Lodrina and I were both busy this week so links only. I’m teaching this week in Singapore, so we’ll see how I go for next weeks post!
As always, Thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Heather Mahalik at Cellebrite
A First Look at iOS 13 – Here are the Methods You Can Trust For Extraction And Analysis - Jake Nicastro and Willi Ballenthin at Fire Eye
Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil - Kevin Pagano at Stark 4N6
10 Free Forensic Tools I Can’t Live Without - Carlos Cajigas at ‘Mash That Key’
Use KAPE to collect data remotely and globally - Mike Cohen
Triage with Velociraptor — Pt 3 - Mike Williamson
KnowledgeC: Now Playing entries - Securízame
Repositories - Troy Schnack
Android Video Thumbnail Files “.lvl” - Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System - Willi Ballenthin
Check out @williballenthin’s Tweet - Yogesh Khatri at Swift Forensics
ADB keyvalue backups and the .data format
THREAT INTELLIGENCE/HUNTING
- Chris Brenton at Active Countermeasures
MITRE ATT&CK Matrix – Custom C2 Protocol - Adam at Hexacorn
Beyond good ol’ Run key, Part 119 - Chris Mitzlaff and Katie Dematteis at Carbon Black
Using MixMode and Carbon Black to Spot a Watering Hole Attack - ClearSky Cyber Security
The Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods - Cylance
Threat Spotlight: Citadel Banking Trojan - Richard Gold at Digital Shadows
ANU Breach Report: Mapping to Mitre ATT&CK Framework - Oleg Sulkin at Group IB
50 Shades of Ransomware - Jaco at ‘The Swanepoel Method’
Hacking Email Accounts for BEC - Mike at “CyberSec & Ramen”
Tracing The Route of A Malicious Document - Iraklis Mathiopoulos at Nettitude Labs
How to Exfiltrate AWS EC2 Data - Robert Falcone and Brittany Ash at Palo Alto Networks
More xHunt – New PowerShell Backdoor Blocked Through DNS Tunnel Detection - Penetration Testing Lab
Persistence – Shortcut Modification - Tony Lambert and Brian Donohue at Red Canary
Using visibility to gather context and find persistence mechanisms - SANS Internet Storm Centre Handler Diaries
- Matt Graeber at SpecterOps
Security Descriptor Auditing Methodology: Investigating Event Log Security
UPCOMING WEBINARS/CONFERENCES
- Belkasoft
Belkasoft 2020 v.9.7: What Is New? - Blackbag Technologies
Whodunit: Identifying Suspects Through Digital Evidence - Black Hills Information Security
How to Play Backdoors & Breaches, an Incident Response Card Game - HTCIA CHC Student Chapter
5th Annual CHC Cyber Security & Forensics Conference - Eric Oldenburg at Griffeye
Webinar: Get the most out of your digital media investigations
PRESENTATIONS/PODCASTS
- Alexander Adamov at ‘Malware Research Academy’
Unpacking Buran Ransomware: Scylla/ImpRec vs PE-sieve - Dave Kennedy at Binary Defense
Sysmon for the Masses Webinar - Black Hills Information Security
Webcast: In-Depth SILENTTRINITY Demo, Explanation & Walkthrough - Vico Marziale at BlackBag Technologies
Windows 10 Activity Timeline: An Investigator’s Gold Mine - Digital Forensic Survival Podcast
DFSP # 190 – Dead Simple Boot Disks - Magnet Forensics
AXIOM at Work: Digging Deeper with Custom Artifacts (Pt. 2) - SANS
MALWARE
- SensorFu
How my application ran away and called home from Redmond - Fire Eye Threat Research
- Flare-On writeups
- Jessie Leung at Fortinet
Exploring a Recent Magnitude Exploit Kit Sample - Michael Gorelik at Morphisec
Apple Zero-Day Exploited in New BitPaymer Campaign - Daniel Bunce at SentinelOne
Writing Malware Configuration Extractors for ISFB/Ursnif - Joseph C Chen at TrendMicro
FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops - Rajdeepsinh Dodia and Amandeep Kumar at ZScaler
Examining the Ryuk Ransomware
MISCELLANEOUS
- Andrew Rathbun at AboutDFIR
An Overview of Recent and Future Content Updates - Richard Frawley at ADF
Collect and Share Digital Evidence Files with Prosecutors - Andrea Fortuna at ‘So Long, and Thanks for All the Fish’
Venator: information gathering on OSX systems - Brett Shavers at DFIR.Training
- Kobi Leizerovich at Cyberbit
From Reactive to Proactive: 3 Ways to Prep your Blue Team - Forensic Focus
- The Mueller Report – An Amazing Lens Into A Modern Federal Investigation
- Walkthrough: Talon Ultimate From Logicube
- CASE: New Mobile Forensic System Lets Correction Officials Blow Away The Backlog
- DFRWS Submission Deadline Extended To Sunday October 13th
- Interview With Christian Hummert, Director Of Digital Forensics, ZITiS Germany
- What Changes Do We Need To See In eDiscovery? Part I
- MantaRay Forensics
VirusShare.com MantaRay Forensics Refined Hash Set - Matt Edmondson at ‘Digital Forensics Tips’
A Quick Look at MDXFIND - Joel Bollö at MSAB
A new opening for accessing for iPhone data - ThinkDFIR
Playing with the big chicken – (Velociraptor + AWS + Google Domains)
SOFTWARE UPDATES
- AceLab
The new PC-3000 Flash software Ver. 7.3.7. is released! - AChoir
AChoir Release 4.0 - Atola
Atola Insight Forensic 4.13.3 - Autopsy
autopsy-4.13.0 - Cellebrite
Translate textual content in more than 40 languages with Cellebrite Smart Translator - Eric Zimmerman
ChangeLog - Evimetry
Release 3.2.4 - ExifTool
ExifTool 11.70 (production release) - GetData
10 October 2019 – 5.1.2.9028 – Major Version Release - Image Interrogator
Image Interrogator – v0.2 released! - Metaspike
Forensic Email Collector (FEC) Changelog - MISP
MISP 2.4.117 released (aka the the pre-conference season release) - MobilEdit
MOBILedit 7.0.3 released! - Nirsoft
New command-line tool to extract values from tab-delimited and comma-delimited data - OpenText
Tableau Firmware Update Revision History for v7.30 - Passmark
V7.0 build 1005 10th October 2019 - Oxygen Forensics
OFDv12.0 Release Notes - Velociraptor
Release 0.3.5 - YARA
YARA v3.11.0
And that’s all for the week! If you think we’ve missed something, or want us to cover something specifically hit us up through the contact page or on the social pipes!
This Week In 4n6 