Share the Mic In Cyber is on again, check it out on Twitter!
As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Arsenal Recon
Revisiting Accessing Protected Content using Windows Domain Controllers and Workstations - Ben Eichorst at AWS Security
How to automate incident response in the AWS Cloud for EC2 instances - CCL Group
IndexedDB on Chromium - Cellebrite
- Join The First Cellebrite Capture the Flag (CTF) Event
- Accessing Contraband Phone Data—The Key to Fighting Crime in Corrections Facilities
- How to Use The Portable Case Function in Cellebrite BlackLight
- How Image Classification Delivers A New Examination Experience in Cellebrite Physical Analyzer
- Exploring BlackLight 10.2: Timeline, OCR, and Tagging
- How Digital Intelligence Is Helping Corrections Facilities Overcome Their Digital Data Challenges
- Looking At Databases With Cellebrite’s SQLite Wizard: Live Demos
- Elcomsoft
- The Rise of the Virtual Machines
- Ruling Out the Encryption
- Breaking Encrypted Virtual Machines: Recovering VMWare, Parallels, and VirtualBox Passwords
- iOS Extraction Without a Jailbreak: Finally, Zero-Gap Coverage for iOS 9 through iOS 13.5 on All Devices
- 13 Years of GPU Acceleration with AMD and NVIDIA
- Vishva Vaghela at Hacking Articles
- Howard Oakley at ‘The Eclectic Light Company’
There’s more to files than data: Extended Attributes - Jon Baumann at Ciofeca Forensics
- Joshua Hickman at ‘The Binary Hick’
Android’s external.db – Everything Old Is New Again - Magnet CTF
- Joshua James at Digital Forensic Science
Magnet CTF Week 2 – URLs in Pictures in Pictures - Doug Metz at Baker Street Forensics
Magnet CTF: Question 2 Solution Walk-Through - Jon Baumann at Ciofeca Forensics
Magnet CTF Week 2: We Don’t Need No Stinking Tools - Kevin Pagano at Stark 4N6
Magnet Weekly CTF (Week 2) – Chrome Artifacts - Peter Stewart
Magnet Weekly CTF – Week 2 – PIP Install - Zach Stanford
Magnet Weekly CTF Challenge Week #2
- Joshua James at Digital Forensic Science
- Marcelle
CTF Challenge Walkthrough: Network Traffic Analysis, 12 Challenges in one PCAP - Matteo Redaelli at Forensics Matters
Simple Forensics imaging with dd, dc3dd & dcfldd - Erik Hjelmvik at Netresec
Honeypot Network Forensics - Warlock
- The DFIR Report
Ryuk in 5 Hours - John Patzakis and Brent Botta at X1
Facebook Download Your Information Function Omits Significant Amounts of Evidence
THREAT INTELLIGENCE/HUNTING
- Adam at Hexacorn
- Brad Duncan at Malware Traffic Analysis
2020-10-20 – Hancitor infection with something and Cobalt Strike - Check Point Software
- Guillaume Couchard, Qimin Wang, and Thiam Loong Siew at F-secure
Catching Lazarus: Threat Intelligence to Real Detection Logic – Part Two - Intel 471
- Adam Mashinchi at Scythe
SCYTHE Presents: #ThreatThursday – FIN6 - Keith Chew at Active Countermeasures
Malware of the Day – APT1 Virtually There - Lifars Cybersecurity
What Is Cyber Kill Chain Process? - Charlie Klein at Logz IO
Investigate Stormshield & SonicWall Events with Logz.io Cloud SIEM - David Middlehurst at MDSec
Segmentation Vault: Cloning Thick Client Access - Jose Luis Rodriguez at MITRE ATT&CK
Defining ATT&CK Data Sources, Part II: Operationalizing the Methodology - Nasreddine Bencherchali
Windows System Processes — An Overview For Blue Teams - Henri Hambartsumyan at Falcon Force
FalconFriday — DCOM & SCM Lateral Movement — 0xFF05 - Brad Duncan at Palo Alto Networks
Wireshark Tutorial: Examining Dridex Infection Traffic - Süleyman Özarslan at Picus Security
How to Simulate and Detect MITRE ATT&CK T1053 Scheduled Task/Job Tachnique: A Real Command used by… - Recorded Future
Banking Web Injects Are Top Cyber Threat for Financial Sector - Richard Bejtlich at TaoSecurity
