As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Chris at AskClees
  SQLite Databases at hex level
  
  
• Craig Ball at ‘Ball in your Court’
  The Metadata Vanishes
  
  
• DFIR Review
  • How Android Bluetooth Connections Can Determine if a Driver had Their Hands on the Wheel During an Accident
  • Can Google Takeout Location Data Be Trusted?
  • How to Use iOS Bluetooth Connections to Solve Crimes Faster
  • Can You Track Processes Accessing the Camera and Microphone on Windows 10?
    
    
• Marcelo Caiado
  Desafios e oportunidades na perícia digital
  
  
• Didier Stevens
  oledump Indicators
  
  
• Magnet Forensics Weekly CTF
  • Magnet Weekly CTF Challenge Week 7
  • Magnet CTF Week 6 – Riddle ELFs
  • Magnet CTF Week 6: ELFant hunting
  • Magnet Weekly CTF (Week 6) – Error Codes
  • Magnet Weekly CTF – Week 6 – The Elephant in the Room
    
    
• Melissa at Sketchymoose’s Blog
  Windows Subsystem for Linux: Finding the Penguin
  
  
• Alexander Jäger at Open Source DFIR
  Sigma in Timesketch – let’s rule the sketch
  
  
• Warlock
  Exploring the Hive — Deep Inside the Window Registry
  
  
• Tetra Defense
  Cause and Effect: WastedLocker Ransomware Analysis
  
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • When good URLs are bad for business
  • Commander Minority Report
  • Re-sauce, Part 2
    
    
• Azure Sentinel
  • How to export data from Splunk to Azure Sentinel
  • Using the VirusTotal V3 API with MSTICPy and Azure Sentinel
    
    
• Brad Duncan at Malware Traffic Analysis
  2020-11-20 – TA551 (Shathak) Word docs with Japanese template push IcedID
  
  
• BushidoToken
  Analysis of the threats targeting Point of Sale systems
  
  
• Corelight
  • Who’s your fridge talking to at night?
  • Small, fast and easy. Pick any three.
    
    
• Dragos
  November Dragos Knowledge Pack: The Latest Industrial Threat and Device Data
  
  
• David Blanton at Expel
  Introducing a mind map for AWS investigations
  
  
• Riccardo Ancarani at F-secure
  Detecting Cobalt Strike Default Modules via Named Pipe Analysis
  
  
• Antonis Terefos and Anne Postma at Fox-IT
  TA505: A Brief History Of Their Time
  
  
• Vijay at Hacking Articles
  AlienVault: Threat Hunting/Network Analysis
  
  
• Intel 471
  Ransomware-as-a-service: The pandemic within a pandemic
  
  
• Jorge Orchilles at Scythe
  SCYTHE Presents: #ThreatThursday – Bersek Bear
  
  
• Olaf Hartong at Falcon Force
  FalconFriday
  
  
• Keith Mccammon at Red Canary
  Breaking down the modern security operations center
  
  
• RiskIQ
  A New Grelos Skimmer Reflects the Depth and Murkiness of the Magecart Ecosystem
  
  
• John Althouse at Salesforce Engineering
  Easily Identify Malicious Servers on the Internet with JARM
  
  
• Katie Nickels at SANS
  SANS Threat Analysis Rundown Recap: The Return of UNC1878
  
  
• Securelist
  Advanced Threat predictions for 2021
  
  
• G Data
  Criminal Activities in Times of a Global Pandemic
  
  
• Andrew Brandt at Sophos
  Sophos’ 2021 threat report highlights a path forward
  
  
• Cesar Anjos at Sucuri
  Evasive Maneuvers in Data Stealing Gateways
  
  
• Threat Hunting SE
  • windows Task Scheduler trustability challenges
  • Hornet’s Nest: A six-in-one malware
    
    
• Vicente Díaz at VirusTotal
  Why is similarity so relevant when investigating attacks
  
  

UPCOMING EVENTS

• Belkasoft
  Learn Belkasoft X with Belkasoft’s CEO
  
  
• Cellebrite
  • UFED Beginners’ Tour
  • Technical Webinar: Image Classification
  • More than a Makeover: MacQuisition is now Digital Collector
    
    
• Magnet Forensics
  November 23 12:00PM GMT: Demo: Investigating with Magnet AXIOM
  
  
• Red Siege Information Security
  SiegeCast: Unpacking the Packet
  
  
• Techno Security & Digital Forensics Conference Myrtle Beach
  Call for papers
  
  

