Deep Dig Weekly / #01

Hey there! 👋

Welcome to my first weekly cybersecurity newsletter. I'm passionate about helping students and young professionals navigate the complex world of cyber defense. Each week, I'll share practical insights on emerging threats, threat intelligence, privacy protection, and social media security.

I break down complex security concepts into actionable knowledge – the kind I wish I had when starting out. No fluff, just valuable insights to help you stay ahead of threats and build your security expertise.

Addressing Malware Analysis Misinformation

A new project by @maldr0id aims to document and correct common misconceptions in malware analysis.

Misinformation in malware analysis

Documenting misinformation in the infosecurity space, focusing particularly on malware analysis and forensics.Created by @maldr0id

Malware misinformation

Community-Driven Security Initiatives

The Chaos Computer Club's 38th Congress (38C3) demonstrates the continued vitality of grassroots security research. The conference, hosted in Hamburg, showcased cutting-edge research across various domains.

38C3: Illegal Instructions - media.ccc.de

Video Streaming Portal des Chaos Computer Clubs

CCC

Social Media Infrastructure

Recent developments in alternative social media platforms highlight growing awareness of governance concerns. Both Mastodon and BlueSky have implemented organizational changes.

‘Free Our Feeds’ campaign aims to billionaire-proof Bluesky’s tech | TechCrunch

The initiative, Free Our Feeds, aims to protect Bluesky’s underlying technology, the AT Protocol, and leverage it to create an open social media ecosystem that can’t be controlled by a single company or billionaires, including Bluesky itself.

TechCrunchAisha Malik

Mastodon’s CEO and creator is handing control to a new nonprofit organization

Mastodon says the decentralized network ‘should not be owned or controlled by a single individual.’

The Verge

Democratizing Security Knowledge

The #100DaysOfYara challenge exemplifies the community's commitment to skill development and knowledge sharing. This initiative provides structure for security analysts looking to master YARA, a critical tool for malware analysis.

#100DaysOfYara Challenge

The 100 Days of Yara is a fun challenge created by Greg Lesnewic and inspired by the 100 Days of Code which I did couple year ago.

SecurityBreakThomas Roccia

Standardizing Threat Intelligence: The MISP Initiative

The cybersecurity community has long struggled with the challenge of threat actor nomenclature. When multiple organizations independently discover and name the same threat actor, confusion inevitably follows. For instance, the notorious APT-1 group has been variously known as GIF89a, ShadyRAT, Group 3, and ZooPark, creating unnecessary complexity in threat intelligence sharing.

MISP (Malware Information Sharing Platform) has recently stepped forward with a comprehensive framework for standardizing threat actor naming conventions.

Recommendations on Naming Threat Actors

This document provides advice on the naming of threat actors (also known as malicious actors). The objective is to provide practical advice for organizations such as security vendors or organizations attributing incidents to a group of threat actors. It also discusses the implications of naming a threat actor for intelligence analysts and threat intelligence platforms such as MISP .

Alexandre Dulaunoy

Knowledge Sharing in Cybersecurity Education

I launched a collaborative project with PolyCyber, my university’s cyber club. This comprehensive knowledge base was built using Docusaurus, and it provides newcomers with good starting points for diving into the cybersecurity and CTF worlds. Over time, I realized that I was frequently asked similar questions, and that I received numerous tips from experts, which I want to share with the community. We’re planning to add guides and tutorials on specific topics, such as AI security and common code vulnerabilities.

We may add an English-language version at a later date. The content is currently only available in French.

Ressources | Ressources

Ressources proposées par PolyCyber

PolyCyber

Until next week! 📮