Share the Mic In Cyber is on again, check it out on Twitter!

As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Arsenal Recon
  Revisiting Accessing Protected Content using Windows Domain Controllers and Workstations
  
  
• Ben Eichorst at AWS Security
  How to automate incident response in the AWS Cloud for EC2 instances
  
  
• CCL Group
  IndexedDB on Chromium
  
  
• Cellebrite
  • Join The First Cellebrite Capture the Flag (CTF) Event
  • Accessing Contraband Phone Data—The Key to Fighting Crime in Corrections Facilities
  • How to Use The Portable Case Function in Cellebrite BlackLight
  • How Image Classification Delivers A New Examination Experience in Cellebrite Physical Analyzer
  • Exploring BlackLight 10.2: Timeline, OCR, and Tagging
  • How Digital Intelligence Is Helping Corrections Facilities Overcome Their Digital Data Challenges
  • Looking At Databases With Cellebrite’s SQLite Wizard: Live Demos
    
    
• Elcomsoft
  • The Rise of the Virtual Machines
  • Ruling Out the Encryption
  • Breaking Encrypted Virtual Machines: Recovering VMWare, Parallels, and VirtualBox Passwords
  • iOS Extraction Without a Jailbreak: Finally, Zero-Gap Coverage for iOS 9 through iOS 13.5 on All Devices
  • 13 Years of GPU Acceleration with AMD and NVIDIA
    
    
• Vishva Vaghela at Hacking Articles
  • Forensic Investigation: Disk Drive Signature
  • Forensic Investigation: Pagefile.sys
    
    
• Howard Oakley at ‘The Eclectic Light Company’
  There’s more to files than data: Extended Attributes
  
  
• Jon Baumann at Ciofeca Forensics
  • Revisiting Apple Notes (7): Cloudkit Data
  • Apple Private Wi-Fi Addresses
    
    
• Joshua Hickman at ‘The Binary Hick’
  Android’s external.db – Everything Old Is New Again
  
  
• Magnet CTF
  • Joshua James at Digital Forensic Science
    Magnet CTF Week 2 – URLs in Pictures in Pictures
  • Doug Metz at Baker Street Forensics
    Magnet CTF: Question 2 Solution Walk-Through
  • Jon Baumann at Ciofeca Forensics
    Magnet CTF Week 2: We Don’t Need No Stinking Tools
  • Kevin Pagano at Stark 4N6
    Magnet Weekly CTF (Week 2) – Chrome Artifacts
  • Peter Stewart
    Magnet Weekly CTF – Week 2 – PIP Install
  • Zach Stanford
    Magnet Weekly CTF Challenge Week #2
    
    
• Marcelle
  CTF Challenge Walkthrough: Network Traffic Analysis, 12 Challenges in one PCAP
  
  
• Matteo Redaelli at Forensics Matters
  Simple Forensics imaging with dd, dc3dd & dcfldd
  
  
• Erik Hjelmvik at Netresec
  Honeypot Network Forensics
  
  
• Warlock
  • Around Memory Forensics in 80 Days Part 5— In certain conditions
  • Around Memory forensics in 80 days Part 6 — Total Rekall
    
    
• The DFIR Report
  Ryuk in 5 Hours
  
  
• John Patzakis and Brent Botta at X1
  Facebook Download Your Information Function Omits Significant Amounts of Evidence
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • Beyond good ol’ Run key, Part 130
  • manifest comclass curiosity
    
    
• Brad Duncan at Malware Traffic Analysis
  2020-10-20 – Hancitor infection with something and Cobalt Strike
  
  
• Check Point Software
  • Cloud Threat Hunting: Attack & Investigation Series- Privilege Escalation via Lambda
  • Enhancing Threat Hunting with MITRE ATT&CK
    
    
• Guillaume Couchard, Qimin Wang, and Thiam Loong Siew at F-secure
  Catching Lazarus: Threat Intelligence to Real Detection Logic – Part Two
  
  
• Intel 471
  • Leveraging Intel 471’s Malware Intelligence Data using MISP
  • Global Trickbot disruption operation shows promise
    
    
• Adam Mashinchi at Scythe
  SCYTHE Presents: #ThreatThursday – FIN6
  
  
• Keith Chew at Active Countermeasures
  Malware of the Day – APT1 Virtually There
  
  
• Lifars Cybersecurity
  What Is Cyber Kill Chain Process?
  
