As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Andrea Fortuna at ‘So Long, and Thanks for All the Fish’
How to extract sysdiagnose logs for forensic purposes on iOS - Basis Technology
Intro to DFIR: The Divide and Conquer Process (3 hours) - Joshua James at Digital Forensic Science
Hex editors and data structures - Elcomsoft
- James Duffy
Apple Mail – A Forensic Insight - Joshua Hickman at ‘The Binary Hick’
New Android Image Available. This One Goes to 11! - Marco Neumann at ‘Be-binary 4n6’
- Oxygen Forensics
Oxygen Forensic Maps Gives Investigators Control Over Time Zones - The DFIR Report
Ryuk’s Return
THREAT INTELLIGENCE/HUNTING
- Chris Brenton at Active Countermeasures
Fixing Bro/Zeek’s Long Connection Detection Problem - Alex Verboon at ‘Anything about IT’
Monitoring Service principal sign-ins with AzureAD and Azure Sentinel - Anton Chuvakin
Why is Threat Detection Hard? - Aon
Into Defray - Azure Sentinel
- Brad Duncan at Malware Traffic Analysis
- Adrian Kress at Compass Security
Evading Static Machine Learning Malware Detection Models – Part 1: The Black-Box Approach - Alex Kirk at Corelight
Beating alert fatigue with integrated data - CyCraft Technology Corp
Taiwan Government Targeted by Multiple Cyberattacks in April 2020 - Fatih Ozavci
TA505+ Adversary Simulation - Adam Johnston at DFIR Madness
Attribution and Threat Hunting, the Missing Steps After an Incident - Jorge Orchilles at Scythe
SCYTHE Presents: #ThreatThursday – SlothfulMedia - Nasreddine Bencherchali
A Deep Dive Into RUNDLL32.EXE - Nik Alleyne at ‘Security Nik’
- Security On The Cheap – Beginning Elastic Stack – Installing Elastic 7.9 on Ubuntu 20.04
- Security On The Cheap – Beginning Elastic Stack – Installing Kibana 7.9 on Ubuntu 20.04
- Security On The Cheap – Beginning Elastic Stack – Providing Basic Security to Elastic and Kibana 7.9 communication on Ubuntu 20.04
- Beginning Elastic – Installing and Providing Basic Security to Metricbeat – Elastic Stack 7.9 on Ubuntu 20.04
- Beginning Elastic – Installing and Providing Basic Security to Auditbeat – Elastic Stack 7.9 on Ubuntu 20.04
- Beginning Elastic – Installing and Providing Basic Security to Filebeat – Elastic Stack 7.9 on Ubuntu 20.04
- Beginning Elastic – Installing, Configuring and Providing Basic Security to Packetbeat – Elastic Stack 7.9 on Ubuntu 20.04
- Security On The Cheap – Beginning Elastic – Installing and Providing Basic Security to Winlogbeat – Elastic Stack 7.9 on Ubuntu 20.04
- NVISO Labs
MITRE ATT&CK turned purple – Part 1: Hijack execution flow - Oktay Yildiz at Binalyze
New SOC Approach: Automated Incident Response - Henri Hambartsumyan at Falcon Force
FalconFriday — Evasive LOLBINs and burning the CACTUSTORCH — 0xFF04 - Palo Alto Networks
- Sandor Tokesi at Forensics Exchange
Find your prey – as a threat hunter - Scott Piper at ‘Summit Route’
Public dataset of Cloudtrail logs from flaws.cloud - Security Art Work
UPCOMING EVENTS
- Cellebrite
Exploring New Features with BlackLight 10.2 - MSAB
- Nik Alleyne at ‘Security Nik’
SANS Stay Sharp series – Looking to further sharpen your TShark knowledge? - Passware
Webinar: Passware 2020 and Decryptum
PRESENTATIONS/PODCASTS
- Cache Up with Jessica Hyde
Magnet Forensics Presents: Cache Up – Ep.19 – Jad Saliba - Kevin Ripa at SANS
- The Forensic Lunch with Dave Cowen and Matt Seyer
Forensic Lunch 10/9/20 - AccessData
What’s New with FTK® 7.4? - Archan Choudhury at BlackPerl
Understanding Windows Event Logs | Digital Forensics Case Study| Windows Event Forensics- Part2 - OSDFCon 2019
Tools for Cloud Examination – OSDFCon 2019 – Daniel White and Thomas Chopitea - BlackBag Technologies
Imaging a Mac with a T2 Security Chip - Breaking Badness podcast
62. IoT Has Come Home to Roast - Cellebrite
- Joshua James at DFIR.Science
- Kirtar Oza
DFIR Mussings – Episode 1 - Lee Reiber’s Forensic Happy Hour
Oxygen Forensics Episode 130 - Life has no CTRL ALT DEL with Heather Mahalik
- Magnet Forensics
Magnet Weekly CTF Challenge Week #1 - Matthew Toussain
Tactics Tuesday | Bash History Tricks - MSAB
New release: Top 5 features in XRY 9.2, XAMN 5.2 and XEC 6.1 - NTCore
Analyzing Windows Kernel Crash Dumps in 45 Seconds - Nuix
Taking Back the Host – State of the Art Endpoint Detection and Investigation - Secureworks
Tools and Techniques for Threat Hunting and Threat Research - Sumuri
RECON LAB: Highlighted User Counts - Virus Bulletin
VB2020 localhost is over, but the content is still available to view!
