FOR308 Beta 2 is getting closer, starting September 8th! As this is a beta this is run at a discounted price before it goes live. You can register here!
Thanks to Lodrina for her work on the Threat Hunting and Malware Analysis sections.
As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Wolfgang Sommergut at 4sysops
Deep scriptblock logging: Record PowerShell commands in the event log - Chris Vance at ‘D20 Forensics’
- Elcomsoft
- Shubham Sharma at Hacking Articles
Anti-Forensic: Swipe Footprint with Timestomp - Scott Koenig guest posted on Smarter Forensics
Does Photos.sqlite have relations with CameraMessagesApp? By Scott Koenig - Oxygen Forensics
Fast Data Extractions via QR code - Sarah Edwards at Mac4n6
Part 2: Step-by-step iPhone Setup for iOS Research (via @bizzybarney)
THREAT INTELLIGENCE/HUNTING
- Victor Vrabie, Bogdan Rusu, and Alexandru Maximciuc with Cristina Vatamanu at Bitdefender introduce their paper (8 page PDF) related to targeting Autodesk 3ds Max
APT Hackers for Hire Used for Industrial Espionage - Rafe Pilling and Tony Adams at Secureworks discuss disinformation in a half hour podcast
Don’t Wait for Them to Find You: What You Need to Know Today About Nation-State Threat Actors - Adam at Hexacorn
certutil – one more GUI lolbin - Ben Bornholm at HoldMyBeer
Setting up Kolide and Osquery with client certificates for mutual TLS (mTLS) - Thu Pham at Blumira
How to Test Your SIEM’s Detections - Check Point Research
24th August – Threat Intelligence Bulletin - ClearSky Research Team
The Kittens Are Back in Town 3 - CrowdStrike
- Cyberbit
- Josh Campbell at Cyborg Security
Threat Hunting & Threat Content Creation - Mariana Pereira at Darktrace
Darktrace email finds: Rare file type used to evade gateway tools - Raj Chandel at Hacking Articles
- InfoSec matters
Find and list Unsecured Azure Storage Blobs - Josiah Smith at InQuest
Detection in Depth - Jorge Orchilles at Scythe
- Hugh Aver at Kaspersky
The DeathStalker cyberspy group and its tool set - Kirtar Oza series on memory forensics
- Maarten Goet
Microsoft Threat Protection ‘Jupyter notebook’ #AdvancedHunting sample - MENASEC – Applied Security Research
New Trick to Detect Lateral Movement via Network File Shares - Nextron Systems
Use THOR in CrowdStrike Falcon X Real Time Response - Maximilien Roberti at NVISO Labs
Detecting the sudden appearance of events with ee-outliers and Elasticsearch - Olaf Hartong at Falcon Force
Falcon Friday — Detecting Malicious Browser Extensions and code signing- 0xFF01 - Phil Hagen and Brian Donohue at Red Canary
Ransomware survival guide: A holistic approach to detection and mitigation - Brandon Evans at SANS
Detecting and Locking Down Network-Based Malware in Azure - SentinelOne
Defeating “Doki” Malware and Container Escapes with Advanced Linux Behavioral Detection - Luke Leal at Sucuri Blog
Magento Multiversion (1.x/2.x) Backdoor - Kevin Dick at Tevora
DIY Leaked Credential Search Engine – Part 1 - Posts from TrustedSec
- Diana Lopera at Trustwave SpiderLabs
RATs and Spam: The Node.JS QRAT - Xavier Mertens at /dev/random
Monitoring MISP with Nagios
UPCOMING WEBINARS/CONFERENCES
- Cellebrite
- Paula Januszkiewicz at Cqure Academy
Forensics and Prevention In The New Reality - Kroll
PRESENTATIONS/PODCASTS
- Forensic Lunch
Forensic Lunch 8/28/20 – Willi Ballenthin - Jessica Hyde at Magnet Forensics
Magnet Forensics Presents: Cache Up – Ep.13 – Elan Wright - Kevin Ripa at SANS
- Breaking Badness podcast
58. Worse for Malware - Heather Mahalik at Cellebrite
- Detections Podcast
- Digital Forensic Survival Podcast
DFSP # 236 – Apple FSEvents - Magnet Forensics
- SalvationData
VIP-Main Features-SOP-SalvationDATA DVR Forensics Solution - SANS Institute
The Human Side of Threats: Why it Matters that Adversaries are Human Too | Security Awareness Forum
MALWARE
- Make sure to catch Andy Greenberg’s story at Wired about an employee approached to launch what ended up being a foiled ransomware attack at a Tesla factory in Reno
A Tesla Employee Thwarted an Alleged Ransomware Plot - Mobile spyware research at 360 Core Security