  
• Charlie Klein at Logz IO
  Investigate Stormshield & SonicWall Events with Logz.io Cloud SIEM
  
  
• David Middlehurst at MDSec
  Segmentation Vault: Cloning Thick Client Access
  
  
• Jose Luis Rodriguez at MITRE ATT&CK
  Defining ATT&CK Data Sources, Part II: Operationalizing the Methodology
  
  
• Nasreddine Bencherchali
  Windows System Processes — An Overview For Blue Teams
  
  
• Henri Hambartsumyan at Falcon Force
  FalconFriday — DCOM & SCM Lateral Movement — 0xFF05
  
  
• Brad Duncan at Palo Alto Networks
  Wireshark Tutorial: Examining Dridex Infection Traffic
  
  
• Süleyman Özarslan at Picus Security
  How to Simulate and Detect MITRE ATT&CK T1053 Scheduled Task/Job Tachnique: A Real Command used by…
  
  
• Recorded Future
  Banking Web Injects Are Top Cyber Threat for Financial Sector
  
  
• Richard Bejtlich at TaoSecurity
  MITRE ATT&CK Tactics Are Not Tactics
  
  
• Luis Francisco Monge at Security Art Work
  Threat hunting (VI): cazando sin salir de casa. Creando nuestra víctima
  
  
• Gal Kristal at SentinelLabs
  Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
  
  
• Joe at Stranded on Pylos
  Willful Ignorance and Misunderstanding of Threat Intelligence
  
  
• Brandon Wingard and Kyle McClafferty at Trend Micro
  Just leave that Docker API on the front porch, no one will steal it
  
  
• Shrijin Srinivasan at Trustwave SpiderLabs
  Bad Neighbors Can Break Windows (CVE-2020-16898)
  
  
• Vishal Thakur
  By-passing Anti-Malware

UPCOMING WEBINARS/CONFERENCES

• Ryan Ammermann at Cellebrite
  Physical Analyzer: The new consolidated messages format
  
  
• Blue Team Village
  Gray Hat 2020
  
  
• Magnet Forensics
  • Slacking on insider threats? Investigative and monitoring approaches to use within Slack to locate bad actors (October 28 @ 11:00AM ET)
  • The Cost of Ransomware – Part II (October 28 @ 11:30 SGT)
  • On-Scene Triage with Magnet OUTRIDER 2.0 (October 28 @ 10:00AM CET)
  • Tips & Tricks // Download Your Data (October 29 @ 11:00AM ET)
    
    
• MSAB
  The Ecosystem Of Mobile Forensics – Integrated Solutions To Scale Up Your Investigations

PRESENTATIONS/PODCASTS

• Cache Up with Jessica Hyde
  Magnet Forensics Presents: Cache Up – Ep.21 – Shanna Daly
  
  
• Kevin Ripa at SANS
  • Episode 128: Encryption – Part 4
  • Episode 129: Encryption – Part 5
  • Episode 130: Encryption – Part 6 – Hashing
    
    
• The Forensic Lunch with Dave Cowen and Matt Seyer
  Forensic Lunch 10/23/20
  
  
• AccessData
  • Managing Corporate Digital Investigations with AccessData
  • Managing Legal Investigations and E-Discovery with AccessData
  • AccessData International Investigations
  • AccessData Law Enforcement Investigations
  • AccessData Cloud Solutions for Service Providers
  • Hackers vs Hackers: Let friendly hackers help you mitigate evolving security risks.
    
    
• OSDFCon
  Lightning Talks – OSDFCon 2019
  
  
• Black Hills Information Security
  The SOC Age Or, A Young SOC Analyst’s Illustrated Primer | John Strand | 1 Hour
  
  
• Breaking Badness podcast
  64. Why Bugs Produce An Apple of Discord
  
  
• Cellebrite
  • Ask the Expert: Cellebrite BlacKLight – Portable Case by Heather Mahalik
  • Cellebrite BlacKLight Portable Case  – The intuitive way to review case findings
  • Register now to the Connect 2020 Virtual Event!
    
