As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Paul Masek at 4sysops
  Using the Convert-EventLogRecord function alongside the Get-WinEvent PowerShell cmdlet to search Windows event logs
  
  
• Acelab
  The PC-3000 Mobile: the Support of Per-File Encryption for the F2FS File System
  
  
• Korstiaan Stam at Cloud Response
  CyberDefenders – Series (Malware Traffic Analysis 3 – Packet Analysis)
  
  
• Patrick Bennett at CrowdStrike
  UAL Thank Us Later: Leveraging User Access Logging for Forensic Investigations
  
  
• Forensafe
  • Investigating Task Scheduler
  • Investigating Windows Update Log
  • Investigating Windows 10 Timeline
    
    
• Forensic-Research
  Registry Hive File Structure Analysis
  
  
• Mike Cohen at Velocidex
  Verifying executables on Windows
  
  
• Peter Stewart
  Hack The Box – Marshal in the Middle (Forensics Challenge)
  
  

THREAT INTELLIGENCE/HUNTING

• Bill Stearns at Active Countermeasures
  Upgrading to the New Default Whitelist
  
  
• Adam at Hexacorn
  • Shopping for LOLbins
  • KillBit legacy – in search for  ActiveX Lolbins
    
    
• Adepts of 0xCC
  Don’t use commands, use code: the tale of Netsh & PortProxy
  
  
• Vitali Kremez & Yelisey Boguslavskiy at Advanced Intelligence
  From QBot…with REvil Ransomware: Initial Attack Exposure of JBS
  
  
• Anomali
  Anomali Cyber Watch: TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations, Necro Python Bots Adds New Tricks, US Seizes Domains Used by APT29 and More
  
  
• Check Point Research
  • 7th June – Threat Intelligence Report
  • The Ultimate Guide to 2020 MITRE ATT&CK® Evaluations
  • Check Point Software´s May 2021 Most Wanted Malware: Dridex Drops from List While Trickbot Rises to Top
    
    
• Cisco’s Talos
  • Intelligence-driven disruption of ransomware campaigns
  • Quarterly Report: Incident Response trends from Spring 2021
  • Threat Roundup for  June 4 to June 11
    
    
• Cofense
  • Linktree Abused to Send Phishing Links
  • Cofense TAP Program Still Setting the Standard for Threat Intelligence Five Years After Launching the Program
    
    
• CrowdStrike
  • CrowdStrike Falcon Scores 100% Protection in AV-Comparatives Real-World Protection Test (March-April 2021)
  • Another Brick in the Wall: eCrime Groups Leverage SonicWall VPN Vulnerability
  • Index-Free Logging: Are Indexes Necessary — or Simply Overhead?
  • CrowdStrike Falcon Protects Customers from Recent COZY BEAR Sophisticated Phishing Campaign
    
    
• Csaba Fitzl at ‘Theevilbit’
  macOS Monterey Shortcuts – First look
  
  
• Cyble
  Ransomware Attacks Trends – May 2021 Snapshot
  
  
• Dave Klein at Cymulate
  Ransomware’s Tipping Point for the US Government and Private Sector
  
  
• Chad Anderson at DomainTools
  Cloud Atlas Navigates Us Into New Waters
  
  
• Jess Garcia at DS4N6
  [BLOG]  Threat Hunting with AI – Part 5 – Detecting the Solarwinds Malicious Scheduled Task with an Autoencoder, by  Jess Garcia
  
  
• Apoorva Joshi, Disha Dasgupta, Justin Ibarra, and Craig Chamberlain at Elastic
  ProblemChild: Generate alerts to detect living-off-the-land attacks
  
  
• Esentire
  Popular Remote Access Trojan Identified Through Threat Hunting Activities
  
  
• Flashpoint
  Compromised Credentials: Analyzing the 2021 Verizon DBIR and Its Most Sought-After Data Type
  
  
• Nikita Rostovcev at Group-IB
  Big airline heist: APT41 likely behind massive supply chain attack
  
  
• Henri Hambartsumyan ​at Falcon Force
  FalconFriday — AzureAD Edition— 0xFF11
  
  
• Huntress
  • Discovering a Ransomware Remedy in the Wild
  • How Are Hackers Sneaking Past Your Automated Systems?
    
