As always, thanks to those who give a little back for their support!
If you haven’t seen, I’ve also been writing my thoughts on some of the articles posted when I can at patreon.com/thisweekin4n6!
FORENSIC ANALYSIS
- 0xdf hacks stuff
HTB Sherlock: Bumblebee - Alexis Brignoni at ‘Initialization Vectors’
Full File System extractions in Zip – MAC times - Marco Fontani at Amped
Detecting AI-generated Images Obtained with Text-to-image Models in Amped Authenticate - Belkasoft
Android System Artifacts: Forensic Analysis of Device Information and Usage - Cyber 5W
“Email Forensics” - Cyber Triage
Collecting Linux DFIR Artifacts with UAC - Dr. Neal Krawetz at ‘The Hacker Factor Blog’
Potato Potahto - Forensafe
Investigating Android Google Photos - HackTheBox
5 Windows event log analysis tools (for beginner blue teamers) - Marco Neumann at ‘Be-binary 4n6’
Android 14 – Battery Usage and App Usage Events - Salvation DATA
What Are the Advancements in Mobile Phone Forensics for 2024? - James McGee at The Metadata Perspective
Apple Watch – Worn Data Analysis
THREAT INTELLIGENCE/HUNTING
- Meriam Senouci at Agari
Active Phishing Campaign: Yousign HR Lure - Amalul Arifin
Accelerate Your Threat Intelligence Feeds - Any.Run
- Arctic Wolf
Arctic Wolf 2024 Trends Report Reveals 70% of Businesses Targeted by Business Email Compromise (BEC) Attacks - Shigraf Aijaz at AT&T Cybersecurity
Dissecting a Multi-stage Phishing Attack. - Ayelen Torello at AttackIQ
Emulating the Open-Source Remote Access Trojan (RAT) AsyncRAT - Martin Zugec at Bitdefender
Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea - Blackberry
Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages - Dylan at ByteIntoCyber
Black Basta’s Ransomware Reign: 500 Breaches and Counting - CERT Ukraine
- CERT-AGID
- Check Point
- Omid Mirzaei at Cisco’s Talos
From trust to trickery: Brand impersonation over the email attack vector - Permiso
Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 2 - Jane Ginn at Cyber Threat Intelligence Training Center
Knigsfot: The Covert Cyber Assault on Global Infrastructure - Cyble
- Cyfirma
Weekly Intelligence Report – 24 May 2024 - Darktrace
- Datadog Security Labs
Malicious PyPI packages targeting highly specific MacOS machines - Dragos
Traversing the 2023 Operational Technology Cyber Threat Landscape - Elastic Security Labs
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations - Matthew at Embee Research
Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars - Flashpoint
Evolving Tactics: How Russian APT Groups Are Shaping Cyber Threats in 2024 - Chas Meier at Forcepoint
Beware of HTML Masquerading as PDF Viewer Login Pages - Michael Raggi at Google Cloud Threat Intelligence
IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders - Rindert Kramer at Hunt & Hackett
How to achieve eternal persistence in an Active Directory environment – Part 1 - Huntress
- Jacob Larsen
Crabby’s Credential Stuffing: Australian Account Takeovers in 2024 - Kaido Järvemets
Defender for Identity Workbook for Microsoft Sentinel Toolkit - Brian Krebs at Krebs on Security
Stark Industries Solutions: An Iron Hammer in the Cloud - Laurie Iacono, Keith Wojcieszek, and George Glass at Kroll
Q1 2024 Cyber Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices - Lab539
Using Conditional Access Policies to Block Tor Exit Nodes in Entra ID - Raúl Redondo at Lares Labs
Kerberos III – User Impersonation - Microsoft Security
- Microsoft’s ‘Security, Compliance, and Identity’ Blog
Increased security visibility through new Standard Logs in Microsoft Purview Audit - Lex Crumpton and Charles Clancy at MITRE-Engenuity
Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion - Lior Rochberger and Daniel Frank at Palo Alto Networks
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia - Rapid7
Rapid7 Releases the 2024 Attack Intelligence Report - Red Alert
2023 Activities Summary of SectorA groups (ENG) - Red Canary
Intelligence Insights: May 2024 - ReliaQuest
Living off the Land and Fileless Malware - Resecurity
Cybercriminals are Targeting Elections in India with Influence Campaigns - SANS Internet Storm Center
- Analyzing MSG Files, (Mon, May 20th)
- Scanning without Scanning with NMAP (APIs FTW), (Tue, May 21st)
- NMAP Scanning without Scanning (Part 2) – The ipinfo API, (Wed, May 22nd)
- Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary], (Wed, May 22nd)
- csvkit, (Sat, May 25th)
- Francisco Alonso at Security Art Work
Ransomware Black Basta - Sekoia
Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign - Jim Walter at SentinelOne
Ikaruz Red Team | Hacktivist Group Leverages Ransomware for Attention Not Profit - SOCRadar
- SonicWall
Politically Charged Ransomware Weaponized as a File Destroyer - Ben Martin at Sucuri
Server Side Credit Card Skimmer Lodged in Obscure Plugin - Trellix
- Velociraptor Blog
Detection Engineering - Victor M. Alvarez at YARA-X
YARA-X as a file inspection tool
UPCOMING EVENTS
- Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2024-06-03 - Gerald Auger at Simply Cyber
Cyber Threat Intel 🔥 Fireside with Wade Wells - Magnet Forensics
- Mark Baggett
Kape Forensics UNCUT
PRESENTATIONS/PODCASTS
- Adversary Universe Podcast
Understanding Social Engineering with Shelly Giesbrecht, Director, Professional Services - Black Hills Information Security
Adversarial Emulation Extravaganza w/ Kent & Jordan - BlueMonkey 4n6
Hiding and deleting history on Linux systems – how the hackers hide their actions from you - Cyber Social Hub
- Didier Stevens
Reversing A Network Protocol - Huntress
- InfoSec_Bret
Challenge – AstasiaLoader - Jai Minton
- John Hammond
- Justin Tolman at AccessData
CISA Incident Response Playbook – Episode 8 – CISA Playbook and FTK - Karsten Hahn at Malware Analysis For Hedgehogs
Malware Analysis – D3f@ck loader from Inno Setup to JPHP - Magnet Forensics
- Mark Baggett
Kape – The game changing tool that almost never was | Infosec Toolshed S1 E8 - Microsoft Threat Intelligence Podcast
Andrew Morris and Lauren Proehl on Infosec - MSAB
XAMN Pro Miniseries Part 3 – Validation - MyDFIR
Cybersecurity SOC Analyst Lab – Endpoint Analysis (HackTheBox) - Ryan Chapman at Palo Alto Networks Unit 42
CrushFTP & WMI Vulnerabilities | Beyond the Hunt | Episode 6 - Paraben Corporation
- Richard Davis at 13Cubed
The Weird Windows Feature You’ve Never Heard Of - SANS
- SANS Cloud Security
Prevent Cloud Incidents from Becoming Cloud Breaches - The Defender’s Advantage Podcast
The ORB Networks - Velocidex Enterprises
MALWARE
- John Dwyer and Harold Tabellion at Binary Defense
LetMeowIn – Analysis of a Credential Dumper - Delivr.to
Analysis of an AgentTesla PIF Sample - ElementalX
Lockkey: Technical analysis of a Golang-Ransomware. - Meriam Senouci at Fortra’s PhishLabs
Active Phishing Campaign: Yousign HR Lure - Itochu Cyber & Intelligence
Malware Transmutation! – Unveiling the Hidden Traces of BloodAlchemy - Kelvin Winborne
I See What You Did There: SnakeKeylogger Malware Analysis - Securelist
- System Weakness
- Rene Holt at WeLiveSecurity
Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries - Zhassulan Zhussupov
Malware Development For Ethical Hackers. First edition - بانک اطلاعات تهدیدات بدافزاری پادویش
- Acelab
PC-3000 Portable PRO – the most powerful tool in the data recovery world – coming soon!
MISCELLANEOUS
- Adam Goss
Crown Jewel Analysis: How to Figure Out What to Protect - Anton Chuvakin
Back to Cooking: Detection Engineer vs Detection Consumer, Again? - Forensic Focus
- Francisco Dominguez at DiabloHorn
Emotions as human detection & defence - Kevin Beaumont at DoublePulsar
How the new Microsoft Recall feature fundamentally undermines Windows security - Oxygen Forensics
AI and neural networks accelerate targeted image and facial collection - SANS
- SOC Fortress
Mastering Wazuh’s Active Response: Block Malicious IPs with CoPilot & Wazuh! - Karen Haworth at X1
Microsoft 365 eDiscovery Throttling is Structural and Won’t Be Going Away
SOFTWARE UPDATES
- ADF Solutions
ADF Solutions Adds New Capability For e-Discovery Investigations - Andrea Lazzarotto
Fuji: Forensic Unattended Juicy Imaging 1.0 - Arsenal Recon
LevelDB Recon Changelog – v1.0.0.47 - Brian Maloney
OneDriveExplorer v.2024.05.20 - Digital Sleuth
winfor-salt v2024.9.1 - Elcomsoft
- IntelOwl
v6.0.3 - IsoBuster
IsoBuster 5.4 released - Magnet Forensics
- MALCAT
0.9.6 is out: Kesakode malware identification! - Malwoverview
Malwoverview 5.4.4 - OpenCTI
6.1.4 - Phil Harvey
ExifTool 12.85 - radare2
5.9.2 - SigmaHQ
pySigma v0.11.6 - Xways
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!