As always, thanks to those who give a little back for their support!
If you haven’t seen, I’ve also been writing my thoughts on some of the articles posted when I can at patreon.com/thisweekin4n6!
FORENSIC ANALYSIS
- Cesar Quezada at Hexordia
FSEvents: How They Work and Why They Matter for Mac Analysis - Forensafe
Investigating Android Device Health Services - Neetrox at InfoSec Write-ups
Analyzing a Phishing Email Header - Inginformatico
Triage / Incident Response tools for Linux - Justin De Luna at ‘The DFIR Spot’
Windows Defender MP Logs – A Story of Artifacts - N00b_H@ck3r
LetsDefend: Discord Forensics - Oliver Hartshorn and Arun Prasannan at CCL Solutions
Examining Session Desktop Attachments
THREAT INTELLIGENCE/HUNTING
- Adam Goss
CTI Analysis Bias: How to Overcome Your Prejudices During Analysis - Allan Liska at ‘Ransomware Sommelier’
- Saad Ahla at Altered Security
When the hunter becomes the hunted: Using custom callbacks to disable EDRs - Amitai Cohen
Pivot Atlas - ANSSI
Malicious Activities Linked To The Nobelium Intrusion Se - Ayelen Torello at AttackIQ
Emulating the Notorious Chinese State-Sponsored Winnti Group - Brad Duncan at Malware Traffic Analysis
- Censys
June 14, 2024: TellYouThePass Ransomware Leverages PHP Vulnerability CVE-2024-4577 - CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 15 – 21 Giugno 2024 - Chainalysis
Public Sector Survey Preview: The 2024 State of Cryptocurrency Investigations Report - Check Point
- Ben Nahorney at Cisco
How to Monitor Network Traffic: Findings from the Cisco Cyber Threat Trends Report - Cisco’s Talos
- Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
- How are attackers trying to bypass MFA?
- Unveiling SpiceRAT: SneakyChef’s latest tool targeting EMEA and Asia
- SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
- Cyberdom
- Cyble
Rising Wave of QR Code Phishing Attacks: Chinese Citizens Targeted Using Fake Official Documents - Cyborg Security
- Cyfirma
Weekly Intelligence Report – 21 June 2024 - Cyjax
Weekly Cyber Threat Intelligence Summary - Darren M.
Systemic Identity Compromise Response Plan - Datadog Security Labs
Tales from the cloud trenches: Raiding for AWS vaults, buckets and secrets - Aleksandar Matev at Detect FYI
Impair Defenses [T1562.012]: Detect Linux Audit Logs Tampering (Part 2) - Dragos
- Arda Büyükkaya at EclecticIQ
ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution - Efstratios Lontzetidis
Cyber Threat Intelligence Lifecycle: Answering the CTI Analyst Challenge - Elastic Security Labs
GrimResource – Microsoft Management Console for initial access and evasion - Ervin Zubic
Building a Versatile Threat Intelligence Program for Any Environment - Esentire
- Pei Han Liao at Fortinet
Fickle Stealer Distributed via Multiple Attack Chain - Google Cloud Threat Intelligence
- Ron Bowes at GreyNoise Labs
SolarWinds Serv-U (CVE-2024-28995) exploitation: We see you! - Marshall Price at GuidePoint Security
SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment - Intel471
Threat Hunting Case Study: Looking for Evil Corp - Keisuke Shikano at JPCERT/CC
TSUBAME Report Overflow (Jan-Mar 2024) - Rich Peckham at ‘Microsoft Security Experts’
Octo Tempest: Hybrid Identity Compromise Recovery - Lex Crumpton, August Moore, and Amy L. Robertson at MITRE-Engenuity
ATT&CK® Evaluations Managed Services (2024): Actionable Insights and the Challenge of Dual… - Natto Thoughts
Ransom-War Part 3: Inflict Maximum Damage - Jay Chen at Palo Alto Networks
Attack Paths Into VMs in the Cloud - Tommy Madjar, Dusty Miller, and Selena Larson at Proofpoint
From Clipboard to Compromise: A PowerShell Self-Pwn - Grace Chi at Pulsedive
Sharing, Compared Part 4: Where Do We Go From Here? - Macie Thompson at Recon Infosec
Advanced Email Protection: Detection Techniques in Action - Recorded Future
- Red Alert
Monthly Threat Actor Group Intelligence Report, April 2024 (ENG) - Red Canary
Intelligence Insights: June 2024 - J’yah Marshall at ReliaQuest
Why Your Phishing Analysis Tool Is Missing the Mark - RexorVc0
- SANS Internet Storm Center
- Sansec
CosmicSting attack threatens 75% of Adobe Commerce stores - SOCRadar
- SpecterOps
- Splunk
LNK or Swim: Analysis & Simulation of Recent LNK Phishing - Stephan Berger
- Sucuri
- Symantec Enterprise
Sustained Campaign Using Chinese Espionage Tools Targets Telcos - Dan Schoenbaum at Team Cymru
How the New Splunk App for Scout Can Enrich and Accelerate Your Investigations - Thinkst Thoughts
A Bird’s-eye view: ShareFinder-How Threat Actors Discover File Shares (The DFIR Report) - Aaron Goldstein at Todyl
Threat breakdown: Remote access and credential dumping - Peter Girnus, Aliakbar Zahravi, and Ahmed Mohamed Ibrahim at Trend Micro
Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework - Zimperium
Beyond the App Store: The Hidden Risks of Sideloading Apps
UPCOMING EVENTS
- Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2024-06-24 - Magnet Forensics
Mobile Unpacked Ep. 18 // Restoring the Past: Exploring artifacts related to restoring data using different methods on iOS devices - Phil Hagen
- The Cyber Social Hub
Can AI Replace a Digital Forensic Expert?
