Sources & Methods
@sourcesmethods.com
Blog and monthly digest of Cyber Threat Intelligence (CTI) information sources, tools, articles, events, and helpful tips sourcesmethods.com by @mattreduce.com
Reposted by Sources & Methods
Made this last night, it’s useful for finding a large number of domains hosting phishing kits or malware based on a consistent pattern github.com/singe/domain-p… Might be useful for some of you.
GitHub - singe/domain-probe: A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits.
A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits. - singe/domain-probe
github.com
November 20, 2025 at 6:22 AM
Made this last night, it’s useful for finding a large number of domains hosting phishing kits or malware based on a consistent pattern github.com/singe/domain-p… Might be useful for some of you.
If the talks at @cyberwarcon.bsky.social today are any indication, while you may think threat actor adoption of generative AI improves sophistication and eliminates telling mistakes in phishing and info ops, that future is not evenly distributed!
November 19, 2025 at 10:17 PM
If the talks at @cyberwarcon.bsky.social today are any indication, while you may think threat actor adoption of generative AI improves sophistication and eliminates telling mistakes in phishing and info ops, that future is not evenly distributed!
Reposted by Sources & Methods
Ah @cyberwarcon.bsky.social the only conference for intel ops research authored by the terminally online
November 19, 2025 at 2:46 PM
Ah @cyberwarcon.bsky.social the only conference for intel ops research authored by the terminally online
Reposted by Sources & Methods
It’s rare that we see an actual NEW ransomware family, so it will be interesting to see how this develops.
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters
An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation.
www.bleepingcomputer.com
November 19, 2025 at 5:20 PM
It’s rare that we see an actual NEW ransomware family, so it will be interesting to see how this develops.
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Reposted by Sources & Methods
Attackers move fast, so your blocklists should too. GreyNoise now lets you convert any query into a real-time blocklist that updates automatically as attacker infrastructure changes. Start using it today on the GreyNoise platform.
Introducing Query-Based Blocklists: Fully Configurable, Real-Time Threat Blocking in the GreyNoise Platform
GreyNoise customers can turn any GreyNoise query in the platform directly into a real-time blocklist for their firewall, SOAR, or other enforcement points.
www.greynoise.io
November 19, 2025 at 5:31 PM
Attackers move fast, so your blocklists should too. GreyNoise now lets you convert any query into a real-time blocklist that updates automatically as attacker infrastructure changes. Start using it today on the GreyNoise platform.
Great talk by @pylos.co on possible futures for Volt Typhoon and why the cluster's strategic goal means the activity will evolve and at times be disrupted but not stop any time soon
November 19, 2025 at 4:55 PM
Great talk by @pylos.co on possible futures for Volt Typhoon and why the cluster's strategic goal means the activity will evolve and at times be disrupted but not stop any time soon
Now I can say I've seen a DPRK IT Worker (recorded) on a video call, thanks to Caleb Marquis and Eric Kerr! Next up is @pylos.co on Volt Typhoon.
November 19, 2025 at 4:16 PM
Now I can say I've seen a DPRK IT Worker (recorded) on a video call, thanks to Caleb Marquis and Eric Kerr! Next up is @pylos.co on Volt Typhoon.
Kicked off @cyberwarcon.bsky.social with @dmitri.silverado.org apologizing for 15yrs of threat actor naming chaos and proposing a new scheme, and plenty of Russia-related content (with top-tier memes)
November 19, 2025 at 3:40 PM
Kicked off @cyberwarcon.bsky.social with @dmitri.silverado.org apologizing for 15yrs of threat actor naming chaos and proposing a new scheme, and plenty of Russia-related content (with top-tier memes)
Good morning, @cyberwarcon.bsky.social! ☕️
November 19, 2025 at 1:33 PM
Good morning, @cyberwarcon.bsky.social! ☕️
Reposted by Sources & Methods
We've hired Colonel Shawn Smagh to up our @greynoise.io intel reporting game and we've started producing weekly intelligence briefs. This week's is a banger.
November 18, 2025 at 7:38 PM
We've hired Colonel Shawn Smagh to up our @greynoise.io intel reporting game and we've started producing weekly intelligence briefs. This week's is a banger.
Reposted by Sources & Methods
Game on! The @cyberwarcon.bsky.social Synapse challenge is live! 💚💚💚
November 18, 2025 at 10:13 PM
Game on! The @cyberwarcon.bsky.social Synapse challenge is live! 💚💚💚
Reposted by Sources & Methods
Coming up at 12:40 EST for #IanGillespie presenting "From Memecoins to Missiles: How North Korea Launders Stolen Crypto into Real World Riches"
#BSidesPyongyang25 #BSPY25
https://www.twitch.tv/bsidespyongyang
https://www.youtube.com/@BSidesPyongyang
#BSidesPyongyang25 #BSPY25
https://www.twitch.tv/bsidespyongyang
https://www.youtube.com/@BSidesPyongyang
November 18, 2025 at 5:30 PM
Coming up at 12:40 EST for #IanGillespie presenting "From Memecoins to Missiles: How North Korea Launders Stolen Crypto into Real World Riches"
#BSidesPyongyang25 #BSPY25
https://www.twitch.tv/bsidespyongyang
https://www.youtube.com/@BSidesPyongyang
#BSidesPyongyang25 #BSPY25
https://www.twitch.tv/bsidespyongyang
https://www.youtube.com/@BSidesPyongyang
Watching @bsidespyongyang.bsky.social on the way to @cyberwarcon.bsky.social twitch.tv/BSidesPyongy...