PRESENTATIONS/PODCASTS

• Cache Up with Jessica Hyde
  Magnet Forensics Presents: Cache Up – Ep.25 – Brian Moran
  
  
• Kevin Ripa at SANS
  • 3MinMax – Episode 140: Encryption – Part 16 – Non Repudiation
  • Episode 141: Encryption – Part 17 – Full Encryption Circle
  • 3MinMax – Episode 142: Encryption – Part 18 – Diffie Hellman Key Exchange 1
    
    
• Andreas Sfakianakis at ‘Tilting at windmills’
  SANS CTI Summit 2020 Video Recording
  
  
• Basis Technology
  • Open Source Digital Forensics Conference (#OSDFCon)
  • OSDFCon 2020 – Autopsy Module Competition Videos
    
    
• Black Hills Information Security – YouTube
  BHIS | Talkin’ Bout News 2020-11-19
  
  
• Breaking Badness podcast
  67. A Pain in the RaaS
  
  
• Cellebrite
  • Ask the Expert: Accessing Locked Samsung Devices and Third-Party App Data – by Gil Kaminker
  • iCloud Extraction
  • Media classification in Cellebrite Physical Analyzer
  • How To Use Media Classification In Cellebrite Physical Analyzer
    
    
• Chris Sienko at the Cyber Work podcast
  Influencing security mindsets and culture
  
  
• DFIR.Science
  • DFS101: 12.1 International Nature of Cybercrime
  • DFS101: 12.2 Current State of International Cooperation
    
    
• Digital Forensic Survival Podcast
  DFSP # 248 – Searchsploit
  
  
• Lee Reiber’s Forensic Happy Hour
  Oxygen Forensics Episode 135
  
  
• Richard Davis at 13Cubed
  Plaso and WSL 2 – The WSL Adventures Continue…
  
  
• SANS
  • External Threat Hunters are Red Teamers | 2020 Threat hunting & Incident Response Summit
  • Threat Hunting and the Platypus – Why Information Modeling is Essential, yet Challenging
  • Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
  • Becoming a CISO: Leading Transformation
  • SANS Cyber Security Foundations Course
    
    
• Virus Bulletin
  • VB2020 presentation: Another threat actor day…
  • VB2020 presentation: Ramsay: a cyber-espionage toolkit tailored for air-gapped networks
    
    

MALWARE

• 360 Netlab
  • Blackrota, 一个Go开发的高度混淆的后门
  • MooBot on the run using another 0 day targeting UNIX CCTV DVR
    
    
• Victor Vrabie at Bitdefender Labs
  A Detailed Timeline of a Chinese APT Espionage Attack Targeting South Eastern Asian Government Institutions
  
  
• Cisco’s Talos
  • Nibiru ransomware variant decryptor
  • Back from vacation: Analyzing Emotet’s activity in 2020
    
    
• Cybereason
  • Novel Chaes Malware Underscores Heightened E-Commerce Risk This Holiday Season
  • Cybereason vs. MedusaLocker Ransomware
    
    
• Didier Stevens
  Decrypting With translate.py
  
  
• Andrew Oliveau, Alyssa Rahman, and Brett Hawkins at Fire Eye Threat Research
  Purgalicious VBA: Macro Obfuscation With VBA Purging
  
  
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #16: Cross-references
  
  
• Shusei Tomonaga at JPCERT/CC
  ELF_PLEAD – Linux Malware Used by BlackTech
  
  
• Kate at 360 Total Security
  360 File-less Attack Protection Intercepts the  Banker Trojan BBtok Active in Mexico
  
  
• Malwarebytes Labs
  Malsmoke operators abandon exploit kits in favor of social engineering scheme
  
  
• Daniel Smith at Radware
  • The Issue & Impact of Malspam in the U.S. Elections
  • The U.S. Government’s Response to Election-Related Cyber Threats
  • Did Nation-State Attacks Impact the U.S. Elections?
    
    
• Robert Simmons at ReversingLabs
  PoorWeb – Hitching a Ride on Hangul
  
  
• SANS Internet Storm Center
  • PowerShell Dropper Delivering Formbook, (Thu, Nov 19th)
  • oledump’s ! Indicator, (Sun, Nov 15th)
  • Malicious Python Code and LittleSnitch Detection, (Fri, Nov 20th)
    
    
• Jim Walter at SentinelLabs
  Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative
  
  
• Scutum
  • Emotet trojan -My first malware analysis report
  • Reversing Ardamax keylogger
    
    
• Jessica Ellis at The PhishLabs Blog
  Ransomware Groups Break Promises, Leak Data Anyway
  
