As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Amber Schroader at Paraben Corporation
TikTok Smartphone Evidence - Marco Fontani at Amped
How Can I View and Show the Date and Time of a CCTV Video File? - Amr
Chapter 7 – Registry Analysis - Chris Vance at ‘D20 Forensics’
- Oleg Afonin at Elcomsoft
- Forensafe
- Forensic-Research
[논문리뷰] MS 워드의 RSID 분석을 통한 문서파일 이력 추적 기법 연구 - InfoSec Write-ups
- Joshua Hickman at ‘The Binary Hick’
Corroboration. That Is All. - Mairi’s Constant
Dissecting the AD1 File Format - Mike Cohen at Velocidex
Carving $USN journal entries - Oxygen Forensics
Everything you need to know about Android extraction via OxyAgent - Daniel Eden at ParaFlare
A Defender’s Perspective of SSL VPN Exploitation - Radhwan Alshammari
Decrypting Signal DB for Android - Walid Haddad
Practical Windows Forensics
THREAT INTELLIGENCE/HUNTING
- Hannah Cartier at Active Countermeasures
Malware of the Day – Who Started This? Threat Hunting Meets SIEM - Vitali Kremez & Yelisey Boguslavskiy
The Rise & Demise of Multi-Million Ransomware Business Empire - Alex Teixeira
SIEM Hyper Queries: introduction, current detection methods (part I/II) - Andrea Fortuna at ‘So Long, and Thanks for All the Fish’
How “Process Ghosting“ works - Andy Piazza
CTI 101 Student Handout - Anomali
Anomali Cyber Watch: TeamTNT Expand Its Cryptojacking Footprint, PuzzleMaker Attack with Chrome Zero-day, NoxPlayer Supply-Chain Attack Likely The Work of Gelsemium Hackers and More - Azure Sentinel
- Ben Martin at Sucuri
Malicious Redirects Through Bogus Plugin - Anton Medvedev and Vadim Khrykov at BI.Zone
Hunting Down MS Exchange Attacks. Part 2 (CVE-2020–0688, CVE-2020–16875, CVE-2021–24085) - Brian Laskowski at Blumira
How To Test Antivirus and EDR Software: A Complete Guide - Brad Duncan at Malware Traffic Analysis
- BushidoToken
SharePoint Island Hopping: Phishing with compromised accounts - Check Point Research
- Cisco’s Talos
Threat Roundup for June 11 to June 17 - CrowdStrike
- Cyber Threat Intelligence Training Center
- Cybereason
- Cyble
Trends in Phishing Attacks and the Industries Commonly Targeted - Jess Garcia at DS4N6
[BLOG] Threat Hunting with AI – Part 6 – Detecting the Solarwinds Malicious Scheduled Task with a LSTM Autoencoder, by Jess Garcia - EclecticIQ
Threat Actors Continually Expand and Evolve Tools, Techniques, and Associations with Other Groups - James Spiteri at Elastic
Adversary emulation with Prelude Operator and Elastic Security - Eric Ooi
Zeekurity Zen – Part VIII: How to Send Zeek Logs to Elastic - GuidePoint Security
Nuclear Weapons Contractor Attack & Kubernetes Malware: Cybersecurity Week in Review—06/07/21 - Dmitry Melikov at InQuest
PCode Pushing AveMaria - Jason Ostrom at Infosec Writeups
Build, Hack, and Defend Azure Identity - Scythe
- Amr Thabet at MalTrak
COM Object P.3: C&C and Lateral Movements - Malwarebytes Labs
- McHugh Security
- MDSec
Bypassing Image Load Kernel Callbacks - Microsoft 365 Security
How to exfiltrate data over (s)FTP? - NCC Group Research
- Nextron Systems
Use YARA math Module Extension in THOR TechPreview and THOR Lite - Jose Rodriguez at Open Threat Research
Simulating Cobalt Strike Beacon Activity - Richard Hickman at Palo Alto Networks
Conti Ransomware Gang: An Overview - Proofpoint
- Recorded Future
- Matt Graeber and Sarah Lewis at Red Canary
Diary of a Detection Engineer: Babysitting child processes - Jean Maes at Red Team Tips
Click your shortcut and… you got pwned. - RiskIQ
Bit2check: Stolen Card Validation Service Illuminates A New Corner of the Skimming Ecosystem - SANS Internet Storm Center
- Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more, (Tue, Jun 15th)
- June 2021 Forensic Contest, (Wed, Jun 16th)
- Network Forensics on Azure VMs (Part #2), (Fri, Jun 18th)
- Network Forensics on Azure VMs (Part #1), (Thu, Jun 17th)
- Open redirects … and why Phishers love them, (Fri, Jun 18th)
- Easy Access to the NIST RDS Database, (Sat, Jun 19th)
- Secjuice
Blue Team Detection: DarkSide Ransomware - Secureworks
Hades Ransomware Operators Use Distinctive Tactics and Infrastructure - Resha Chheda & Dave Getman at SentinelOne
Customize Your EDR To Adapt To Your Environment With SentinelOne Storyline Active Response (STAR) - Shantanu Khandelwal
Firebase Domain Front – Hiding C2 as App traffic - Sally Adam at Sophos
The State of Ransomware in Government 2021 - Will at SpecterOps
Certified Pre-Owned - Tetra Defense
Ransomware Round-Up: May 2021 - PhishLabs
Credential Theft, O365 Lures Dominate Corporate Inboxes in Q1 - Howie Xu at ZScaler
2021 “Exposed” Report – An Exposé on the True Corporate Network Attack Surface
UPCOMING EVENTS
- Cyborg Security
Shining light on the darkside – pt. 3 - Dan Fernandez at DomainTools
Data Quality Makes your Security Operations SOAR - Griffeye
Webinar: How to discover critical leads faster with the integrated CameraForensics tool - OSDFCon
OSDFCon 2021 voting for presentations - Recorded Future
RaaS and the Rise of the Ransomware Extortion Ecosystem
PRESENTATIONS/PODCASTS
- Cache Up with Jessica Hyde
Magnet Forensics Presents: Cache Up – Ep.55 – Dominique Calder - Archan Choudhury at BlackPerl
Incident Response Documentary- Trailer | Story of SOC - Breaking Badness
89. The Game Is Up - Bret Witt
- Cellebrite
- Cisco’s Talos
Talos Takes Ep. #57: A ransomware-as-a-service explainer - Cyber Security Interviews
#119 – Jenna Waters: This Is My Team - Cybereason
Malicious Life Podcast: China’s Unrestricted Cyberwarfare Part 3 - Day Cyberwox
- Digital Forensic Survival Podcast
- Elan Wright at ‘DFIR Diva’
Getting Into the DFIR Field - FIRST
- Florian Roth
Detection and Response Roles - Gerald Auger at Simply Cyber
- Justin Tolman at AccessData
FTK Feature Focus – Episode 14 – System Summary Tab - Magnet Forensics
Acquiring Publicly Available Instagram Information - MalwareAficionado
Malware Analysis Fundamentals: Strings & Things - MSAB
- Paraben Corporation
Removing iOS Backup Encryption Passcode E3 - SANS Institute
- Slow the Revolving Door of Talent. Creative Ways to Keep Your Existing Cyber Talent in Your Org
- Hands-On Learning: How and Why You Should Build a Home Lab
- How to Get Experience When You Have No Experience
- Help Wanted: Cracking the Code of Cybersecurity Job Postings – SANS New to Cyber Summit
- I Want to Work in Cybersecurity…Whatever That Means! – SANS New to Cyber Summit
- Blockchain Mining History And Process – A Preview of SEC554
- WolfCast
WolfCast – Episode 02 – Recruitment – The Land of Expectations
MALWARE
- 360 Core Security Technology
PJobRAT:针对印度军事人员的间谍软件 - Fernando Martinez at AlienVault Labs
Malware hosting domain Cyberium fanning out Mirai variants - Martin Chlumecký at Avast Threat Labs
DirtyMoe: Introduction and General Overview of Modularized Malware - Brandon George at Binary Defense
Analysis of Hancitor – When Boring Begets Beacon - Blaze’s Security
Digital artists targeted in RedLine infostealer campaign - Colin Hardy
JavaScript Malware – Tips to analyse tricky JS code using Retefe malware - Cyble
Banking Trojan Variant Spreading Through Android App - Tyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson, and Jordan Nuce at Fire Eye Threat Research