    
• Scythe
  • SCYTHE Presents: SCYTHE & ATT&CK Navigator
  • SCYTHE Presents: The Real Costs of Ransomware: Direct Costs
    
    
• Cesar Anjos at Sucuri
  Password Attacks 101
  
  
• Malwarebytes Labs
  • TrickBot indictment reveals the scale and complexity of organized cybercrime
  • Russia accused of hacking Dutch police during MH17 investigation
    
    
• Microsoft 365 Security
  • Hunting in ETW Providers and Security event logs with Azure Data Explorer
  • Exfiltrating data by transfering it to the cloud with Azcopy
    
    
• Mike at ØSecurity
  Finding Unusual PowerShell with Frequency Analysis
  
  
• Morphisec
  Security News In Review: REvil Attacks Nuclear Contractor Sol Oriens
  
  
• Nasreddine Bencherchali
  Understanding & Detecting C2 Frameworks — BabyShark
  
  
• Nextron Systems
  Analyze VMware ESX Systems with THOR Thunderstorm
  
  
• Melanie Ninovic at ParaFlare
  Vulnerability Management via OSQuery 
  
  
• Axel F at Proofpoint
  Ransom DDoS Extortion Actor “Fancy Lazarus” Returns
  
  
• Daniel Smith at Radware
  Are Decade-Old DoS Tools Still Relevant in 2021?
  
  
• Jeffrey Gardner at Rapid7
  Kill chains: Part 2→Strategic and tactical use cases
  
  
• Recorded Future
  The Importance of Threat Intelligence for Law Enforcement Agencies
  
  
• Red Alert
  Monthly Threat Actor Group Intelligence Report, April 2021
  
  
• Gavin Matthews at Red Canary
  Testing Linux runtime threat detection tools
  
  
• RiskIQ
  • The Sysrv-hello Cryptojacking Botnet: Here’s What’s New
  • This is How Your Attack Surface May Be Larger and More Exposed Than You Think
  • Microsoft Exchange is a Global Vulnerability. Patching Efforts Reveal Regional Inconsistencies 
    
    
• SANS
  • BloodHound – Sniffing Out the Path Through Windows Domains
  • The Five Most Dangerous New Attack Techniques
    
    
• SANS Internet Storm Center
  • Amazon Sidewalk: Cutting Through the Hype, (Mon, Jun 7th)
  • Architecture, compilers and black magic, or “what else affects the ability of AVs to detect malicious files”, (Wed, Jun 9th)
  • Keeping an Eye on Dangerous Python Modules, (Fri, Jun 11th)
  • Are Cookie Banners a Waste of Time or a Complete Waste of Time?, (Thu, May 20th)
  • Fortinet Targeted for Unpatched SSL VPN Discovery Activity, (Sat, Jun 12th)
    
    
• Sebdraven
  TA428 behind Operation Lagtime: the following of IceFog ?
  
  
• SentinelLabs
  ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op
  
  
• SentinelOne
  When JBS Met REvil Ransomware | Why We Need to Beef Up Critical Infrastructure Security
  
  
• Sophos
  Relentless REvil, revealed: RaaS as variable as the criminals who use it
  
  
• SpecterOps
  • BloodHound versus Ransomware: A Defender’s Guide
  • Proxy Windows Tooling via SOCKS
    
    
• Joshua Platt and Jason Reaves at Walmart
  Inside the SystemBC Malware-As-A-Service
  
  
• WeLiveSecurity
  • BackdoorDiplomacy: Upgrading from Quarian to Turian
  • Gelsemium: When threat actors go gardening
    
    

UPCOMING EVENTS

• Cellebrite
  • Part 1: Disclosure of Evidence in Prosecution Briefs
  • Part 2: Telecommunication Data in Evidence: Use and Admissibility
  • Part 3: Cloud Access – What’s it all About?
  • Part 4: Digital Evidence & Investigative Management
    
    
• Cybereason
  Webinar: Live Ransomware Attack Simulation
  
  
• Erik Hjelmvik at Netresec
  Network Forensics Classes for EU and US
  
  
• Angelina Derajtys at SANS
  SANS 2021 Visibility Report
  
  
• Securizame
  • PLAN DE FORMACIÓN HÍBRIDO DE DFIR Y ANÁLISIS FORENSE SEP-DIC 2021
  • PAGOS FRACCIONADOS PARA LOS PACKS DE HACKING ÉTICO Y ANÁLISIS FORENSE 2021
    
    

PRESENTATIONS/PODCASTS

• Cache Up with Jessica Hyde
  Magnet Forensics Presents: Cache Up – Ep.54 – Stephen Boyce
  