  
• Abraham Camba, Bren Matthew Ebriega, and Gilbert Sison at Trend Micro
  Weaponizing Open Source Software for Targeted Attacks
  
  
• VMRay
  Malware Analysis Spotlight: AZORult Delivered by GuLoader
  
  
• Anton Cherepanov and Peter Kálnai at WeLiveSecurity
  Lazarus supply‑chain attack in South Korea
  
  
• Wrongbaud
  Introduction to Reverse Engineering with Ghidra: A Four Session Course
  
  

MISCELLANEOUS

• Andrew Rathbun at AboutDFIR
  • Updated Blog Post: My Take on Preparing for GIAC Certification Exams
  • AboutDFIR Content Update 11/21/2020
    
    
• Agari
  • DKIM for Email: What It Is,  How It Works, and How to Add It
  • DMARC: 5 Keys to Success
    
    
• Andrea Fortuna at ‘So Long, and Thanks for All the Fish’
  FAMA: Forensic Analysis For Mobile Apps
  
  
• Brett Shavers at DFIR Training
  Which way to DFIR Street?
  
  
• Cellebrite
  • New Solutions For Accessing Locked Samsung Devices and Third-Party App Data
  • Reimagining Policing 2025 – A Road Map for the Future
  • How To Use Media Classification In Cellebrite Physical Analyzer
  • Going Virtual: A Look Back At Cellebrite’s Annual “Connect Global Summit 2020”
    
    
• Chris Sanders
  Dissertation – Subject Application
  
  
• Jimmy Schroering at DME Forensics
  User Interface Testing
  
  
• Elan at DFIR Diva
  My Experience With Recon Infosec’s NDR Training
  
  
• Elcomsoft
  • Mobile Forensics – Advanced Investigative Strategies
  • Elcomsoft vs. Hashcat Part 1: Hardware Acceleration, Supported Formats and Initial Configuration
    
    
• Dennis Goodlett at Hurricane Labs
  R2con 2020 Review
  
  
• Aleksandar Milenkoski at Insinuator
  Microsoft Office Telemetry: Report Release
  
  
• Magnet Forensics
  • New Mobile Features and Artifacts in Magnet AXIOM and AXIOM Cyber 4.7
  • Virtual Training and a TAP Can Help You Get the Most from Your Cases
    
    
• Marco Fontani at Amped
  A Short Guide to Choosing the Right Export Format For Your Images and Videos: Part 1
  
  
• Rhea Jethvani at Project Cyber
  Ransomware Attacks & Their Impact on a COVID-19 World–By Teen Project Cyber Writer Rhea Jethvani
  
  
• Richard Frawley at ADF
  • Mobile Preview: Fast Mobile Phone Forensic Triage | Digital Forensics
  • Mobile Preview Forensic Triage & ADF New Computer Forensic Features
    
    
• Ryan Campbell at ‘Security Soup’
  Weekly News Roundup — November 8 to November 14
  
  
• SANS
  • Instructor Spotlight: Ryan Nicholson, SEC488 Author
  • Cyber42 Cybersecurity Leadership Simulation Games
  • AWS Network Firewall: More Than Just Layer 4
  • Instructor Spotlight: Brandon Evans, SEC510 Lead Author
    
    
• Kelsey Segrue at TrustedSec
  An Update On Non-Aggressive Reporting
  
  
• Volatility Labs
  The 2020 Volatility Plugin Contest results are in!
  
  

SOFTWARE UPDATES

• Adam at Hexacorn
  DeXRAY 2.25 update
  
  
• Belkasoft
  Belkasoft X is released!
  
  
• Brian Kellogg
  Reg Hunter
  
  
• Didier Stevens
  Update: oledump.py Version 0.0.55
  
  
• Eric Zimmerman
  ChangeLog
  
  
• Magnet Forensics
  Support the Latest iOS and Android Devices with Magnet AXIOM 4.7 & Magnet AXIOM Cyber 4.7
  
  
• Passware
  What’s New video on Passware Kit Forensic 2020 v4 release
  
  
• Sandfly Security
  Sandfly 2.8.0 – Agentless Active Attack Response for Linux
  
  
• Security Onion
  Security Onion 2.3.10 now available!
  
  
• Andy Robbins at SpecterOps
  Introducing BloodHound 4.0: The Azure Update
  
  
• TheHive Project
  It’s not Patch Friday… TheHive 4.0.2 released
  
  
• Timesketch
  20201120
  
  
• Xways
  X-Ways Forensics 20.1 Beta 1c
  
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!