As always, thanks to those who give a little back for their support!
If you haven’t seen, I’ve also been writing my thoughts on some of the articles posted when I can at patreon.com/thisweekin4n6!
FORENSIC ANALYSIS
- 0xdf hacks stuff
HTB Sherlock: Noted - Atola Technology
File Carving and Sector-Level Analysis - Campaign and public sector information security
Sysmon-Help an investigator out! - Craig Ball at ‘Ball in your Court’
Garden Variety: Byte Fed. v. Lux Vending - Cyber 5W
Windows Event Logs Analysis - Dhiren Bhardwaj at Digital Forensic Forest
- Emi Polito at Amped
Motion Detection: Find Suspect Movement in Amped Replay! - Forensafe
Investigating iOS Safari - Hideaki Ihara at port139
- Ask ChatGPT about the basic knowledge of NTFS
- I asked ChatGPT about FAT and exFAT.
- Let’s visualize an EVTX file using ChatGPT.
- Let’s visualize NTFS FILE records with ChatGPT.
- Consider the procedure for learning about $i30 using ChatGPT.
- Let’s come up with a prompt to learn about NTFSMFT FILE records using ChatGPT.
- Parse the timestamps of NTFS FILE records with ChatGPT.
- Memory Forensic
- lightkunyagami
CyberDefenders: Ramnit (Memory Forensic Analysis) - Stephanie Honore at Paraben Corporation
OSINT Tools And Techniques for Digital Forensics Nerds - Plainbit
리눅스용 DFIR 수집 도구 – bitCollector - The DFIR Report
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
THREAT INTELLIGENCE/HUNTING
- Faan Rossouw at Active Countermeasures
Malware of the Day – XenoRAT - Adam at Hexacorn
The art of artifact collection and hoarding for the sake of forensic exclusivity… – Part 5 - Adam Goss
CTI Report Writing: How to Communicate Threat Intelligence - Alican Kiraz
Destroy the Ransomware Threat: Part 1.2 — Know your enemy! - Avertium
Everything You Need to Know About LilacSquid - Christine Barry at Barracuda
RansomHub. Because every abandoned affiliate needs a home. - David Fletcher at Black Hills Information Security
Augmenting Security Testing and Analysis Activities with Microsoft 365 Products - Brad Duncan at Malware Traffic Analysis
- BushidoToken
- CERT EU
Sigma Unleashed: A Realistic Implementation - CERT-AGID
- Check Point
- Yehuda Gelb at Checkmarx Security
A New North Korean Group Emerges, Disrupting the Open Source Ecosystem - Cisco’s Talos
- Bleon Proko at Permiso
Introducing YetiHunter: An open-source tool to detect and hunt for Suspicious activity in Snowflake - Csaba Fitzl at ‘Theevilbit’
Beyond the good ol’ LaunchAgents – 33 – Widgets - Chris Ray at Cyber Triage
Intro to ImpHash for DFIR: “Fuzzy” Malware Matching - Matthias Barkhausen at cyber.wtf
Give Me Your FortiGate Configuration Backup and I Rule Your Network - Cyble
Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage - Cyfirma
Weekly Intelligence Report – 14 June 2024 - Cyjax
Weekly Cyber Threat Intelligence Summary - Matt Muir at Datadog Security Labs
Attackers deploying new tactics in campaign targeting exposed Docker APIs - Esentire
SolarMarker Impersonates Job Employment Website, Indeed, with a Team Building-themed Lure - Google Cloud Threat Intelligence
- Konstantin Lazarev at GreyNoise Labs
What’s Going on With CVE-2024-4577 (Critical RCE in PHP)? - GuidePoint Security
- Robert Reeves at Immersive Labs
The Return of unattend.xml…Revenge of the Cleartext Credentials - Intel471
Cybercriminals and AI: Not Just Better Phishing - Invictus Incident Response
The Azure log you probably didn’t know existed - Jonathan Johnson
Refining Detection: New Perspectives on ETW Patching Telemetry - Alanna Titterington at Kaspersky Lab
How ShrinkLocker ransomware leverages BitLocker | Kaspersky official blog - Brian Krebs at Krebs on Security
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested - George Glass, Laurie Iacono, and Keith Wojcieszek at Kroll