手机色情软件中的“偷拍者” - Keith Chew at Active Countermeasures
Malware of the Day – Saefko - Check Point Research
- CISA Analysis Reports
- Josh Campbell at Cyborg Security
The Rise of Doxware – Capable Ransomware - DannyDodds
Types of Malware - Darcie Gainer at Duo
Case Study: Duo and Umbrella Thwart Malware & Phishing Attacks at Texas A&M - Andrew Davis at FireEye
Emulation of Malicious Shellcode With Speakeasy - Igor Skochinsky at Hex Rays
Igor’s tip of the week #04: More selection! - Fleming Shi at Journey Notes
Threat Spotlight: Ransomware - Kaspersky Lab
- Jagaimo Kawaii at lab52
A twisted malware infection chain - Marco Ramilli
How to Reverse Office Droppers: Personal Notes - Lars at nullteilerfrei
Programmatically NOP the Current Selection in Ghidra - SANS Internet Storm Center
- Sebdraven
RTF Royal Road drops a new backdoor MFC and links with Goblin Panda - Ivan Kwiatkowski, Pierre Delcher, and Maher Yamout at Securelist
Lifting the veil on DeathStalker, a mercenary triumvirate - Rajesh Nataraj at Sophos News
Lemon_Duck cryptominer targets cloud apps & Linux - Mac and mobile teams at Trend Micro
XCSSET Mac Malware: Infects Xcode Projects, Uses 0Days - Emiliano Martinez at VirusTotal Blog
Learn how malware operates so you can defend yourself against it - VMRay
Threat Bulletin: WastedLocker Ransomware - Zero2Automated Blog
DBatLoader/ModiLoader Analysis – First Stage - Atinderpal Singh and Sudeep Singh at ZScaler
LinkedIn Job Seeker Phishing Campaign Spreads Agent Tesla
MISCELLANEOUS
- Andrew Rathbun at AboutDFIR
AboutDFIR Content Update 8/26/2020 - Mark Spencer at Arsenal Recon
Are there dumb questions in digital forensics? - Masashi Crete-Nishihata, Jakub Dalek, Jeffrey Knockel, Nicola Lawford, Caroline Wesley, and Mari Zhou at Citizen Lab on surveillance and censorship
Censored Contagion II: A Timeline of Information Control on Chinese Social Media During COVID-19 - Adrian at ‘Agood cloud’
Upgrading Cortex 3.0.1/ES5.6 to Cortex 3.1.0RC1/ES7.8 - Berla
- Cellebrite
Advocating for the Use of Digital Intelligence - Limor Wainstein at Cybereason
Time for an Upgrade: How to Switch from Symantec to Cybereason - DannyDodds
Types of Attacks - Jimmy Schroering at DME Forensics Inc.
DME’s Development Team - Forensic Focus
- Haydn Johnson at Hackerrolls
Winlogbeat & ELK - Lifars
Advantages of Cyber Incident Retainers - Magnet Forensics
- Expose Evidence of Timestomping with the NTFS Timestamp Mismatch Artifact in Magnet AXIOM 4.4
- Recover iOS App Screen Layouts with the New iOS Home Screen Items Artifact
- Ingesting Web Page Saver Results into Magnet AXIOM
- Exporting URLs from Magnet AXIOM for Use with Web Page Saver
- Creating Export Templates in Magnet AXIOM
- Customize Your Exports with Magnet AXIOM
- MISP
MISP service monitoring with Cacti - Ryan Campbell at ‘Security Soup’
Weekly News Roundup — August 23 to August 29 - Heather Williams at Swimlane
Automating DFIR with SOAR - Thomas Roccia
Security infographics - Trend Micro
Removing Open Source Visibility Challenges for Security Operations Teams - John Patzakis at X1
Intelligent ESI Collection Integrated with Relativity Can Cut eDiscovery Costs by 90 Percent
SOFTWARE UPDATES
- Anomali
Anomali Automation Streamlines Investigations, Eases Threat Intelligence Analyst Workloads - Berla
iVe v3.0 Release - Brim
v0.16.0 - Ciphey
Major bug fixes - Costas K
- Cyber Triage
Cyber Triage 2.13.1: Feedback-Driven Upgrades (See, We Listen!) - Didier Stevens
New Tool: XORSearch.py - Elastic
Alerting and anomaly detection for uptime and reliability - Elcomsoft
Elcomsoft iOS Forensic Toolkit 6.40: iPhone 5 and 5c passcode unlock - ExifTool
ExifTool 12.05 - F-Response
F-Response v 8.0.1.68 Released - Magnet Forensics
- Malwoverview
Malwoverview 4.0.3 - MobilEdit
- MSAB
XRY- First To Market With Support For iOS 14 Plus Bypassing Of Locked LG Qualcomm Devices - Regipy
1.6.2 - Sigma
sigmatools 0.18.1 - Ulf Frisk
Version 3.4
And that’s all for the week! If you think we’ve missed something, or want us to cover something specifically hit us up through the contact page or on the social pipes!