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise - John Ferrell at Huntress
ThreatOps Analysis: Keyed Malware - Igor Skochinsky at Hex Rays
Igor’s tip of the week #44: Hex dump loader - Ryan Robinson at Intezer
Klingon RAT Holding on for Dear Life - Ayan Saha at Keysight
Empire C2 – Networking into the Dark Side - Mahmoud Morsy
- Marco Ramilli
The Allegedly Ryuk Ransomware builder: #RyukJoke - Jeff White and Kyle Wilhoit at Palo Alto Networks
Matanbuchus: Malware-as-a-Service with Demonic Intentions - Objective-See
- Securelist
- Security Art Work
Análisis campaña Emotet - Antonio Pirozzi at SentinelLabs
Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets - Andrew Brandt at Sophos
Vigilante malware rats out software pirates while blocking ThePirateBay - Trend Micro
- VMRay
Malware Analysis Spotlight: SocialPhish (and its Anti-Social Use of Phishing Templates)
MISCELLANEOUS
- Andrew Rathbun at AboutDFIR
AboutDFIR Content Update 6/19/2021 - Brandon Lee at 4sysops
Hysolate: Isolate risky end-user activities in a virtual machine - Aoife Anderson at Tines
How we Demonstrate our Cybersecurity Community Spirit - Yulia Samoteykina at Atola
Imaging Presets: create optimal imaging routines and share them with colleagues - Binalyze
- Manny Kressel at Bitmindz
BitMindz and Nuix – Custom Hardware for Maximum Performance - Cellebrite
- Faith Opiyo at CyberSecFaith
My GIAC Certified Forensic Analyst (GCFA) Experience - Elan at DFIR Diva
I Participated in a Trace Labs CTF – Now I’m Hooked on OSINT - Esentire
10 Hot Incident Response Companies To Watch In 2021 - Forensic Focus
- Amped FIVE Training From Amped Software
- Nuix Technology Hailed As ‘The Way Forward’ To Improve Police Forensic Capability
- Investigating Video Evidence Training For Investigators
- Keep The Integrity Of Your Mobile Evidence
- Delivering Cyber Resilience With Enterprise Forensics
- MSAB Launches New Rapid Triage Extraction Solution For Immediate Actionable Intel In The Field
- AD Enterprise 7.4.2 From AccessData
- Ian Gillespie at Hurricane Labs
Local jQuery Setup in Splunk - Josh Brunty
- Derek Rowe at LMG Security
After the Ransom was Paid: The Groundbreaking Events following the Colonial Pipeline Ransomware Attack - Mattia Zignale
pfSense first install and configuration - Duncan Bradley at OpenText
How to handle chat data in eDiscovery and investigations - Passware
What’s the Best GPU for Password Recovery: AMD 6900 XT or NVIDIA RTX 3090? - Ryan Campbell at ‘Security Soup’
- SANS
- Protecting Against Ransomware – From the Human Perspective
- Top 5 ICS Incident Response Tabletops and How to Run Them
- SANS 2021 Threat Report
- 2021 Verizon Data Breach Incident Report Insights
- Slow the Revolving Door of Talent
- SANS DFIR Summit 2021 – Top 10 Summit improvements you must know
- Computer Security Resources
- Securizame
- Michael Kavka at Silicon Shecky
Ransomware, Are You Ready? - Teri Radichel
Apple Macintosh Network Traffic - The Leahy Center for Digital Forensics & Cybersecurity
DFIR: A New Scope
SOFTWARE UPDATES
- Cerbero
Cerbero Suite 4.8 is out! - Didier Stevens
Update: 1768.py Version 0.0.7 - Elcomsoft
- KAPE
1.0.0.2 2021-06-15 - Eric Zimmerman
ChangeLog - Erik Hjelmvik at Netresec
NetworkMiner 2.7 Released - IntelOwl
maintenance release - MemProcFS-Analyzer
MemProcFS-Analyzer v0.3 - Mihari
v3.0.1 - Ryan Benson at dfir.blog
Metasploit URLs, Hash Lookups, & More in Unfurl v2021.06.15 - Xways
X-Ways Forensics 20.3 Beta 2b
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 
One thought on “Week 25 – 2021”