As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Forensafe
  • Investigating LastVisitedMRU
  • Investigating Google Drive
    
    
• InfoSec Write-ups
  Autopsy Walkthrough Tryhackme
  
  
• Kevin Pagano at Stark 4N6
  Google Duo – Android & iOS Forensic Analysis
  
  
• Microsoft 365 Security
  DFIR: Windows and Active Directory Attacks and Persistence
  
  
• Doug Burks at Security Onion
  • Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-03
  • Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-02
  • Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-27
  • Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-01
    
    
• The DFIR Report
  BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
  
  

THREAT INTELLIGENCE/HUNTING

• 3CORESec
  Detection as Code (DaC) challenges – Introducing Automata
  
  
• Anomali
  Anomali Cyber Watch: LockBit ransomware, Phony Call Centers Lead to Exfiltration and Ransomware, VBA RAT using Double Attack Vectors, and More
  
  
• Austin Songer at ‘Songer Tech’
  Process Injection: Reflective DLL Injection
  
  
• Azure Sentinel
  • What’s new: ASIM File Activity schema
  • What’s new: Watchlists templates are now in public preview!
    
    
• Brad Duncan at Malware Traffic Analysis
  • 2021-08-05 – AZORult distributed through malspam
  • 2021-07 – Traffic Analysis Exercise – Dualrunning
    
    
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 31 luglio – 06 agosto 2021
  
  
• Check Point
  • 2nd August – Threat Intelligence Report
  • Protecting SMBs Against Kaseya Supply Chain, Zero Day, and Ransomware Attacks
  • Amazon Kindle Vulnerabilities could have led Threat Actors to Device Control and Information Theft
    
    
• Cisco’s Talos
  • Threat Source newsletter (Aug. 5, 2021)
  • Threat Roundup for July 30 to August 6
    
    
• CrowdStrike
  PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity
  
  
• Csaba Fitzl at ‘Theevilbit’
  Beyond the good ol’ LaunchAgents – 19 – Periodic Scripts
  
  
• Tim Helming at DomainTools
  Announcing the DomainTools Domain Discovery Feed
  
  
• Dragos
  • Value of PLC Key Switch Monitoring to Keep Critical Systems More Secure
  • Lessons Learned From Examining More Than a Decade of Public ICS/OT Exploits
    
    
• Henri Hambartsumyan at Falcon Force
  FalconFriday — Detecting important data destruction by ransomware — 0xFF15
  
  
• Flashpoint
  Disgruntled Conti Affiliate Leaks Ransomware Training Documents
  
  
• Gianni Castaldi at Kusto King
  Hunting for unsigned drivers, like Printer Nightmare
  
  
• Group-IB
  • The Art of Cyberwarfare
  • Prometheus TDS
  • It’s alive!
    
    
• InfoSec Write-ups
  • Introduction to TShark
  • How to monitor packet flow using the TCPDUMP
  • Ransomware Attack
    
    
• Michael Koczwara
  • Covenant C2 quick setup on Windows
  • Cobalt Strike Hunting — Malleable C2 jQuery profile & rundll32 Analysis
    
    
• Microsoft Security
  • How to manage a side-by-side transition from your traditional SIEM to Azure Sentinel
  • Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft
    
    
• Orange
  • A New Attack Surface on MS Exchange Part 2 – ProxyOracle!
  • A New Attack Surface on MS Exchange Part 1 – ProxyLogon!
    
    
• Penetration Testing Lab
  Universal Privilege Escalation and Persistence – Printer
  
  
• Denis Kuvshinov and Daniil Koloskov at Positive Technologies
  APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
  
  
• Recorded Future
  Protect Against BlackMatter Ransomware Before It’s Offered
  
  
• Tony Lambert and Brian Donohue at Red Canary
  When Dridex and Cobalt Strike give you Grief
  
