Mastodawn

Hey Fedi friends! Given the uncertainty around the future of the US federal government's ability to provide accurate, timely, and impartial cyber threat intelligence, a bunch of us have started talking about strategies to build/expand some of these capabilities independent of the government. Very early days—shaping the problem, discussing options, etc. But if you'd be interested in the conversation and willing to help organizations build CTI capability, please DM me.

Let me just say that the difference in response to this call between here and Bluesky is:

hilarious

decisive in the "Where is the real infosec conversation happening?" conversation

inclinus Mar 5, 2025

@mttaggart I have no skills in this area, but I'm glad someone is doing this. Thank you (all of you getting involved)

Bill Mar 5, 2025

@mttaggart We were discussing that kinda here: https://infosec.exchange/@cR0w/114110287045964864

cR0w :cascadia: (@[email protected])

We all love hardcoded creds in SCADA gear, right? https://certvde.com/en/advisories/VDE-2025-021/ `sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` >Weidmüller product PROCON-WIN is affected by hard-coded credentials. >Weidmüller has released a new version of the affected product to fix the vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2025-1393

Infosec Exchange

@Sempf And here!

https://infosec.exchange/@mttaggart/114099137741037820

Taggart :donor: (@[email protected])

@cR0w I mean okay, but I want hospitals to have a thing. Schools too. And energy.

Infosec Exchange

Bill Mar 5, 2025

@mttaggart Oh yeah, I remember that thread.

nix Mar 5, 2025

@mttaggart Id be interested

ronkuhl Mar 6, 2025

@mttaggart Perhaps a good model for this is the way the Sigma Rules project (https://github.com/SigmaHQ/sigma.git) handles community-based SIEM detection rule creation and distribution. They have a simple ontology-based yaml file structure which accommodates other standards such as STIX/TAXII and ATT&CK. While it's not the solution for impartial gathering of OSINT or OPENCTI, it could certainly aid in distribution of threat intel once gathered.

GitHub - SigmaHQ/sigma: Main Sigma Rule Repository

Main Sigma Rule Repository. Contribute to SigmaHQ/sigma development by creating an account on GitHub.

GitHub

@ronkuhl Yep! Pretty familiar:

https://taggartinstitute.org/p/detection-with-sigma

Automated Detection with Sigma

The Taggart Institute exists to provide low-cost, high-quality technology training to everyone in a welcoming, supportive community.

Ross Smith Mar 6, 2025

@mttaggart @ronkuhl Thanks for this! I'm sure I'm not the only one starting their infosec "turn on, tune in, drop out" journey. Appreciate some starter material.

cmars 🅅 Mar 6, 2025

@mttaggart Interesting! How might https://osv.dev/ fit into this?

OSV - Open Source Vulnerabilities

Comprehensive vulnerability database for your open source projects and dependencies.

Scott Williams 🐧Mar 6, 2025

@mttaggart I just archived NIST data including NVD if that helps.

https://git.lsit.ucsb.edu/publicdata/nist-gov

nist-gov

Public Data for the National Institute of Standards and Technology (NIST)

Git for LSIT at UCSB

@vwbusguy Hell yeah brother; that's huge!

CyberSloth Mar 7, 2025

@mttaggart This has got my attention. I wouldn't mind hearing more about it. How do we connect?

Bradley Stowers Mar 7, 2025

@mttaggart Hey, could someone do the same thing for weather? Because, you know, NOAA and hurricanes, etc.

@brad Well I guess the FAA soon won't stop you from flying into hurricanes, but the part about operating massive radar arrays and a fleet of icebreakers is a bit of a bigger lift.

Bradley Stowers Mar 7, 2025

@mttaggart dammit! It’s almost like we need a functional government for some of this stuff.

Chris Carr Mar 7, 2025

@mttaggart pardon my ignorance but was is CTI