As always, thanks to those who give a little back for their support!
If you haven’t seen, I’ve also been writing my thoughts on some of the articles posted weekly at patreon.com/thisweekin4n6!
FORENSIC ANALYSIS
- Emi Polito at Amped
Remove Periodic Noise from an Image - Amr Ashraf
Linux Forensics In Depth - DFRWS
Unraveling Digital Mysteries: How AI Copilots can Revolutionize Digital Forensic Investigations* - Digital Daniela
Investigating Network Traffic With Snort! - Forensafe
Investigating Android Downloads - Howard Oakley at ‘The Eclectic Light Company’
Sonoma’s log gets briefer and more secretive - InfoSec Write-ups
- John Lukach at 4n6ir
No Lambda Left Up A Creek - Justin De Luna at ‘The DFIR Spot’
Windows Artifacts For Intrusion Analysis – A Treasure Trove of Evidence - Kevin Pagano at Stark 4N6
Introducing TeraLogger - Magnet Forensics
Three Ways to Use Remote Endpoint File Lists to Streamline Your Investigations - Amber Schroader at Paraben Corporation
iOS 17 Forensic Impacts - Plainbit
AXIOM Custom Artifact - Revo4n6
- Salim Salimov
Analysing Pcap Files With Wireshark-part 2
THREAT INTELLIGENCE/HUNTING
- A. Boukar
What is DLL Hijacking and How to Prevent it? - Adam Goss
Threat Intelligence with MISP: Part 3 — Creating Events - Ali Paşa Turhan at Docguard
Microsoft Compiled HTML Help (.chm) Using In Spearphishing Attack - Assume-breach
Home Grown Red Team: LNK Phishing Revisited In 2023 - Francis Guibernau and Andrew Costis at AttackIQ
Attack Graph Response to CISA Advisory (AA23-263A): #StopRansomware: Snatch Ransomware - Avertium
Understanding Business Email Compromise (BEC) – A Guide - Alyssa Snow at Black Hills Information Security
Abusing Active Directory Certificate Services – Part One - Lawrence Abrams at BleepingComputer
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang - Brad Duncan at Malware Traffic Analysis
2023-10-03 – Pikabot infection with Cobalt Strike - CERT Ukraine
Нарощування темпів UAC-0006, мільйонні збитки (CERT-UA#7648, CERT-UA#7688, CERT-UA#7699, CERT-UA#7705) - CERT-AGID
- Check Point
2nd October – Threat Intelligence Report - Yehuda Gelb at Checkmarx Security
The Evolutionary Tale of a Persistent Python Threat - Guilherme Venere at Cisco’s Talos
Qakbot-affiliated actors distribute Ransom Night malware despite infrastructure takedown - Derrick Masters at Cybereason
THREAT ANALYSIS: Taking Shortcuts… Using LNK Files for Initial Infection and Persistence - Cyfirma
Weekly Intelligence Report – 06 Oct 2023 - Paranoid Ninja at Dark Vortex
A Thousand Sails, One Harbor – C2 Infra on Azure - Jeremy Fox, Julien Terriac, and Edouard Schweisguth at Datadog Security Labs
KubeHound: Identifying attack paths in Kubernetes clusters - Dheeraj Kumar and Ella Dragun at Securonix
Securonix Threat Labs Monthly Intelligence Insights – September 2023 - Arda Büyükkaya at EclecticIQ
Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia - Eclypsium
A New Approach to Defending Network Infrastructure from Ransomware Groups and APTs - Matthew at Embee Research
- Esentire
Investigating AsyncRAT Deployment via ProjFUD Injector and HTML Smuggling - Faan Ross
what is threat hunting part I – different strokes for different folks - GreyNoise
Introducing Sift: Automated Threat Hunting - Gurumoorthi Ramanathan at Trellix
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities - Rosemary Cipriano at Human Security
BADBOX, PEACHPIT, and the Fraudulent Device in Your Delivery Box - Huntress
Critical Vulnerabilities: WS_FTP Exploitation - Infoblox
- Intel471
Managed File Transfer Software: Assessing the Risks - Itai Tevet at Intezer
Quishing Triage 101: How to Investigate Suspicious QR Codes in Emails - L M
Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more) - Matt Suiche at Magnet Forensics
How to Detect BLASTPASS Inside a WebP File - Microsoft Security
- Nik Alleyne at ‘Security Nik’
Beginning SiLK – Systems for Internet Level Knowledge – working with network flow data - Dima at Outflank
Solving The “Unhooking” Problem - Ovi Liber
The evolution of North Korean threat group APT37’s Android spyware: ROKRAT &RambleOn - Sam Rubin at Palo Alto Networks