  
• SANS Internet Storm Center
  • procdump Version 10.1, (Sun, Aug 1st)
  • Unsolicited DNS Queries, (Sat, Jul 31st)
  • Changing BAT Files On The Fly, (Mon, Aug 2nd)
  • Three Problems with Two Factor Authentication, (Tue, Aug 3rd)
  • Is this the Weirdest Phishing (SMishing?) Attempt Ever?, (Tue, Aug 3rd)
  • Malicious Microsoft Word Remains A Key Infection Vector, (Fri, Aug 6th)
  • Pivoting and Hunting for Shenanigans from a Reported Phishing Domain, (Wed, Aug 4th)
  • MALWARE Bazaar “Download daily malware batches”, (Sat, Aug 7th)
    
    
• Secureworks
  • Detecting Cobalt Strike: Government-Sponsored Threat Groups
  • Detecting Cobalt Strike: Cybercrime Attacks
  • Detecting Cobalt Strike: Penetration Testers
    
    
• Security Investigation
  • Detecting and Preventing a Silver Ticket Attack
  • IDS vs IPS : Key Differences , Rule Structure , Pros and Cons
  • Investigation of the Malware Persistence on Defragmented Disk
  • RITA – Real Intelligence Threat Analytics for Network Traffic Analysis
    
    
• SentinelOne
  HiveNightmare | Protecting Windows 10 Security Account Manager Against CVE-2021-36934
  
  
• Symantec Enterprise
  Critical Infrastructure Organizations in South East Asia Targeted in Espionage Campaign
  
  
• Trend Micro
  • Browser Notification Spam Tricks Clicks for Ad Revenue
  • Supply Chain Attacks from a Managed Detection and Response Perspective
    
    
• Siddarth Sharma at Uptycs
  Cryptominer ELFs Using MSR to Boost Mining Process
  
  
• Vicente Díaz at VirusTotal
  Introducing ‘Known Distributors’
  
  

UPCOMING EVENTS

• Ryan Ammermann at Cellebrite
  Cellebrite Physical Analyzer Review: Frequently Asked Questions
  
  
• Cybereason
  Webinar: DeadRinger – Exposing Chinese Threat Actors Targeting Major Telcos
  
  
• Magnet Forensics
  • August 11 11:30AM Australian Eastern Standard Time // New Approaches to Digital Forensics Investigations
  • August 11 11:00AMET // Digital Forensics and the Enterprise Cloud: A Panel Discussion
    
    
• The 5th International Workshop on Big Data Analytic for Cyber Crime Investigation and Prevention
  Program of the Workshop 2021
  
  
• Virus Bulletin
  VB2021 localhost call for last-minute papers
  
  
• Vishal Thakur
  2021 CTF — Reverse Engineering Malicious Code
  
  

PRESENTATIONS/PODCASTS

• AGDC Services
  How To Quickly Unpack Qbot Loader Malware
  
  
• Archan Choudhury at BlackPerl
  Your Security Operations Career is at RISK, Operationalize MITRE ATT&CK NOW, Day 10
  
  
• Black Hills Information Security
  • DevOps for Hackers with Hands-On Labs w/ Ralph May (4-Hour Workshop)
  • BHIS | Talkin’ Bout [infosec] News 2021-08-02
  • Talkin’ About Infosec News – 8/4/2021
  • Admin’s Nightmare: Combining HiveNightmare/SeriousSAM and AD CS Attack Path’s for Profit
    
    
• Bret Witt
  DFIR – Infection with Cobalt Strike
  
  
• Cellebrite
  What’s New with xLEAPP?
  
  
• Chris Sienko at the Cyber Work podcast
  How to become a cybersecurity threat intelligence professional | Cyber Work Podcast
  
  
• Cisco’s Talos
  • Beers with Talos, Ep. #108: Kaseya it ain’t so
  • Talos Takes Ep: #63: Shield your eyes from the Solarmarker
    
    
• Day Cyberwox
  Journey To Cyber Threat Analyst at 19 (Without a College Degree)
  
  
• DEFCON
  • DEF CON 29 – Orange Tsai – ProxyLogon Just Tip of the Iceberg, New Attack Surface on Exchange Server
  • DEF CON 29 – Jenko Hwong – New Phishing Attacks Exploiting OAuth Authentication Flows
  • DEF CON 29 – Jacob Baines – Bring Your Own Print Driver Vulnerability
  • DEF CON 29 – Matthew Bryant – Hacking G Suite: The Power of Dark Apps Script Magic
    