    
• Demux
  October 2020 DVR Examiner “Feature Focus: Webinar: Clip List Filters
  
  
• DFIR.Science
  • DFS101: 9.1 Types of hacking
  • DFS101: 9.2 Malware
  • DFS101: 9.3 Social Engineering
    
    
• Didier Stevens
  strings.py: Pascal strings
  
  
• Digital Forensic Survival Podcast
  DFSP # 244 – Registry Persistence Part 3
  
  
• Karsten Hahn at Malware Analysis For Hedgehogs
  Malware Analysis – Simple Habits to Stop Going Down the Rabbit Hole
  
  
• Lee Reiber’s Forensic Happy Hour
  Oxygen Forensics Episode 132
  
  
• Life has no CTRL ALT DEL with Heather Mahalik
  Live Demo: How To Use SQLite Wizard To Investigate Databases
  
  
• Magnet Forensics
  • Tips & Tricks // Capture & Scan More Data with Even Faster Speed in OUTRIDER 2.0
  • Magnet OUTRIDER Quick Demo
  • Magnet OUTRIDER Overview
  • Magnet Weekly CTF Challenge Week 3
  • New in Magnet AXIOM 4.6: New Mac Artifacts, Portable Case Customizations, and More
  • New in Magnet AXIOM Cyber 4.6: New Mac Artifacts, Portable Case Customizations, and More
  • How To Export Geolocation Data with Magnet AXIOM
    
    
• MITRE
  MITRE ATT&CKcon Power Hour
  
  
• Nuix
  • Nuix Workstation – Q3 2020 Update
  • Nuix Adaptive Security – Q3 2020 Update
  • Nuix Discover – Q3 2020 Update
  • Nuix Enterprise Collection Center – Q3 2020 Update
  • Nuix Investigate – Q3 2020 Update
    
    
• Rendition Infosec
  Communicating Infosec Through Analogy
  
  
• SANS
  • Don’t Miss These Top-Rated SANS Summit Replays
  • Hunting Human Operated Ransomware Operators | 2020 Threat Hunting & Incident Response Summit
  • FOR508: Advanced Incident Response & Threat Hunting
  • The SOC Puzzle: Where Does Threat Hunting Fit? | 2020 Threat Hunting & Incident Response Summit
  • SaaS Hunting | 2020 Threat Hunting & Incident Response Summit
  • You Are the Prize: How to Hire the Right Boss and Employer for a More Fulfilling Career
  • Raising the Tide: Driving Improvement in Security By Being a Good Human | David Bianco
    
    
• The Cyber5
  Episode 29: Building a Threat Intelligence Program in the Finance Industry
  
  
• Security Onion
  Security Onion Conference 2020 recording is now available!

MALWARE

• CERT Polska
  Set up your own malware repository with MWDB Core
  
  
• Flare-On
  • Flare-On 7 Challenge Solutions
  • [Flare-On7] Chal9-crackinstaller write-up
  • [Flare-On7] Chal7-re_crowd write-up (Vie)
  • [Flare-On7] Chal7-re_crowd write-up (Eng)
  • REVERSING WITH IDA FROM SCRATCH (P32)
  • Brief notes on some of the Flare-On 2020 challenges
  • CTF – Flareon7 | Challenge 1 Fidler
  • CTF – Flareon7 | Challenge 2 garbage
  • CTF – Flareon7 | Challenge 3 wednesday
    
    
• Karsten Hahn at G Data Security
  Malware control via smartphone
  
  
• Intezer
  New Threat Intel Features in Intezer Analyze
  
  
• Ram Shankar Siva Kumar and Ann Johnson at Microsoft Security
  Cyberattacks against machine learning systems are more common than you think
  
  
• Paul Cimino
  Customizing Wireshark for malware analysis
  
  
• SANS Internet Storm Center
  • Mirai-alike Python Scanner, (Tue, Oct 20th)
  • File Selection Gaffe, (Sun, Oct 18th)
  • Shipping dangerous goods, (Wed, Oct 21st)
  • BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon, (Thu, Oct 22nd)
  • Russian State-Sponsored APT Actor Compromises U.S. Gov Targets https://us-cert.cisa.gov/ncas/alerts/aa20-296a, (Fri, Oct 23rd)
  • An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1, (Sat, Oct 24th)
    