Combating Ransomware Attacks: Insights from Unit 42 Incident Response - Marc Lean at Red Canary
Get in loser, we’re detecting threats: October 3rd edition - Roy Akerman at Rezonate
Defending Azure Active Directory (Entra ID): Unveiling Threats through Hunting Techniques - SANS Internet Storm Center
- Analyzing MIME Files: a Quick Tip, (Sun, Oct 1st)
- Friendly Reminder: ZIP Metadata is Not Encrypted, (Mon, Oct 2nd)
- Are Local LLMs Useful in Incident Response?, (Tue, Oct 3rd)
- What’s Normal? Connection Sizes, (Wed, Oct 4th)
- New tool: le-hex-to-ip.py, (Thu, Oct 5th)
- Binary IPv6 Addresses, (Sat, Oct 7th)
- Wireshark releases 2 updates in one day. Mac users especially will want the latest., (Sat, Oct 7th)
- Wireshark 4.2.0 First Release Candidate, (Sun, Oct 8th)
- John Dwyer and Richard Emerson at Security Intelligence
X-Force uncovers global NetScaler Gateway credential harvesting campaign - Felix Aimé and Maxime A. at Sekoia
Active Lycantrox infrastructure illumination - Jim Walter at SentinelOne
LostTrust Ransomware | Latest Multi-Extortion Threat Shares Traits with SFile and Mindware - SOCRadar
- The “Evil” of Everything – Part I: EvilProxy Rises AitM
- The “Evil” of Everything – Part II: Evilginx and EvilQR Rises AitM
- Decrypting the Shadows: Revealing the Secrets of Ransomware Operators – An Interview with @htmalgae
- APT Profile: Dark Pink APT Group
- Major Cyberattacks in Review: September 2023
- The Future of Open-Source Botnets and Preparedness Against Threats: Supershell Botnet
- Sucuri
- Sysdig
- Heresh Zaremand at Truesec
Why Hack in When You Can Log In? - Yelisey Bohuslavskiy at RedSense
Deciphering the Post-Conti Web of Intrigue
UPCOMING EVENTS
- Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2023-10-09 - Cellebrite
Leveraging SaaS to Power Mobile Data Collections and Advanced Collections - Huntress
Huntress CTF Halftime Update - Magnet Forensics
Where Did This Come From? Revealing The Sending Phone Number Of An Unidentified AirDrop File - SANS
- Techno Security
Call for Speakers is Now Open!
PRESENTATIONS/PODCASTS
- Adversary Universe Podcast
The Rise of the Access Brokers - Alexander Adamov at ‘Malware Research Academy’
Analysis of cyberweapon – Ep5: WhisperGate. Reflective Code Loading and Privilege Escalation - Alexis Brignoni
- Application Security Weekly
Creating Presentations and Training That Engage an Audience – Lina Lau – ASW #257 - Arkime
Cont3xt New Features Demo - Black Hat
When Knowledge Graph Meets TTPs: Automated & Adaptive Executable TTP Intelligence for Security - Black Hills Information Security
Backdoors & Breaches – Introducing the RED CANARY Expansion Deck! - Breaking Badness
168. Same-Origin of the Species - Cellebrite
The Digital Forensics Series – EP 4 [Recorded] - CyberDefenders
- Cyborg Security
Episode 12 - Digital Forensic Survival Podcast
DFSP # 398 – OODA & JOHARI - Dr Josh Stroschein
What is REMnux? Getting Started with the Malware Analysis Toolkit - Dr. Meisam Eslahi at ‘Nothing Cyber’
Cyber Threat Hunt 101: Part 5 – Core Skills for Hunters and Tips for Beginners! - Huntress
- InfoSec_Bret
Challenge – LockBit - John Hammond
Hackers Are Exploiting Critical Vulnerabilities in File Transfer Software - Justin Tolman at AccessData
FTK 8.0 Feature Focus – Smart Grid - Karsten Hahn at Malware Analysis For Hedgehogs
Reversing – .NET main is not the first thing executed - Louis Mastelinck
Real-Life Adversary-in-the-Middle Attack Investigation: Protecting Yourself from Phishing - Magnet Forensics
Leveraging AXIOM Cyber in Microsoft Azure - Microsoft Security Insights Show
Microsoft Security Insights Show Episode 172 – Sameh Younis - Microsoft Threat Intelligence Podcast
The Microsoft Threat Intelligence Podcast – Trailer - MSAB
How to perform RAM Extractions with XRY? - Paraben Corporation
Processing Linux Artifacts with E3 - RickCenOT
Breakdown “I will pwn an infrastructure substation (conpot) in less than 60 seconds” - Securizame
Una caña con Lawwait – Episodio 26 – Antonio Sanz - The Citizen Lab
Mercenary spyware: Defending against what’s next – iMEdD International Journalism Forum 2023 - The CyberWire
Targets from DuckTail.