MITRE ATT&CK Tactics Are Not Tactics - Luis Francisco Monge at Security Art Work
Threat hunting (VI): cazando sin salir de casa. Creando nuestra víctima - Gal Kristal at SentinelLabs
Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow - Joe at Stranded on Pylos
Willful Ignorance and Misunderstanding of Threat Intelligence - Brandon Wingard and Kyle McClafferty at Trend Micro
Just leave that Docker API on the front porch, no one will steal it - Shrijin Srinivasan at Trustwave SpiderLabs
Bad Neighbors Can Break Windows (CVE-2020-16898) - Vishal Thakur
By-passing Anti-Malware
UPCOMING WEBINARS/CONFERENCES
- Ryan Ammermann at Cellebrite
Physical Analyzer: The new consolidated messages format - Blue Team Village
Gray Hat 2020 - Magnet Forensics
- Slacking on insider threats? Investigative and monitoring approaches to use within Slack to locate bad actors (October 28 @ 11:00AM ET)
- The Cost of Ransomware – Part II (October 28 @ 11:30 SGT)
- On-Scene Triage with Magnet OUTRIDER 2.0 (October 28 @ 10:00AM CET)
- Tips & Tricks // Download Your Data (October 29 @ 11:00AM ET)
- MSAB
The Ecosystem Of Mobile Forensics – Integrated Solutions To Scale Up Your Investigations
PRESENTATIONS/PODCASTS
- Cache Up with Jessica Hyde
Magnet Forensics Presents: Cache Up – Ep.21 – Shanna Daly - Kevin Ripa at SANS
- The Forensic Lunch with Dave Cowen and Matt Seyer
Forensic Lunch 10/23/20 - AccessData
- Managing Corporate Digital Investigations with AccessData
- Managing Legal Investigations and E-Discovery with AccessData
- AccessData International Investigations
- AccessData Law Enforcement Investigations
- AccessData Cloud Solutions for Service Providers
- Hackers vs Hackers: Let friendly hackers help you mitigate evolving security risks.
- OSDFCon
Lightning Talks – OSDFCon 2019 - Black Hills Information Security
The SOC Age Or, A Young SOC Analyst’s Illustrated Primer | John Strand | 1 Hour - Breaking Badness podcast
64. Why Bugs Produce An Apple of Discord - Cellebrite
- Demux
October 2020 DVR Examiner “Feature Focus: Webinar: Clip List Filters - DFIR.Science
- Didier Stevens
strings.py: Pascal strings - Digital Forensic Survival Podcast
DFSP # 244 – Registry Persistence Part 3 - Karsten Hahn at Malware Analysis For Hedgehogs
Malware Analysis – Simple Habits to Stop Going Down the Rabbit Hole - Lee Reiber’s Forensic Happy Hour
Oxygen Forensics Episode 132 - Life has no CTRL ALT DEL with Heather Mahalik
Live Demo: How To Use SQLite Wizard To Investigate Databases - Magnet Forensics
- Tips & Tricks // Capture & Scan More Data with Even Faster Speed in OUTRIDER 2.0
- Magnet OUTRIDER Quick Demo
- Magnet OUTRIDER Overview
- Magnet Weekly CTF Challenge Week 3
- New in Magnet AXIOM 4.6: New Mac Artifacts, Portable Case Customizations, and More
- New in Magnet AXIOM Cyber 4.6: New Mac Artifacts, Portable Case Customizations, and More
- How To Export Geolocation Data with Magnet AXIOM
- MITRE
MITRE ATT&CKcon Power Hour - Nuix
- Rendition Infosec
Communicating Infosec Through Analogy - SANS
- Don’t Miss These Top-Rated SANS Summit Replays
- Hunting Human Operated Ransomware Operators | 2020 Threat Hunting & Incident Response Summit
- FOR508: Advanced Incident Response & Threat Hunting
- The SOC Puzzle: Where Does Threat Hunting Fit? | 2020 Threat Hunting & Incident Response Summit
- SaaS Hunting | 2020 Threat Hunting & Incident Response Summit
- You Are the Prize: How to Hire the Right Boss and Employer for a More Fulfilling Career
- Raising the Tide: Driving Improvement in Security By Being a Good Human | David Bianco
- The Cyber5
Episode 29: Building a Threat Intelligence Program in the Finance Industry - Security Onion
Security Onion Conference 2020 recording is now available!
