |  Joined: 17.11.2024  |  1.9409

Latest posts by sourcesmethods.com on Bluesky

Post image

Less than 3 hours left until our OCCRP Briefing | New Sanctions Evasion Playbook.

Don't forget to sign up to join us2.campaign-archive.com?u=8a7b7dd3a0...

30.07.2025 12:05 โ€” ๐Ÿ‘ 7    ๐Ÿ” 6    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

We should use Clue (1986) to explain Analysis of Competing Hypotheses to incoming analysts.

09.05.2025 23:14 โ€” ๐Ÿ‘ 5    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Bellingcat Stage Talk, Thursday 31/07, 5pm CEST/11am EDT Discord.com/invite/bellingcat , Detecting Stolen Art with Art Detective Arthur Brand

Bellingcat Stage Talk, Thursday 31/07, 5pm CEST/11am EDT Discord.com/invite/bellingcat , Detecting Stolen Art with Art Detective Arthur Brand

Want to learn what goes into finding stolen art? On Thursday at 5pm CEST /11am EDT we'll be joined by @artdetective.bsky.social , the citizen art detective behind the recovery of over 200 pieces of art including lost Picasso, Van Gogh and Dali works. Join us live for Q&A discord.gg/2fMCucQ5?eve...

26.07.2025 17:22 โ€” ๐Ÿ‘ 120    ๐Ÿ” 38    ๐Ÿ’ฌ 5    ๐Ÿ“Œ 8

As I watched infostealers encounters rise I wrote this guide for @esetresearch.bsky.social on the recovery process: www.welivesecurity.com/en/cybersecu...

26.07.2025 05:19 โ€” ๐Ÿ‘ 5    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Two more entities have folded after ransomware attacks โ€“ DataBreaches.Net

There can be real costs for #ransomware. 'Alpha Medical Centre has been the victim of a serious cybersecurity attack. As a result of this criminal act and its devastating impact, we have no choice but to close the practice.' databreaches.net/2025/07/22/t... #cybersecurity @gate15.bsky.social

23.07.2025 12:51 โ€” ๐Ÿ‘ 1    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

So this is as good a time as Iโ€™ll ever get to explain what I think is the difference between โ€œsoftware supply chain compromiseโ€ and โ€œoperational enablementโ€ when it comes to cyber operations. Itโ€™s very easy to lump these two together, especially since they are both means of access development (1/x)

22.07.2025 15:38 โ€” ๐Ÿ‘ 14    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Open Position Career Opportunity: Volexity is currently looking to hire Senior Threat Intelligence Analyst to join its rapidly growing services team.

@volexity.com is looking to grow our Threat Intelligence team. New job posting for Senior Analyst role is up here:

www.volexity.com/company/care...

If you have any questions, don't hesitate to ask.

21.07.2025 08:23 โ€” ๐Ÿ‘ 11    ๐Ÿ” 7    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 2

Standard Chartered Threat Intelligence team is looking for a new colleague who will help us with task automation, and particularly squeezing out even more juices from The Vertex Project Synapse platform we are using. 1/2

22.07.2025 19:22 โ€” ๐Ÿ‘ 3    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

CYBERWARCON is back! Save the date for Wednesday, November 19, 2025, in Arlington, VA + virtually.

Follow us to stay up to date for CFPs, volunteer opportunities + more!

Check out for more information + sponsorship opportunities >> www.cyberwarcon.com

21.07.2025 18:32 โ€” ๐Ÿ‘ 28    ๐Ÿ” 14    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1

Tap in to the stream this week for some YARA fun, highlighting some crazy rules, how I think about learning yara (or anything) as a mid-career professional, and more!

21.07.2025 17:06 โ€” ๐Ÿ‘ 14    ๐Ÿ” 6    ๐Ÿ’ฌ 3    ๐Ÿ“Œ 0
Post image

State of Statecraft (SOS) is a new security and intelligence conference that brings together experts on espionage, sabotage, influence, and other unique forms of covert statecraft to share their work with a community hyper-focused on tackling state-sponsored operations.

08.07.2025 02:54 โ€” ๐Ÿ‘ 16    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 3
Post image Post image Post image

Looks like the maintainer of a number of highly-popular npm packages was phished through npnjs[.]com, and his access used to publish malicious versions of their packages

x.com/JounQin/stat...

www.linkedin.com/feed/update/...

github.com/prettier/esl...