    
• Digital Forensic Survival Podcast
  DFSP # 285 – Linux Malware Triage
  
  
• Dump-Guy Trickster
  Finding Vulnerability in PE parsing tool – NEVER trust tool you didn´t write by your own
  
  
• Eric and Mark at ‘Forensics and Beer’
  • What is Digital Forensics?
  • The Forensics Image
    
    
• Gerald Auger at Simply Cyber
  • DEFCON29 (Soft Open With Streamlabs OBS)
  • The Need for Skills-Based Training
  • Exploring the Dark Arts of “Crypto” Currency
    
    
• Justin Tolman at AccessData
  FTK Feature Focus – Episode 21 – Customizing the Interface
  
  
• Lee Whitfield at Forensic 4cast
  We Didn’t Start DFIR
  
  
• Magnet Forensics
  • Tips & Tricks // Comparing iOS Logical vs. Full File System Extractions
  • Introduction to Magnet AXIOM
    
    
• Malwarebytes Labs
  Disaster planning with Lesley Carhart, and the slim chance of a critical infrastructure “big one”: Lock and Code S02E14
  
  
• Mathias Fuchs at CyberFox
  Forensic quick wins in ransomware cases
  
  
• Leon Jacobs at Orange Cyberdefense
  blackhat_defcon_virtual_vegas_2021.zip
  
  
• Rapid7
  [The Lost Bots] Episode 2: Extended Detection and Response (XDR)
  
  
• SANS
  • A Visual Summary of SANS Security Awareness Summit 2021
  • SANS+HBCU | Black Leaders in Cyber with Lt. Kimberly Young-McLear, Fellow at CISA
  • SANS+HBCU | Black Leaders in Cyber with Darold Kelly, Jr. Black Cybersecurity Association leader
  • SANS+HBCU | Black Leaders in Cyberwith Toni Benson – Deputy Associate Director CDET, CISA
  • SANS+HBCU | Transition to Cyber: Betting on Self with Christine Morency
  • HIPAA With Two A’s
  • Vulnerability Management Water Cooler Chat
  • #ShareTheMicInCyber and SANS:  From Speaking Opportunities to Faculty Positions
  • SANS+HBCU Cyber Academy Celebration with Norfolk State University
    
    
• This Month In 4n6
  This Month In 4n6 – July – 2021
  
  

MALWARE

• 0day in {REA_TEAM}
  [QuickNote] MountLocker – Some pseudo-code snippets
  
  
• 360 Netlab
  威胁快讯：TeamTNT新变种通过ELF打包bash脚本，正通过Hadoop ResourceManager RCE 传播
  
  
• Ofer Caspi and Javi Ruiz at AlienVault Labs
  New sophisticated RAT in town: FatalRat analysis
  
  
• Blackberry
  Threat Thursday: Don’t Let njRAT Take Your Cheddar
  
  
• Cofense
  • Threat Actors Utilize Google Translate Feature for Phish
  • Office 365: Phishing Variant Bypasses Microsoft’s Own Secure Email Gateway
    
    
• Cyber Geeks
  A step-by-step analysis of the new malware used by APT28/Sofacy called SkinnyBoy
  
  
• Cybereason
  • DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
  • Partners in Crime: How Ransomware Gangs Are Working Together
    
    
• Follow The White Rabbit
  Un poco de reversing para el verano
  
  
• Gameel Ali
  • Emotet Malware 0x01
  • Emotet Malware 0x02
    
    
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #51: Custom calling conventions
  
  
• John Hammond
  • XLM Macros & Unhiding Excel Worksheets – HackTheBox Biz CTF “OldSchool”
  • BAD RANSOMWARE – HackTheBox Business CTF
    
    
• Kaspersky Lab
  Spyware Trojan link hidden in an image | Kaspersky official blog
  
  
• Kim Zetter at ‘Zero Day’
  Pegasus Spyware: How It Works and What It Collects
  
  
• Mahmoud Morsy
  • Phishing Attacks 5_8_2021
  • Phishing Attacks 7_8_2021
  • IOCs 7_8_2021
    
    
• Red Team Tips
  A pinch of XLL and a splash of rust has the potential to be a sharp combination
  