PLAY Ransomware Group Gains Access via Citrix Bleed Vulnerability - Maltego
Dissecting Scattered Spider with Maltego - Deniz Sezer at ‘Microsoft Security Experts’
Effective strategies for conducting Mass Password Resets during cybersecurity incidents - Gary Bushey at Microsoft Sentinel Blog
Debugging Playbooks - Monty Security
Hunting APT41 TTPs - Natto Thoughts
Who is Volt Typhoon? A State-sponsored Actor? Or Dark Power? - Nextron Systems
Detecting Web Shells: Why it is important to add an additional layer of protection on your existing security solutions - Selena Larson, Rob Kinner, and Hannah Rapetti at Proofpoint
Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites - Dave Bogle at Red Canary
The unsung security benefits of cloud migration - Resecurity
- Ron Marom at Rezonate
Bypassing Okta’s Passwordless MFA: Technical Analysis and Detection - S2W Lab
[FIRSTCON 2024] Dissecting the Arsenals of LockBit - SANS Internet Storm Center
- Shaik Zakeer at Security Intelligence
Self-replicating Morris II worm targets AI email assistants - Dheeraj Kumar, and Ella Dragun at Securonix
SECURONIX THREAT LABS MONTHLY INTELLIGENCE INSIGHTS – MAY 2024 - Simone Kraus
Akira in the Chang Way Server Ecosystem & Re-Victimization - Sophos
- SpecterOps
- Rianna MacLeod at Sucuri
2023 Hacked Website & Malware Threat Report - Symantec Enterprise
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day - Mike Blinkman at System Weakness
Generative AI and Phishing Attacks: Risks and Detection Strategies - Aaron Goldstein at Todyl
Threat breakdown: Remote access and credential dumping - Trellix
Trellix Uncovers Spike in Cyber Activity from China and Russia - Bernard Bautista at Trustwave SpiderLabs
Search & Spoof: Abuse of Windows Search to Redirect to Malware - Sergei Frankoff at Unpacme
UnpacMe PIVOT! - Volexity
DISGOMOJI Malware Used to Target Indian Government
UPCOMING EVENTS
- Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2024-06-17 - Cyber Social Hub
Tools to Help Law Enforcement Identify & Rescue More CSAM Victims - Magnet Forensics
PRESENTATIONS/PODCASTS
- Adversary Universe Podcast
When the Adversary Knows They’re Caught - AhmedS Kasmani
Latrodectus – Malware Analysis Part 2 - Alexis Brignoni
Digital Forensics Now – Episode 19 - Ali Hadi
- Cellebrite
Tip Tuesday: Select – Unselect All on Cellebrite Physical Analyzer - Clint Marsden at the TLP – Digital Forensics Podcast
Episode 5 – NIST SP 800-61 Computer Security Incident Handling Guide Post-Incident Activity - Cyber from the Frontlines
E13 State of Cybercrime with Jon DiMaggio - Cyber Social Hub
Trending Challenges in CSAM Investigations…and the Solution - Jane Ginn at Cyber Threat Intelligence Training Center
From Data to Defense: The Role of Knowledge Management in Cyber Threat Analysis - Cyberwox
- Cyborg Security
Happy Hunting: FIN7 - Dr. Meisam Eslahi at ‘Nothing Cyber’
Cyber Threat Hunt 101: Part 7 – Practical Data Analysis and Threat Detection Techniques! - InfoSec_Bret
Challenge – YARA Rule - John Hammond
APT Malware (advanced persistent threat) - Magnet Forensics
Magnet Nexus: Large-scale investigations, made easy - MSAB
XAMN Pro Miniseries Part 6 – Working with pictures - Nextron Systems
- ASGARD Analysis Cockpit: Baselining Innovations
- ASGARD Analysis Cockpit: Case Management
- ASGARD Analysis Cockpit: Scheduled Reports
- ASGARD Analysis Cockpit: New Overview
- ASGARD Analysis Cockpit: Customizable Dashboards
- ASGARD Analysis Cockpit: Data Retention
- ASGARD Analysis Cockpit: ChatGPT Integration
- Palo Alto Networks Unit 42
Need to Know Threats May 2024 | Beyond the Hunt | Episode 7 - Paraben Corporation
iPhone Image with Social Media - Phil Hagen
Secret Life of Devices Workshop Highlight - Richard Davis at 13Cubed
New Course! Investigating Linux Devices - SANS
- SANS Cloud Security