MALWARE
- Adam Chester at XPN
Okta for Red Teamers - Ahmet Göker
DLL | Reverse-Engineering - Any.Run
Analyzing Snake Keylogger in ANY.RUN: a Full Walkthrough - Arch Cloud Labs
Analyzing & Patching an In-The-Wild DLL Reverse Shell - Avast Threat Labs
LoveGPT: How “single ladies” looking for your data upped their game with ChatGPT - CTF导航
Spyware.Joker分析报告 - Simon Kenin, Ron Ben Yizhak, and Mark Vaitzman at Deep Instinct
Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets - Jin Lee and Jenna Wang at Fortinet
Malicious Packages Hidden in NPM - Igor Skochinsky at Hex Rays
Igor’s Tip of the Week #159: Where’s my code? The case of not-so-constant data - OALABS Research
Mystic Stealer - Lee Wei Yeong, Xingjiali Zhang, Yang Ji and Wenjun Hu at Palo Alto Networks
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform - Suraj Yadav
Heaven’s Gate Technique - Aliakbar Zahravi and Peter Girnus at Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases - Chris Partridge
So, someone tried baiting people into downloading malware on r/cybersecurity - Fernando Tavella at WeLiveSecurity
Operation Jacana: Foundling hobbits in Guyana - بانک اطلاعات تهدیدات بدافزاری پادویش
Virus.Win32.Expiro
MISCELLANEOUS
- Emi Polito at Amped
Introducing the Amped FIVE Certification Program - Jonathan Tanner at Barracuda
Malware 101: Ransomware - Belkasoft
Supercharge Your DFIR Toolkit for Free with Belkasoft Triage - Andres Blanco at Cellebrite
Key Takeaways and Highlights from Techno Security West 2023 - CISA
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations - Anusthika JeyaShankar at CyberProof
The path to becoming a SOC Analyst: Interview with Anusthika Shankar - Reza Rafati at Cyberwarzone
Top Digital Forensics Tools (2023) - Decrypting a Defense
Clearview AI Book, NYPD Robots, School Facial Recognition Ban, AirTags & More - Doug Burks at Security Onion
- Oleg Afonin at Elcomsoft
iOS Forensic Toolkit 8 Lands on Windows - Fabian Mendoza at AboutDFIR
AboutDFIR Site Content Update – 10/06/2023 - Forensic Focus
- Forensic Data Collections 2.0 – A Selection Of Trusted Digital Forensics Content
- Register For The Webinar: The Complete Workflow For Video Analysis In Amped FIVE
- Samuel Grater, Digital Forensic Examiner, Surrey Police
- ⚡️📲 PKM 2023 v5: Introducing Simultaneous Passcode Recovery For Multiple Devices
- Digital Forensics Round-Up, October 05 2023
- Digital Investigations Meet Remarkable Innovation In MSAB’s Latest Major Release
- Jason Wilkins
Small Town Law Enforcement Analysi - Maxim Suhanov
CVE-2023-4692, CVE-2023-4693: vulnerabilities in the GRUB boot manager - Rakesh
Unveiling the Hidden Secrets: Delving into the Unexplored Realm of Automobile Forensics in the… - Wilklins Nyatteng at System Weakness
Day 3: Understanding Threat Actors — A Closer Look at Cybercriminals and Their Motivations
SOFTWARE UPDATES
- Airbus Cybersecurity
IRIS-Web v2.3.3 - ArcPoint
ATRIO Update 1.2.2 | ArcPoint Forensics - Atola
Atola Insight Forensic 5.4.1 - Canadian Centre for Cyber Security
Assemblyline 4.4.0.68 - Datadog Security Labs
GuardDog v1.4.0 - Didier Stevens
- Digital Detective
NetAnalysis® v3.6 and HstEx® v5.6 Released - Digital Sleuth
WIN-FOR v8.4.0 - Doug Burks at Security Onion
Security Onion 2.4.20 now available including some new features and lots of bug fixes! - Elcomsoft
Elcomsoft iOS Forensic Toolkit 8.41: portable Windows edition - Eric Zimmerman
ChangeLog - Erik Hjelmvik at Netresec
NetworkMiner 2.8.1 Released - Harel Segev
PersistenceSniper v1.13.0 - Harel Segev
INDXRipper 6.0.0 - Magnet Forensics
- Manabu Niseki
Mihari v5.4.7 - Mazars Tech
AD_Miner v0.2.1 - Microsoft
msticpy – Stability release - MSAB
Now Available: XRY 10.7, XAMN 7.7 and XEC 7.7 - Passware
Passware Kit Mobile 2023 v5 Now Available - Serviço de Perícias em Informática
IPED – Fix release - Three Planet Software
Apple Cloud Notes Parser v0.14.1-beta - Rapid7
Velociraptor v0.7.0-3 - WithSecure Labs
Chainsaw v2.8.0
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!