18.07.2025 22:34 โ€” ๐Ÿ‘ 5    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
a man in a black shirt and tie is holding a pen and a notebook and says you 're on my list ALT: a man in a black shirt and tie is holding a pen and a notebook and says you 're on my list

Tonight's the night! The ATT&CKcon 6.0 CFP will automatically stop accepting submissions at 8pm ET tonight. Historically we get about half of our submissions today, so all you procrastinators are in good company.

Give it your best shot at openconf.org/ATTACKCON2025.

09.07.2025 13:15 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
A tweet from @JimmySecUK that reads: โ€œIf you're wondering why the SBU are being so open about the methodology behind today's attack; imagine the impending disruption to Russian logistics as the FSB are forced to double check a few million cargo containers for Ukrainian surprises...โ€

A tweet from @JimmySecUK that reads: โ€œIf you're wondering why the SBU are being so open about the methodology behind today's attack; imagine the impending disruption to Russian logistics as the FSB are forced to double check a few million cargo containers for Ukrainian surprises...โ€

This offensive counterintelligence effect is an oft-overlooked, knock-on benefit of a successful operation that involves compromising an adversaryโ€™s security. It psychologically degrades the target after the fact, forcing them to expend extra resources and attention just to regain some peace of mind

02.06.2025 22:30 โ€” ๐Ÿ‘ 199    ๐Ÿ” 38    ๐Ÿ’ฌ 4    ๐Ÿ“Œ 4
Bellingcat Open Source Challenge Test your open source research skills.

๐Ÿ•ต๏ธ ARCA is pleased to be collaborating with @bellingcat.com for it's first ever series of OSINT art crime challenges.Test your open source research skills with these challenges, unlocking new ones by completing the previous one in the series.

challenge.bellingcat.com

02.06.2025 06:39 โ€” ๐Ÿ‘ 81    ๐Ÿ” 23    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 1

Last week to get your @SLEUTHCON tickets!

02.06.2025 17:16 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Sources & Methods Newsletter #24 - June 2025 Well we're nearly half-way through 2025. ๐Ÿ˜ฎโ€๐Ÿ’จ Kicking off June sharing a new tool of my own, synapse-claude, and looking forward to SLEUTHCON this Friday! I'll be attending remotely and suffering from ...

Sources & Methods #CTI newsletter issue 24 is out with more articles, tools, and conferences for you ๐Ÿ“จ sourcesmethods.com/sources-meth...

02.06.2025 09:18 โ€” ๐Ÿ‘ 3    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Is the era of the โ€œnamed actorโ€ done?

As the OG adversary sets diverge, get promoted, or move on

actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)

AND the CTI models maturingโ€ฆ

APTs โฌ‡๏ธโฌ‡๏ธ

UNCs โฌ†๏ธโฌ†๏ธ

21.05.2025 20:15 โ€” ๐Ÿ‘ 28    ๐Ÿ” 8    ๐Ÿ’ฌ 7    ๐Ÿ“Œ 0
Screenshot of Obsidian 1.9.0 showing a base with a list of books

Screenshot of Obsidian 1.9.0 showing a base with a list of books

Introducing Bases, a new core plugin that lets you turn any set of notes into a powerful database. With Bases you can organize everything from projects to travel plans, reading lists, and more.

Bases are now available in Obsidian 1.9.0 for early access users.

21.05.2025 15:29 โ€” ๐Ÿ‘ 679    ๐Ÿ” 114    ๐Ÿ’ฌ 22    ๐Ÿ“Œ 100

If youโ€™ve been laid off from a cyber intel position, please reach out if youโ€™d like to come to @sleuthcon.bsky.social.

20.05.2025 13:18 โ€” ๐Ÿ‘ 69    ๐Ÿ” 47    ๐Ÿ’ฌ 3    ๐Ÿ“Œ 2
Post image

The final agenda is here!

Check it out & plan your day at #SLEUTHCON!

There's still time to buy your ticket too. Check it all out on our website.

www.sleuthcon.com

19.05.2025 18:02 โ€” ๐Ÿ‘ 5    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 2
Preview
Engineering Manager, Security Automation & Incident Response, United States - Careers at HashiCorp Join our team and help us build industry-leading products that are redefining how enterprises are running their IT infrastructure.

HashiCorp Threat Detection & Response is expanding ๐ŸŽ‰ Now hiring an Engineering Manager for Security Automation & Incident Response ๐Ÿ•ต๏ธโ€โ™‚๏ธ #DIFR #hiring www.hashicorp.com/career/6759554

01.04.2025 20:30 โ€” ๐Ÿ‘ 4    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Sources & Methods Newsletter #23 - March 2025 ๐Ÿ“ Sources What is this Stealer - Here's a collection of examples of credential stealer information formats, and accompanying YARA rules to help you automatically match on stealer logs and determine t...