Centralizing Cloud Logs and Events with Microsoft Sentinel - Security Fest
Security Fest 2024 - WeLiveSecurity
ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024
MALWARE
- Any.Run
- ASEC
- Remcos RAT Distributed as UUEncoding (UUE) File
- APT Attacks Using Cloud Storage
- Bondnet Using Miner Bots as C2
- Attacks Against Linux SSH Services Detected by AhnLab EDR
- Botnet Installing NiceRAT Malware
- Keylogger Installed Using MS Office Equation Editor Vulnerability (Kimsuky)
- Linux Defense Evasion Techniques Detected by AhnLab EDR (1)
- Jacob Malimban at Cofense
STR RAT – Phishing Malware Baseline - Dr Josh Stroschein – The Cyber Yeti
🔴 Malware Mondays Episode 04 – Identifying Strings with FLOSS and Looking for Signs of Obfuscation - Shunichi Imano and Fred Gutierrez at Fortinet
Ransomware Roundup – Shinra and Limpopo Ransomware - Nicole Fishbein and Ryan Robinson at Intezer
Dissecting SSLoad Malware: A Comprehensive Technical Analysis - Kelvin Winborne
Build-A-Brute: Reverse Engineering My Own Malware - Malware Musings
Rebuilding a PE File From Memory - PetiKVX
Analysis of Virus.DOS.7son.284 - Security Onion
Quick Malware Analysis: WORD MACRO –> SSLOAD –> COBALT STRIKE pcap from 2024-04-18 - Ax Sharma at Sonatype
cors-parser’ npm package hides cross-platform backdoor in PNG files - Stephan Berger
Today I Learned – Instrument ClamAV to extract AutoIT scripts - Hara Hiroaki at Trend Micro
Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups - Lukas Stefanko at WeLiveSecurity
Arid Viper poisons Android apps with AridSpy - Zhassulan Zhussupov
Malware development trick 39: Run payload via EnumDesktopsA. Simple Nim example. - ZScaler
- بانک اطلاعات تهدیدات بدافزاری پادویش
Spy.Win32.Geremas
MISCELLANEOUS
- Adam at Hexacorn
Couple of Splunk/SPL Gotchas, Part 2 - Anton Chuvakin
- Brett Shavers
The key to DFIR mastery - F-Response
RegRipper and F-Response - Forensic Focus
- Maximising Data Collection With SaaS Innovations
- Forensics Europe Expo (FEE) 2024
- Digital Forensics Round-Up, June 12 2024
- Challenges Of DFIR In Distroless And Other Container Environments
- Semantics 21: Advancing AI For Victim Identification
- Detego Global Announces Strategic Partnership With Connection To Deliver Cutting-Edge DFIR Solutions
- Hal Pomeranz at ‘Righteous IT’
“You Caught Me In An Introspective Moment” - InfoSec Write-ups
- Lenny Zeltser
How to Write Good Incident Response Reports - Magnet Forensics
New national database for seamless matching against Project VIC-US data in Magnet Griffeye products - Oxygen Forensics
Import PX4 Logs - Salvation DATA
- Sandfly Security
Sandfly Performance White Paper - SOC Fortress
- Gabriel Hardy-Françon at StrangeBee
Email to Alert: How TheHive Transforms Your Workflow - Philip DuBois at TrustedSec
Hands On with Chip Off Non-Volatile Memory
SOFTWARE UPDATES
- ANSSI
DFIR-ORC v10.2.5 - Canadian Centre for Cyber Security
Assemblyline Release 4.5.0.32 - Capa
v7.1.0 - GCHQ
CyberChef v10.18.8 - Datadog Security Labs
GuardDog v1.10.0 - Didier Stevens
- Update: base64dump.py version 0.0.25
- Update: pdf-parser.py Version 0.7.9
- Update: FileScanner Version 0.0.0.9
- Update: what-is-new.py Version 0.0.4
- Update: simple_listener.py Version 0.1.5
- Update: count.py Version 0.3.2
- Update: zipdump.py Version 0.0.30
- Update: strings.py Version 0.0.9
- Update: myjson-filter.py version 0.0.6
- Update: hash.py Version 0.0.12
- Digital Sleuth
winfor-salt v2024.10.6 - Eilay Yosfan
Crowdstrike-Deploy 1.0v - Eric Zimmerman
ChangeLog - FalconForce
BloodHound API support - OpenCTI
6.1.11 - Passmark Software
OSForensics – V11.0 build 1008 13th June 2024 - Phil Harvey
ExifTool 12.87 - Sandfly Security
Sandfly 5.0.6 Maintenance Release - Thiago Canozzo Lahr
uac-2.9.1 - Xways
- Yamato Security
Hayabusa v2.16.0 🦅
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!