    
• Securelist
  • GravityRAT: The spy returns
  • Life of Maze ransomware
  • On the trail of the XMRig miner
    
    
• Marco Figueroa at SentinelLabs
  An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
  
  
• Sean Gallagher at Sophos
  LockBit uses automated attack tools to identify tasty targets
  
  
• Luke Leal at Sucuri
  R_Evil WordPress Hacktool & Malicious JavaScript Injections
  
  
• Cyberint
  Emotet Bulletin
  
  
• VMRay
  Malware Analysis Spotlight: Ave_Maria – Automatically Peeling Away the Layers

MISCELLANEOUS

• Andrew Rathbun at AboutDFIR
  AboutDFIR Content Update 10/23/2020
  
  
• Alex Desmond at Cyber Code Bear
  How To Get And Crack Hashes
  
  
• Marco Fontani at Amped
  A Guide to Various Ways of Exporting Results in Amped Authenticate
  
  
• Chris Currier at MSAB
  Safeguard your digital evidence with Faraday bags
  
  
• Dany at Digitella
  Welcome To My Blog!
  
  
• Forensic Focus
  • Training Up Tomorrow’s Cyber Sleuths, Today: Bringing Digital Forensics Programming To Pre-College Students
  • Managing Mountains Of Evidence
  • VFC 5.2 And VFC Mount
  • 25 Days, 25 Questions: Part 3 – Professional Digital Forensics Qualifications In Court
  • Barbara Guttman And Jim Lyle On Confidence In Digital Forensic Results
    
    
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #12: Creating structures with known size
  
  
• iNPUT-ACE
  How To Sync Your Evidence With Timing Offsets
  
  
• John Lukach at Cloud 4n6ir
  Getting Started – AWS Cloud Development Kit
  
  
• Magnet Forensics
  • Magnet AXIOM 4.6 Mac & iOS Artifact Updates
  • Exploring macOS Rebuilt Desktops in Magnet AXIOM
  • The Journey of Getting Started in the Cloud
  • Forensics Fundamentals (AX100) Now Available Online Self-Paced
    
    
• Mark Mo
  Dump password hashes for offline cracking by forcing As-Rep Roasting
  
  
• Jason Solomon at Open Source DFIR
  Deploying GRR to Kubernetes for Incident Response
  
  
• Recon InfoSec
  Recon Launches SOC X
  
  
• SANS Internet Storm Center
  Sooty: SOC Analyst’s All-in-One Tool, (Fri, Oct 23rd)
  
  
• ThinkDFIR
  When did RecentApps go?
  
  
• Vishal Thakur
  Removing PDF Password-Protection

SOFTWARE UPDATES

• iLEAPP
  KML support
  
  
• CCL Group
  ccl_chrome_indexeddb
  
  
• Ciphey
  🐛 Bug fixes and more systems 🥳
  
  
• DeTTECT
  v1.4.1
  
  
• Didier Stevens
  Update: strings.py Version 0.0.5 Pascal Strings
  
  
• Elcomsoft
  • Elcomsoft breaks VMware, Parallels, and VirtualBox encryption
  • Elcomsoft iOS Forensic Toolkit 6.52: plugging the last gap
    
    
• Eric Zimmerman
  Kape Changelog
  
  
• Magnet Forensics
  • Magnet AXIOM 4.6: New Mac Artifacts, Portable Case Customizations, and More
  • Magnet OUTRIDER 2.0: Scan Speed Comparison, Feature Deep Dive & More
    
    
• Mail Xaminer
  • A Brief Guide on Apple Mail Forensics: Data Storage Analysis
  • Concordance DAT File Format – Save Evidence Report Details
    
    
• Metaspike
  Forensic Email Collector (FEC) Changelog
  
  
• OpenText
  Tableau Firmware Update Revision History for 20.4
  
  
• OSForensics
  V8.0 build 1000 22nd October 2020
  
  
• Security Onion
  Security Onion 2.3.1 now available!
  
  
• Velociraptor
  Release 0.5.1
  
  
• Xways
  • X-Ways Forensics 19.9 SR-11
  • X-Ways Forensics 20.0 SR-6
  • X-Ways Forensics 20.1 Preview 9

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!