Week 7 – 2019

Thanks to Lodrina for her help. She’s away the next couple of weeks so I’ll probably be doing links only for her sections. Please encourage her to come back as she’s helped me immensely with my time.

As always, Thanks to those who give a little back for their support!

FORENSIC ANALYSIS

THREAT INTELLIGENCE/HUNTING

  • Adam at Hexacorn posted a few times this week
  • Graneed writes about password cracking against Apache Tomcat from start of the attack through C2 comms.
    Tomcatの管理機能に対するパスワードクラック後の攻撃を観察する

  • Raj Chandel at Hacking Articles writes about “protecting your system against MIMIKATZ that fetches password in clear text from wdigest”.
    Red Team/Blue Team Practice on Wdigest

  • Jeff Warren at Insider Threat Security Blog looks at how to detect Pass the Hash attacks seen recently with current infections of SamSam and Ryuk.
    How to Detect Pass-The-Hash Attacks

  • Wataru Takahashi at JPCERT/CC recaps four talks at the Japan Security Analyst Conference 2019: Analysis of Drive-by Downloads; A lesson that should be learned from the cyber-attack in Korea; Deep Dive Into The Cyber Enemy : Various Case Study; and Security Log Analysis Moving Towards the Endpoint – Battles behind Windows
    Japan Security Analyst Conference 2019 -Part 1-

  • Katie Nickels at ‘Katie’s Five Cents’ started a new blog reviewing how she has gotten to where she is today in her career, stressing “Regardless of your path in infosec, I encourage you to stop holding back your amazing ideas because you’re fearful of failing.” Maybe you want to present or start a blog (hint hint) too? 😉
    Hello World: On Finding My Voice

  • John Wunder at MITRE ATT&CK summarizes 2018, and what’s coming for 2019 including an update for the CAR data model.
    ATT&CKing 2019

  • Neil Desai at ‘Teaching An Old Dog New Tricks’ revisits an old post about BloodHound including setting up a lab, looking at network traffic, and setting up honey tokens.
    Detecting BloodHound

  • Brian Donohue at Red Canary writes about how to stop Emotet lateral movement by detecting it at any of 5 stages before lateral movement occurs: An MS word command line; A command line contained obfuscated environmental variables; A PowerShell obfuscated command line; A PowerShell command with a URL; or when PowerShell downloads a file.
    Stopping Emotet Before it Moves Laterally

  • Jeff Atkinson at Salesforce Engineering looks at how to install Bro-Sysmon, Broker,  Logstash, setting up a VM and Zeek to monitor traffic.
    Test out Bro-Sysmon

  • Scott Piper at ‘Summit Route’ looks at AWS resource naming patterns and interesting patterns, including how an attacker might be able to block access to buckets.
    AWS resource naming patterns

UPCOMING WEBINARS/CONFERENCES

PRESENTATIONS/PODCASTS

MALWARE

MISCELLANEOUS

SOFTWARE UPDATES

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s