MALWARE
- 360 Netlab
HEH Botnet, 一个处于开发阶段的 IoT P2P Botnet - Alexander Jäger
malicious-attachment-analysis-script to Timesketch with colab jupyter - Bitdefender Labs
- Alex Holland at Bromium
Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks - Warren Mercer, Paul Rascagneres and Vitor Ventura at Cisco’s Talos
PoetRAT: Malware targeting public and private sector in Azerbaijan evolves - Dylan Duncan and Max Gannon at Cofense
Trump COVID-19 Diagnosis Leveraged in Campaigns - Intezer
Emotet Evolves but Code Remains Mostly the Same - Pavel Shoshin at Kaspersky Lab
Malware delivery through UEFI bootkit with MosaicRegressor - Malwarebytes Labs
- Marco Ramilli
How To Unpack Malware: Personal Notes - Dinesh Venkatesan at Microsoft Security
Sophisticated new Android malware marks the latest evolution of mobile ransomware - Nasreddine Bencherchali
BAT Downloader to Keylogger Technical Analysis — Part 1 - Ghanashyam Satpathy at Netskope
You Can Run, But You Can’t Hide: Detecting Malicious Office Documents - Nathaniel Quist at Palo Alto Networks
Black-T: New Cryptojacking Variant from TeamTnT - Paul Melson
Analysis of MaliciousMacroMSBuild & Cobalt Strike Stager - Proofpoint
Employer21: Targeting Teachers with Ransomware Disguised as Class Assignments - Proofpoint
Employer21: Targeting Teachers with Ransomware Disguised as Class Assignments - SANS Internet Storm Center
- Denis Legezo at Securelist
MontysThree: Industrial espionage with steganography and a Russian accent on both sides - Sucuri
- Telsy
Operation “Space Race”: reaching the stars through professional Social Networks - ZScaler
MISCELLANEOUS
- Andrew Rathbun at AboutDFIR
- Lori Tyler at AccessData
Document review can be overwhelming. Quin-C 7.4 isn’t. - Chris Crowley at ‘Risk, Failure, Survival’
2020 CyberDefense Summit - Rachel Goddard at Cyan Forensics
Celebrating Our 4th Birthday - Brendan Mccreesh
Combine Excel Worksheets into One Excel Workbook - Doug Metz at Baker Street Forensics
- Forensic Focus
- How To Use Optical Character Recognition In Oxygen Forensic Detective
- How To Analyze Data From Azure VMs In Magnet AXIOM Cyber
- Image And Video Analysis For Mobile Phone Investigations
- How To Extract WhatsApp Data By App Downgrade Extraction Method
- 25 Days, 25 Questions: Part 2 – Professional Digital Forensics Qualifications
- Igor Skochinsky at Hex Rays
Igor’s tip of the week #10: Working with arrays - Howard Oakley at ‘The Eclectic Light Company’
- Input-Ace
- Magnet Forensics
- Mary Ellen Kennel at DFIRLinks
Home - Patrick J. Siewert at Pro Digital Forensic Consulting
2020 Key Influencers in DFIR - Harley Geiger at Rapid7
Ransomware Payments and Sanctions – U.S. Treasury Advisory - Kelley Wilds at Recon InfoSec
Recon Launches Network Defense Range (NDR) Live Online - Richard Bejtlich at TaoSecurity
Greg Rattray Invented the Term Advanced Persistent Threat - Richard Frawley at ADF
Prepare Evidence Collection Keys for a Digital Forensic Investigation - Lauren Cochenour at VTO Labs
VTO Tips & Tricks: White it out - ZecOps
ZecOps for Mobile DFIR 2.0 – Now Supporting iOS *AND* Android
SOFTWARE UPDATES
- AccessData
FTK Imager Version 4.5 - Ciphey
New Ciphers + Bug Fixes - Didier Stevens
Update: oledump.py Version 0.0.54 - Elcomsoft
- Eric Zimmerman
ChangeLog - Metaspike
Forensic Email Collector v3.52 - MSAB
New release: XRY 9.2, XAMN 5.2 and XEC 6.1 - Open Source DFIR
Plaso 20201007 released
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 
Great readiing your blog
LikeLike