  
• AhmedS Kasmani
  Malware Analysis: Agent Tesla Part 2/2 Final Payload Analysis
  
  
• Archan Choudhury at BlackPerl
  • INCIDENT RESPONSE TRAINING FREE || Fast, Easy SIEM Installation || Day 7
  • Practical SIEM Tutorial- Send Logs, Install Parsers, Create Log sources, Alerts, Regex | Day 8
    
    
• Black Hills Information Security
  • BHIS | Talkin’ Bout News 2021-06-07
  • SPECIAL WEBCAST | New Wave of Ransomware Attacks: How did this happen? | John Strand
    
    
• Breaking Badness podcast
  88. The Bearer of Bad News
  
  
• Bret Witt
  SOC111 EventID: 42 (Traffic to Malware Domain) [Jan. 30, 2021, 5:25 p.m.]
  
  
• Cellebrite
  • A New Tool for Examining Video Files
  • Investigations and Examinations from an Intel Perspective
  • Chat Capture: Collect Data from Android Devices
  • CLBX – a new file format for full file system extractions
  • How to surface evidence faster with the new activity sensor graphs in Cellebrite Physical Analyzer.
    
    
• Chewing the FAT
  Episode 2
  
  
• Cisco’s Talos
  Talos Takes Ep. #56: The first security steps you should take when you return to the office
  
  
• Cyber Security Interviews
  #118 – Nato Riley: Reinvent Reality and Reinvent the World
  
  
• Cybereason
  Malicious Life Podcast: Inside the DarkSide Colonial Pipeline Attack
  
  
• Day Cyberwox
  • Cybersecurity Homelab: Configuring Windows Server for Active Directory
  • Cybersecurity Homelab: Adding a User to an Active Directory Domain
    
    
• Detection: Challenging Paradigms
  Episode 10: Season 1 Finale
  
  
• Didier Stevens
  ssdeep Python Example Based On My Templates
  
  
• DuMp-GuY TrIcKsTeR
  • Volatility3 Output Formatting Trick in PS
  • Advanced Memory Forensics (Windows) – Threat_Hunting and Initial Malware_Analysis [part1]
    
    
• FIRST
  In Depth Review of SailfishOS Forensic Artifacts
  
  
• Gerald Auger at Simply Cyber
  Learning OSINT from the BOSS (Joe Gray Interview)
  
  
• Hurricane Labs
  Security, Machine Learning, and Splunk
  
  
• John Hubbard at ‘The Blueprint podcast’
  John Hubbard: Key lessons and takeaways from Blueprint Season 2 + A Special Announcement!
  
  
• Matthew Toussain
  OSINT | Breach Data KNOWS You!
  
  
• ParaFlare
  • Cyber Security vs. Cyber Resilience…there is a difference
  • Active Defence: The importance of cyber operations
    
    
• Rapid7
  [Security Nation] Jeff Man on Mapping the MITRE ATT&CK Framework Against PCI
  
  
• SANS
  • Mobile Validation – Working together for the Common Good
  • SANS Threat Analysis Rundown
  • Ransomware – Pagar ou não pagar? – Especialistas debatem
  • Ransomware: ¿se paga o no se paga? – Los expertos debaten
  • Infosec Snake Wrangling:  Intro to Python – SANS New to Cyber Summit
    
    
• Security Conversations
  Michael Laventure, threat detection and response, Netflix
  
  

MALWARE

• G Data Security
  • Malware Hides in Steam Profile Images
  • Malware family naming hell is our own fault
    
    
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #43: Annotating the decompiler output
  
  
• John Hammond
  Information Stealer – Malware Analysis (PowerShell to .NET)
  
  
• Mahmoud Morsy
  • Phishing Attacks 8_6_2021
  • Phishing Attacks 10_6_2021
    
    
• McAfee Labs
  Are Virtual Machines the New Gold for Cyber Criminals?
  
  
• MWLab
  DarkSide Ransomware
  
  
• Jennifer Fernick at NCC Group Research
  Research Paper – Machine Learning for Static Malware Analysis, with University College London
  
  
• Palo Alto Networks
  • TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint
  • Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
  • Prometheus Ransomware Gang: A Group of REvil?
    