MALWARE
- CERT Polska
Set up your own malware repository with MWDB Core - Flare-On
- Flare-On 7 Challenge Solutions
- [Flare-On7] Chal9-crackinstaller write-up
- [Flare-On7] Chal7-re_crowd write-up (Vie)
- [Flare-On7] Chal7-re_crowd write-up (Eng)
- REVERSING WITH IDA FROM SCRATCH (P32)
- Brief notes on some of the Flare-On 2020 challenges
- CTF – Flareon7 | Challenge 1 Fidler
- CTF – Flareon7 | Challenge 2 garbage
- CTF – Flareon7 | Challenge 3 wednesday
- Karsten Hahn at G Data Security
Malware control via smartphone - Intezer
New Threat Intel Features in Intezer Analyze - Ram Shankar Siva Kumar and Ann Johnson at Microsoft Security
Cyberattacks against machine learning systems are more common than you think - Paul Cimino
Customizing Wireshark for malware analysis - SANS Internet Storm Center
- Mirai-alike Python Scanner, (Tue, Oct 20th)
- File Selection Gaffe, (Sun, Oct 18th)
- Shipping dangerous goods, (Wed, Oct 21st)
- BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon, (Thu, Oct 22nd)
- Russian State-Sponsored APT Actor Compromises U.S. Gov Targets https://us-cert.cisa.gov/ncas/alerts/aa20-296a, (Fri, Oct 23rd)
- An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1, (Sat, Oct 24th)
- Securelist
- Marco Figueroa at SentinelLabs
An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques - Sean Gallagher at Sophos
LockBit uses automated attack tools to identify tasty targets - Luke Leal at Sucuri
R_Evil WordPress Hacktool & Malicious JavaScript Injections - Cyberint
Emotet Bulletin - VMRay
Malware Analysis Spotlight: Ave_Maria – Automatically Peeling Away the Layers
MISCELLANEOUS
- Andrew Rathbun at AboutDFIR
AboutDFIR Content Update 10/23/2020 - Alex Desmond at Cyber Code Bear
How To Get And Crack Hashes - Marco Fontani at Amped
A Guide to Various Ways of Exporting Results in Amped Authenticate - Chris Currier at MSAB
Safeguard your digital evidence with Faraday bags - Dany at Digitella
Welcome To My Blog! - Forensic Focus
- Training Up Tomorrow’s Cyber Sleuths, Today: Bringing Digital Forensics Programming To Pre-College Students
- Managing Mountains Of Evidence
- VFC 5.2 And VFC Mount
- 25 Days, 25 Questions: Part 3 – Professional Digital Forensics Qualifications In Court
- Barbara Guttman And Jim Lyle On Confidence In Digital Forensic Results
- Igor Skochinsky at Hex Rays
Igor’s tip of the week #12: Creating structures with known size - iNPUT-ACE
How To Sync Your Evidence With Timing Offsets - John Lukach at Cloud 4n6ir
Getting Started – AWS Cloud Development Kit - Magnet Forensics
- Mark Mo
Dump password hashes for offline cracking by forcing As-Rep Roasting - Jason Solomon at Open Source DFIR
Deploying GRR to Kubernetes for Incident Response - Recon InfoSec
Recon Launches SOC X - SANS Internet Storm Center
Sooty: SOC Analyst’s All-in-One Tool, (Fri, Oct 23rd) - ThinkDFIR
When did RecentApps go? - Vishal Thakur
Removing PDF Password-Protection
SOFTWARE UPDATES
- iLEAPP
KML support - CCL Group
ccl_chrome_indexeddb - Ciphey
🐛 Bug fixes and more systems 🥳 - DeTTECT
v1.4.1 - Didier Stevens
Update: strings.py Version 0.0.5 Pascal Strings - Elcomsoft
- Eric Zimmerman
Kape Changelog - Magnet Forensics
- Mail Xaminer
- Metaspike
Forensic Email Collector (FEC) Changelog - OpenText
Tableau Firmware Update Revision History for 20.4 - OSForensics
V8.0 build 1000 22nd October 2020 - Security Onion
Security Onion 2.3.1 now available! - Velociraptor
Release 0.5.1 - Xways
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 