BSidesPyongyang - Twitch
BSides Pyongyang 2025
m.twitch.tv
November 18, 2025 at 5:15 PM
Watching @bsidespyongyang.bsky.social on the way to @cyberwarcon.bsky.social twitch.tv/BSidesPyongy...
Reposted by Sources & Methods
Have questions about submitting to the #SOCON2026 CFP? We’ve got answers.
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
November 12, 2025 at 8:36 PM
Have questions about submitting to the #SOCON2026 CFP? We’ve got answers.
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
Reposted by Sources & Methods
Obsidian Importer now lets you generate Markdown files from a CSV.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
November 12, 2025 at 8:24 PM
Obsidian Importer now lets you generate Markdown files from a CSV.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
Reposted by Sources & Methods
cloud.google.com/blog/topics/...
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | Google Cloud Blog
An unauthenticated access vulnerability in Gladinet's Triofox platform, exploited by the threat actor UNC6485.
cloud.google.com
November 10, 2025 at 5:25 PM
cloud.google.com/blog/topics/...
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
Reposted by Sources & Methods
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
MITRE ATT&CKcon - ATT&CKcon 6.0 | MITRE ATT&CK®
attack.mitre.org
November 7, 2025 at 6:13 PM
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Reposted by Sources & Methods
There's an open role for a Staff CTI Analyst on my team here
@huntress.com
📢💫
✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
✨Do you like doing data analysis, and using this to make threat reports? 👇
@huntress.com
📢💫
✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
✨Do you like doing data analysis, and using this to make threat reports? 👇
November 7, 2025 at 6:37 PM
There's an open role for a Staff CTI Analyst on my team here
@huntress.com
📢💫
✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
✨Do you like doing data analysis, and using this to make threat reports? 👇
@huntress.com
📢💫
✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
✨Do you like doing data analysis, and using this to make threat reports? 👇
Reposted by Sources & Methods
"The DPRK IT worker threat is more than a fraud or sanctions evasion issue; it exposes systemic weaknesses in how identity is verified and managed across the global economy." Chandana Seshadri looks at DPRK IT worker typologies & identifies a path forward.
The Global Threat of DPRK IT Workers - 38 North: Informed Analysis of North Korea
The Democratic People’s Republic of Korea’s (North Korea or DPRK) is most often associated with ...
bit.ly
October 9, 2025 at 5:25 PM
"The DPRK IT worker threat is more than a fraud or sanctions evasion issue; it exposes systemic weaknesses in how identity is verified and managed across the global economy." Chandana Seshadri looks at DPRK IT worker typologies & identifies a path forward.
Reposted by Sources & Methods
Our new and improved Bellingcat Toolkit is one-year-old today! If you haven't used it yet its a one-stop shop for discovering useful open source tools, maintained by an amazing group of volunteers. You can find use cases, guidance and honest reviews for each tool. bellingcat.gitbook.io/toolkit
Home | Bellingcat's Online Investigation Toolkit
A toolkit for open source researchers
bellingcat.gitbook.io
September 24, 2025 at 12:28 PM
Our new and improved Bellingcat Toolkit is one-year-old today! If you haven't used it yet its a one-stop shop for discovering useful open source tools, maintained by an amazing group of volunteers. You can find use cases, guidance and honest reviews for each tool. bellingcat.gitbook.io/toolkit
Reposted by Sources & Methods
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog
BRICKSTORM is a stealthy backdoor used by suspected China-nexus actors for long-term espionage.
cloud.google.com
September 24, 2025 at 2:31 PM
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
Reposted by Sources & Methods
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
September 24, 2025 at 6:57 PM
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
Reposted by Sources & Methods
CFP closes this Friday, September 26th at 11:59pm EST!
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
September 23, 2025 at 6:15 PM
CFP closes this Friday, September 26th at 11:59pm EST!
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
Reposted by Sources & Methods
It is a good time to learn how to find accurate information online. We’re offering virtual training sessions over the month of October, teaching you Bellingcat’s investigative techniques…
September 21, 2025 at 3:48 PM
It is a good time to learn how to find accurate information online. We’re offering virtual training sessions over the month of October, teaching you Bellingcat’s investigative techniques…
Reposted by Sources & Methods
For more than a year I’ve spoken with Scattered Spider “caller” Noah Urban from a Florida jail. I wanted to know how they chose victims, their methods and how Noah became entangled in a virtually and physically violent world.
We’re publishing his story today: www.bloomberg.com/news/feature...
We’re publishing his story today: www.bloomberg.com/news/feature...
‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker
Noah Urban’s role in the notorious Scattered Spider gang was talking people into unwittingly giving criminals access to sensitive computer systems.
www.bloomberg.com
September 19, 2025 at 11:46 AM
For more than a year I’ve spoken with Scattered Spider “caller” Noah Urban from a Florida jail. I wanted to know how they chose victims, their methods and how Noah became entangled in a virtually and physically violent world.
We’re publishing his story today: www.bloomberg.com/news/feature...
We’re publishing his story today: www.bloomberg.com/news/feature...