  
• Allison Wikoff, Richard Emerson, and Wei Gao at Security Intelligence
  ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group
  
  
• Segurança Informática
  The clandestine Horus Eyes RAT: From the underground to criminals’ arsenal
  
  
• Gal Kristal at SentinelLabs
  Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
  
  
• Yusuf Polat and Sean Gallagher at Sophos
  Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more
  
  
• Liam Smith at Sucuri
  Examining Unique Magento Backdoors
  
  
• Amar Babu at Trend Micro
  Automate Malware Quarantining for Workloads
  
  
• WeLiveSecurity
  • Anatomy of native IIS malware
  • IIStealer: A server‑side threat to e‑commerce transactions
    
    

MISCELLANEOUS

• Anton Chuvakin
  Anton and The Great XDR Debate, Part 1
  
  
• Belkasoft
  Belkasoft T — a new effective DFIR triage tool
  
  
• Craig Ball at ‘Ball in your Court’
  Why E-Discovery and Digital Evidence?
  
  
• Elastic
  • Elastic 7.14.0 introduces the industry’s first free and open Limitless XDR
  • What’s new in Elastic Security 7.14: Protect your company with Limitless XDR
  • Elastic Observability 7.14: Unified telemetry and accelerated application root cause analysis
  • What’s new in Elastic Enterprise Search 7.14: Kibana integration and precision tuning
  • What’s new in Kibana 7.14: Formulas and time shifts for richer ad hoc analysis
  • Limitless XDR defined: Ingest, retain, and analyze security data freely
  • Save 10% disk space on your logging datasets with match_only_text
  • Elastic Agent and Fleet make it easier to integrate your systems with Elastic
    
    
• Forensic Focus
  • Research Roundup: Problem Solving In Digital Forensics
  • The “Weapon of Choice” for Special Operations Digital Device Exploitation
  • Alberta Law Enforcement Unit Leverages OpenText EnCase To Significantly Improve Case Efficiency
  • Grayshift INSIGHTS – Quarterly Virtual Update – Aug 31st
  • Rob Fried, Senior Vice President, Forensics & Investigations, Sandline Global
  • Feature Extraction Of Protest Demonstration On Lihkg Discussion Forum
    
    
• Howard Oakley at ‘The Eclectic Light Company’
  Explainer: File systems
  
  
• iNPUT-ACE
  2021 Video Evidence Trends Report [PDF Download]
  
  
• Kevin Pagano at Stark 4N6
  August 3, 2021 at 09:41PM
  
  
• Magnet Forensics
  • Meet the Magnet Forensics’ Training Team: Christopher Bomar
  • Meet the Magnet Forensics’ Training Team: Amanda Fields
    
    
• Marco Fontani at Amped
  How Can I Rotate a Video or Image in Amped Replay?
  
  
• Oxygen Forensics
  6 – Month Checkup at Oxygen Forensic 2021
  
  
• Ryan Campbell at ‘Security Soup’
  Weekly News Roundup — August 1 to August 7
  
  
• The Leahy Center for Digital Forensics & Cybersecurity
  DFIR: Rise of the Next Step
  
  
• Tribal Chicken
  Running Arkime on FreeBSD
  
  

SOFTWARE UPDATES

• Acelab
  The PC-3000 Mobile: the Hard Key Access Method for the ZTE, ASUS, XIAOMI and Caterpillar Qualcomm Snapdragon-Based Smartphones
  
  
• Brian Carrier
  • Autopsy 4.19.0 with Hosts, Analysis Results, and OS Accounts
  • The Sleuth Kit 4.11.0
    
    
• Belkasoft
  What’s new in Belkasoft X v.1.9
  
  
• Cado Security
  Cado Security Unveils Memory Forensics For Enhanced Visibility and Context
  
  
• Elastic
  Elastic Stack 6.8.18 released
  
  
• Foxton Forensics
  Browser History Examiner – Version History – Version 1.16.4
  
  
• Mihari
  v3.4.0
  
  
• OSForensics
  V9.0 build 1000 5th August 2021
  
  
• Regipy
  2.1.0: Merge pull request #185 from mkorman90/feature/parse_acls
  
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!