PRESENTATIONS/PODCASTS
- BlueMonkey 4n6
process monitors for Linux – comparing top and htop - Breaking Badness
Breaking Badness Cybersecurity Podcast – 188. Vish Upon a Star - Bruce Large
Lessons Learned Building OT SOCs - Cellebrite
Tip Tuesdays: Streamlines on Cellebrite Inseyets Powered by UFED - Rachel Hannenberg at Censys
Boost Your Threat Hunting Skills with These 5 Informative Webinars - Clint Marsden at the TLP – Digital Forensics Podcast
Episode 6 – Responding to ransomware – is your VPN a target? Plus ransomware risk mitigation with Phil Ngo - Cyber Social Hub
- Cyberwox
Detecting Privilege Escalation Techniques in Microsoft 365 ~ Detection Opportunites EP 5 - Eclypsium
BTS #32 – Mitre ATT&CK – Adam Pennington - FIRST
Episode 44: Nitesh Surana and Jaromir Horejsi, Trend Micro, FIRSTCON24 Speakers - Gerald Auger at Simply Cyber
High Stakes in Incident Response (Full Version) - Hudson Rock
- InfoSec_Bret
- Magnet Forensics
- Malspace
North Korean APTs and Russian Rockets - MSAB
XAMN Pro Miniseries – Working with location data - Palo Alto Networks Unit 42
Impacket Framework, Inc Ransomware | Beyond the Hunt | Episode 8 - SalvationData
Top 5 Digital Forensics Companies - SANS
A Visual Summary of SANS ICS Summit 2024 - SANS Cloud Security
Evolution of SIEM in the Cloud - Security Conversations
Ep1: The Microsoft Recall debacle, Brad Smith and the CSRB, Apple Private Cloud Compute
MALWARE
- Adam at Hexacorn
Enter Sandbox 28: Automated access primitives extraction - Any.Run
Analyzing Malware Protected with Themida and VMprotect: Is It Really That Hard? - ASEC
Analysis of Attack Case Installing SoftEther VPN on Korean ERP Server - Fernando Dominguez at AT&T Cybersecurity
LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations - David Álvarez at Avast Threat Labs
New Diamorphine rootkit variant seen undetected in the wild - Chris Ray at Cyber Triage
Limitations of ImpHash for DFIR - CyberArmor
New North-Korean based backdoor packs a punch - Dr Josh Stroschein – The Cyber Yeti
Malware Mondays #04 – BTS: Exploring Strings in a Sample C Program - Emanuele De Lucia
A Reverse Engineer’s journey with PowerShell and XWorm - Malware Must Die!
- PetiKVX
DarkRace Ransomware - ptwistedworld
Analyzing JavaScript XWORM Stager - Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev at Rapid7
Malvertising Campaign Leads to Execution of Oyster Backdoor - Mike Saunders at Red Siege Information Security
Adventures in Shellcode Obfuscation! Part 1: Overview - Securonix
Analysis Of Phantom#spike: Attackers Leveraging Chm Files To Run Custom Csharp Backdoors Likely Targeting Victims Associated With Pakistan - Jason Reaves and Joshua Platt at Walmart
Spectre (SPC) v9 Campaigns and Updates - Zhassulan Zhussupov
MISCELLANEOUS
- Andrea Fortuna
Protecting the Protectors: Mental Health Practices for Incident Responders - Cellebrite
Harnessing the Power of SaaS for Efficient Data Collection in Investigations and eDiscovery - Bret at Cyber Gladius
Fast AD GPO Software Deployment Method - Forensic Focus
Digital Forensics Round-Up, June 19 2024 - Hideaki Ihara at port139
Let’s try to analyze the DataRuns of NTFS with ChatGPT. - Magnet Forensics
- Maxim Suhanov
Vulnerabilities in 7-Zip and ntfs3 - Memory Forensic
Unlocking Volatility in Autopsy - Angélique Conde at Microsoft’s ‘Security, Compliance, and Identity’ Blog
Update on the Deprecation of Admin Audit Log Cmdlets - Oxygen Forensics
Import Twitter Data - Salvation DATA
Setting Up a Forensic Lab: Key Components and Best Practices - Alexey Antonov at Securelist
Analysis of user password strength
SOFTWARE UPDATES
- Alexandre Borges
Malwoverview 5.4.5 - Datadog Security Labs
GuardDog v1.10.1 - Didier Stevens
- Digital Sleuth
winfor-salt v2024.10.9 - dnSpyEx
v6.5.1-rc1 - GCHQ
CyberChef v10.19.0 - Magnet Forensics
- Mazars Tech
AD_Miner v1.5.0 - Metaspike
Forensic Email Collector 4.0.110 Release Notes - MISP
MISP 2.4.194 released with new functionalities and various bugs fixed - MobilEdit
MOBILedit Forensic 9.4 Released: WearOS Extraction, UFED full filesystem extraction and More! - Nextron Systems
Announcing the Launch of ASGARD Analysis Cockpit v4.1 - OpenCTI
6.1.12 - Paraben Corporation
Major Upgrade to E3 Forensic Platform Version 4.0 – Dilithium Edition Released - Sergio Mazariego
Mantis - SigmaHQ
pySigma v0.11.7 - Tim Blazytko
ReverserAI (v1.1) - WithSecure Labs
Chainsaw v2.9.1 - Xways
X-Ways Forensics 21.2 Beta 4
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!