Busy busy so links only this week!
Thanks to Lodrina for her work on the Threat Hunting and Malware Analysis sections.
As always, Thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Arsenal Recon
- Mark Scanlon
Private Web Browser Forensics: A Case Study of the Epic Privacy Browser - Barak Goldberg at Cellebrite
How Health App Data Improves Location Accuracy and Activity Identification for Investigations - Foxton Forensics
Following the trail of Skype, Electron and Chromium using Browser History Examiner - Jesse Spangenberger at Cyber Fēnix Tech
Examining Maptiles from iOS - Yogesh Khatri at ‘Swift Forensics’
Part 3 – ADB keyvalue backups – Wifi and System settings - Kasasagi
macOS上に現存するappの痕跡?-appList.datについて- [Trace of app path on macOS -About appList.dat-]
THREAT INTELLIGENCE/HUNTING
- Adam at Hexacorn
- John Walther at Carpe Indicium
Preventing and Detecting Office 365 Account Takeovers - Richard Bejtlich at Corelight
No Tap? No Problem! - Cylance
Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform - Robert M. Lee at Dragos
Claims of a Cyber Attack on Iran’s Abadan Oil Refinery and the Need for Root Cause Analysis - John Lambert
Check out @JohnLaTwC’s Tweet - MiladMSFT
ThreatHunt PS Attack Sim code - Sam Vega at Red Canary
Detecting SharePoint attacks via worker process activity - Yotam Gutman at SentinelOne
APT and the Enterprise – FUD or Real Threat? - ThreatRecon
SectorD01: When anime goes cyber
UPCOMING WEBINARS/CONFERENCES
- Blackbag Technologies
Whodunit: Identifying Suspects Through Digital Evidence - Cellebrite
Don’t let a language barrier stop you from accessing Digital Evidence - Digital Guardian
How a $0 DFIR Kit Can Take On Big Dollar Enterprise Tools - Magnet Forensics
Responding to Ransomware Attacks with Gillware and Magnet Forensics
PRESENTATIONS/PODCASTS
- Forensic Lunch
Forensic Lunch 10/25/19 - Nick Klein
RSAC Unplugged 2019 Sydney: Tales From the Front Line - Adrian Crenshaw
GrrCON 2019 Videos - Black Hills Information Security
- Digital Forensic Survival Podcast
DFSP # 192 – KAPE - Forensic Focus
- OSDFCon
2019 Agenda - Richard Davis at 13Cubed
Linux Forensics! First Look at usbrip - SANS
Tracking Traces of Deleted Applications – SANS DFIR Summit 2019
MALWARE
- Attify
Flare-On 6 CTF WriteUp (Part 12) - Brian Laskowski at Laskowski-Tech
Emotet, and Analysis of TTP’s: Part II For the Watch - Check Point Research
Inside the Hacking Community Market – Reselling RIG EK Services - Vitor Ventura and Chris Neal at Cisco’s Talos
Gustuff return, new features for victims - Cybereason
Hunting Raccoon: The New Masked Bandit on the Block - Steve Miller, Evan Reese, and Nick Carr at Fire Eye
Shikata Ga Nai Encoder Still Going Strong - Fortinet
- Kaspersky Lab
Threat Intelligence Portal: We need to go deeper - Lab52
New PatchWork campaign against Pakistan - Jérôme Segura, William Tsing, and Adam Thomas at Malwarebytes Labs
The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT - Jessica Saavedra-Morales, Ryan Sherstobitoff and Christiaan Beek at McAfee Labs
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo - Michael Gillespie
Analyzing Ransomware – STOP | Getting Started - OALabs
IDA Pro Tutorial – Reverse Engineering Dynamic Malware Imports - Jeff White at Palo Alto Networks
- SANS Internet Storm Centre Handler Diaries
- Vitali Kremez at SentinelOne
How TrickBot Hooking Engine Targets Windows 10 Browsers - Miguel Carlo Ang and Earle Maui Earnshaw at TrendMicro
AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam - Virus Bulletin
VB2019 papers: Emotet and Ryuk - VirusTotal
Revamping in-house dynamic analysis with VirusTotal Jujubox Sandbox - Francis Montesino at VMRay
VMRay IDA Plugin v1.1: Streamlining Deep-Dive Malware Analysis
MISCELLANEOUS
- Xavier Mertens
BSides Luxembourg 2019 Wrap-Up - ANSSI
DFIR ORC documentation - Olga Milishenko at Atola
Video: Express mode in action - Brett Shavers at DFIR.Training
- Heather Mahalik at Cellebrite
Cellebrite Reader Part 3: Driving Your Investigation with Reader - Didier Stevens
Quickpost: ExifTool, OLE Files and FlashPix Files - Forensic Focus
- What Changes Do We Need To See In eDiscovery? Part III
- The Mueller Report Part 3 – Human-Generated Data At The Heart Of Investigations
- Unlock Mobile Devices Using These Popular Codes
- Crimes Against Children Conference 2019 Recap Part II: Digital Evidence On Multi
- TikTok Data Extraction In Oxygen Forensic Detective
- IntaForensics
- MSAB
- Richard Frawley at ADF
How to Hide Default Search Profiles in ADF Digital Forensic Software - Ryan Campbell at ‘Security Soup’
Weekly News Roundup — October 20 to October 26 - Volatility Labs
Volatility Malware and Memory Forensics Training in 2020!
SOFTWARE UPDATES
- Binalyze
Version 1.9.7 - Didier Stevens
New Tool: simple_tcp_stats.py - KAPE
Kape Changelog - Eric Zimmerman
ChangeLog - ExifTool
ExifTool 11.73 - GetData
22 October 2019 – 5.1.2.9072 - Abdul Rhman Alfaifi
Rhaegal - X-Ways
And that’s all for the week! If you think we’ve missed something, or want us to cover something specifically hit us up through the contact page or on the social pipes!
This Week In 4n6 