    
• Securelist
  • Gootkit: the cautious Trojan
  • PuzzleMaker attacks with Chrome zero-day exploit chain
    
    

MISCELLANEOUS

• 3CORESec
  DTECTI🔍N.IO is open for business
  
  
• Belkasoft
  • New #BelkaCTF is coming: Meet The Boss!
  • Belkasoft X supports iOS 14.6 acquisition
  • Belkasoft is proud to be nominated to the finals of Forensic 4:cast Awards 2021
    
    
• Maxim Suhanov at BI.Zone
  Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader
  
  
• Brett Shavers
  Well, I didn’t see that coming…
  
  
• Cellebrite
  • Cellebrite Announces First Quarter 2021 Results
  • Investigative Analytics – It’s The Right Time to Move to the Cloud
    
    
• Craig Ball at ‘Ball in your Court’
  Is Pinpoint the Future of eDiscovery?
  
  
• Forensic Focus
  • Grayshift At TechnoSecurity Myrtle Beach 2021
  • Video: Improve Digital Forensic Capabilities With Nuix
  • Live Webinar: Optimizing Search Filters In Nuix Investigate
  • Nuix Offers Solutions In Response To NPCC Digital Forensic Science Strategy
    
    
• Jesse Spangenberger at Cyber Fēnix Tech
  Techno Security & Digital Forensics Conference – MBSC – June 6-9, 2021
  
  
• John Lukach at Cloud 4n6ir
  Incident Response as Code Bootstrap
  
  
• Josh Brunty
  • Forensic 4:Cast 2021 Mentor of the year Finalist- Thank You!
  • Thoughts on Atomic Habits (Chapters 4-8)
    
    
• Ken Pryor
  Training! Cyber5W, CyberDefenders and more
  
  
• Kevin Beaumont at DoublePulsar
  The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t…
  
  
• Kim Zetter at ‘Zero Day’
  Negotiating Ransoms: When to Play and When to Fold
  
  
• Lukasz Olszewski at Cyberush
  ‘Motive – Opportunity – Impunity’ cycle shapes the cybersecurity threat landscape for years
  
  
• Marco Fontani at Amped
  How Can I Convert an Unplayable Video from CCTV whilst keeping the Best Quality?
  
  
• Mike Dickinson at MSAB
  • Raven – Portable solution for immediate frontline extractions
  • Raven – Bringing speed and efficiency to frontline practitioners
    
    
• Oxygen Forensics
  See What the Ring Video Doorbell Sees
  
  
• Patrick J. Siewert at ‘Pro Digital Forensic Consulting’
  Three FAQs About Digital Forensics as a Service
  
  
• Sandfly Security
  Sandfly Now Available for Free at Digital Ocean
  
  
• Sophie Bovy at Secureworks
  Cyber Incident Response Preparation – A Ransomware Use Case
  
  

SOFTWARE UPDATES

• Binalyze
  • New in Binalyze AIR v1.7.50: Enriched Timeline with CSV import
  • Binalyze AIR Release Notes 1.7.50
  • Binalyze AIR Release Notes 1.7.45 (RC)
    
    
• Ciphey
  General cleanup + new look
  
  
• Didier Stevens
  • New Tool: ssdeep.py
  • Update: Python Templates Version 0.0.5
    
    
• DME Forensics
  DVR Examiner Version 3.0.4
  
  
• DME Forensics
  DVR Examiner 3.0.3 is now available!
  
  
• Eric Zimmerman
  ChangeLog
  
  
• ExifTool
  ExifTool 12.27
  
  
• Foxton Forensics
  Browser History Examiner — Version History
  
  
• Jaron Bradley at The Mitten Mac
  MonitorUI Tool Release
  
  
• Jim Clausing
  Update: mac-robber.py, (Sun, Jun 13th)
  
  
• Malwoverview
  Malwoverview 4.4.0.2
  
  
• MISP
  MISP 2.4.144 released (Document all the things!)
  
  
• Nextron Systems
  THOR 10.6.8 TechPreview with ETW Watcher to Detect CobaltStrike Beacons
  
  
• Nir Sofer
  View the history of plugged USB drives on Windows 10
  
  
• Open Source DFIR
  Plaso 20210606 released
  
  
• OSForensics
  V8.0 build 1008 7th June 2021
  
  
• radare2
  5.3.1
  
  
• Smart Projects
  IsoBuster 4.8 Beta released
  
  
• Ulf Frisk
  MemProcFS Version 4.1
  
  
• Velociraptor
  Release 0.6.0 RC1
  
  
• Xways
  • X-Ways Forensics 20.0 SR-13
  • X-Ways Forensics 20.1 SR-11
  • X-Ways Forensics 20.2 SR-4
  • X-Ways Forensics 20.3 Beta 2
    
    

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!