Links only this week. Sorry! I assure you I have a good excuse 🙂

FORENSIC ANALYSIS

• Dave Cowen
  • Daily Blog #513: solution Saturday 10/20/18
  • Daily Blog #514: Sunday Funday 10/21/18
  • Daily Blog #515: Asking for your input regarding future testing
  • Daily Blog #516: Forensic Lunch Test Kitchen 10/23/18
  • Daily Blog #517: Forensic Lunch Test Kitchen 10/24/18
  • Daily Blog #518: Forensic Lunch Test Kitchen 10/25/18
  • Daily Blog #519: Forensic Lunch Test Kitchen 10/26/18
  • Daily Blog #520: Solution Saturday 10/27/18

• Alexis Brignoni
  • Quick DFIR review – LA Fitness Android app
  • Tool review: Cellebrite Virtual Analyzer

• Maxim Suhanov
  Effects of running an offline AV scan

• Sim4n6
  How-to Acquire Debian Volatile Memory using LiME?
  

THREAT INTELLIGENCE/HUNTING

• CrowdStrike
  • Your Jenkins Belongs to Us Now: Abusing Continuous Integration Systems
  • Cutwail Spam Campaign Uses Steganography to Distribute URLZone

• Cyberscoop
  Experts advocate for ‘ATT&CK’ as go-to framework to share threat intel

• Endgame
  Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification

• Hexacorn
  Process monitoring/Process cmd line monitoring – data sources

• Red Canary
  • Triage Planning: What Can Security Teams Learn From First Responders?
  • Community, Practical Applications of ATT&CK™ Take Center Stage at ATT&CKcon

• SANS Internet Storm Centre
  Beyond good ol’ LaunchAgent – part 0, (Sun, Oct 21st)

• Cisco
  Using Threat Intelligence Effectively in Security Automation and Orchestration with DFLabs and Cisco Security

• TaoSecurity
  Have Network, Need Network Security Monitoring

• Duo
  Ransomware’s Favorite Access Point – Remote Desktop Protocol (RDP)

• The Hacker who Rolls
  Home Lab ATT&CK Use Case

• Trend Micro
  Best Practices for Endpoint Detection and Response
  

PRESENTATIONS/PODCASTS

• Cellebrite
  The convergence of physical and virtual data for faster discovery of evidence

• DEFCON 26
  DEF CON 26

• Magnet Forensics
  Recorded Webinar: Still Using IEF? Learn What You May Be Missing Out On

• OALabs
  Unpacking Bokbot / IcedID Malware – Part 1

• Paul’s Security Weekly
  Veronica Schmitt, DFIRLABS – Paul’s Security Weekly #580

• Digital Forensic Survival Podcast
  DFSP # 140 – PCAP Hunting

• Pancake Nopcode
  r2con2018

• SANS
  $SignaturesAreDead = “Long Live RESILIENT Signatures” – SANS DFIR Summit 2018
  

MALWARE

• Attify
  • Flare-On 5 CTF WriteUp (Part 5)
  • Flare-On 5 CTF WriteUp (Part 6)
  • Flare-On 5 CTF WriteUp (Part 7)
  • Flare-On 5 CTF WriteUp (Part 8)
  • Flare-On 5 CTF WriteUp (Part 9)

• Cofense
  H-Worm and jRAT Malware: Two RATs are Better than One

• Cyberfox
  Quick Office Document Triage

• Didier Stevens
  Analyzing PowerPoint Maldocs with oledump Plugin plugin_ppt

• Fire Eye
  TRITON Attribution: Russian Government-Owned Lab Most Likely Built
  Custom Intrusion Tools for TRITON Attackers

• Malwarebytes Labs
  Mac malware intercepts encrypted web traffic for ad injection

• McAfee Labs
  Android/TimpDoor Turns Mobile Devices Into Hidden Proxies

• Palo Alto Networks
  New Techniques to Uncover and Attribute Cobalt Gang Commodity Builders and Infrastructure Revealed

• Radware
  New DemonBot Discovered

• SANS Internet Storm Centre
  • MSG Files: Compressed RTF, (Sun, Oct 21st)
  • Malicious Powershell using a Decoy Picture, (Mon, Oct 22nd)
  • Diving into Malicious AutoIT Code, (Tue, Oct 23rd)
  • Dissecting Malicious Office Documents with Linux, (Fri, Oct 26th)

• Sejuice
  Malware Analysis Using Memory Forensics

• Trend Micro
  • Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  • Misconfigured Container Abused to Deliver Cryptocurrency-mining Malware
    

MISCELLANEOUS

• Brett Shavers
  The Biggest, Baddest X-Ways Forensics Cheat Sheet ever

• Chris Sanders
  The Role of Evidence Intention

• Computer Forensics World
  Trusted Contributors Needed

• Digital Forensic Forest
  Best Password Cracking Tools?

• F-Response
  F-Response v8 – Sneak Peek

• Forensic Focus
  • Forensic Focus Forum Round-Up
  • Digital Forensics News October 2018

• Gillware
  Introducing Stacey Randolph

• Magnet Forensics
  Analyzing GrayKey Images with AXIOM: New Artifact Parsing Capabilities

• MobilEdit
  MOBILedit did very well in deep tests by NIST

• SalvationData
  • [Case Study] Mobile Forensics: Apple Enhanced USB Restricted Mode in iOS 12
  • DVR Forensics: Sneak Peak of VIP 2.0 – Redesigned Brand New User Interface
  • [Case Study] Computer Forensics: File Carving – Get Access to Lost Files That Seems Unrecoverable

• Andrea Fortuna
  My GCFA Exam Sketchbook

• The Eclectic Light Company
  Mojave fixes QuickLook cache vulnerability

• The Leahy Center for Digital Investigation
  SIFT Tool Evaluation
  

SOFTWARE UPDATES

• DEFT
  • DEFT Zero (2018.2) ready for download
  • DEFT X Virtual Appliance ready for download

• Didier Stevens
  • Release: Python Tool Templates
  • New tool: decompress_rtf.py
  • Update: pdf-parser.py Version 0.6.9
  • Update: oledump.py Version 0.0.38
  • Update: file-magic.py Version 0.0.4

• Eric Zimmerman
  MFTECmd

• ExifTool
  ExifTool 11.16

• GiftStick
  GiftStick

• Metaspike
  Remote Authenticator v1.3.1

• Passmark Software
  V6.1 build 1003 26th Oct 2018

• Radare2
  3.0.1

• TZWorks
  Oct 2018 build (package)

• X-Ways
  • Viewer Component
  • X-Ways Forensics 19.8 Preview 3

• Maxim Suhanov
  1.0.24
  

And that’s all for Week 43! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

As always, thanks to those who give a little back for their support!