Sources & Methods #CTI newsletter issue 23 is out with more articles, tools, and conferences for you ๐Ÿ“จ sourcesmethods.com/sources-meth...

01.04.2025 20:32 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
ะ˜ั€ะธะฝะฐ ะ’ะพะปะบ โญ๏ธ ะœะพะธ ะบะพะปะปะตะณะธ ะธะท ะฃะ‘ะš ะœะ’ะ” ะ ะพััะธะธ ัะพะฒะผะตัั‚ะฝะพ ั ัะพั‚ั€ัƒะดะฝะธะบะฐะผะธ ะฟั€ะพั„ะธะปัŒะฝั‹ั… ะฟะพะดั€ะฐะทะดะตะปะตะฝะธะน ะธะท ะกะฐั€ะฐั‚ะพะฒัะบะพะน, ะขัƒะปัŒัะบะพะน ะธ ะฃะปัŒัะฝะพะฒัะบะพะน ะพะฑะปะฐัั‚ะตะน ะฟั€ะตัะตะบะปะธ ะดะตัั‚ะตะปัŒะฝะพัั‚ัŒ ะฟะพ ัะพะทะดะฐะฝะธัŽ ะธ ั€ะฐัะฟั€ะพัั‚ั€ะฐะฝะตะฝะธัŽ ะฒั€ะตะดะพะฝะพัะฝะพะณะพ ะฟั€ะพะณ...

Russian Interior Ministry announces arrests in multiple oblasts of 3 developers of the Mamont banking Trojan for Android as part of a criminal case for computer fraud and unauthorized access. Swift action on malware that appeared just last year.
t.me/IrinaVolk_MVD/3860

27.03.2025 15:23 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Bellingcat is Hiring: Open Source Investigator and Trainer (Conflict) - bellingcat Bellingcat is hiring an open source investigator and trainer (conflict). Find out more about the role and apply within.

We're hiring! Bellingcat is looking for an Open Source Investigator and Trainer to join our Human Rights and Conflict Monitoring team. Read about the role and apply here: www.bellingcat.com/bellingcat-i...

07.03.2025 15:24 โ€” ๐Ÿ‘ 325    ๐Ÿ” 178    ๐Ÿ’ฌ 2    ๐Ÿ“Œ 9
Post image

The EU has released its 3rd EEAS Report on Foreign Information Manipulation and Interference (FIMI)

The report maps out digital infrastructure deployed by foreign actors, mainly by Russia, but also by China.

www.eeas.europa.eu/eeas/3rd-eea...

23.03.2025 17:47 โ€” ๐Ÿ‘ 81    ๐Ÿ” 35    ๐Ÿ’ฌ 3    ๐Ÿ“Œ 4
The Vertex Project

๐Ÿ‘€ Looking to level up your intelligence analysis capabilities?

Check out our blog and join the Synapse Slack community to connect with peers in the field!

๐Ÿ”— vertex.link/blog

#ThreatIntelligence #CTI #threatintel

11.02.2025 22:35 โ€” ๐Ÿ‘ 6    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Registration โ€” SLEUTHCON

Important reminders:
๐Ÿ“ข CFP closes on April 18thโ€”donโ€™t wait!
๐ŸŽŸ๏ธ Early bird ticket prices go up soon.
โšกThis conference WILL sell out, so grab your ticket now!

www.sleuthcon.com/registration

3/x

18.03.2025 18:34 โ€” ๐Ÿ‘ 6    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 3
Video thumbnail

๐Ÿ SLEUTHCON is coming! ๐Ÿ

Registration and CFP are now open for this yearโ€™s SLEUTHCONโ€”happening June 6th, both in-person in Arlington, VA, and virtually.

www.sleuthcon.com

1/x

18.03.2025 18:33 โ€” ๐Ÿ‘ 13    ๐Ÿ” 8    ๐Ÿ’ฌ 4    ๐Ÿ“Œ 2
Preview
Detecting and Mitigating the โ€œtj-actions/changed-filesโ€ Supply Chain Attack (CVE-2025-30066) On March 14, 2025, StepSecurity uncovered a compromise in the popular GitHub Action tj-actions/changed-files. Tens of thousands of repositories use this

Audit the source of GitHub Actions code you use and pin them to a specific commit SHA. Specifying a tag is not enough, since those can point to malicious code later, which happened to all versions of tj-actions/changed-files sysdig.com/blog/detecti...

16.03.2025 22:05 โ€” ๐Ÿ‘ 4    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@sourcesmethods.com is following 20 prominent accounts