As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• ArcPoint Forensics
  Bitlocker Detection From The Command Line
  
  
• Arman Gungor at Metaspike
  Trusted Timestamping (RFC 3161) in Digital Forensics
  
  
• Amina Zilic at Binalyze
  DRONE: Generic Webshell Analyzer
  
  
• Elcomsoft
  • Apple Watch Forensics: The Adapters
  • NAS Forensics: TrueNAS Encryption Overview
    
    
• Forensafe
  • Investigating Adobe Acrobat Reader
  • Solving Lost Flash Drive Challenge with ArtiFast Windows
    
    
• InfoSec Write-ups
  Basic Splunk 101 Walkthrough Tryhackme
  
  
• Kevin Pagano at Stark 4N6
  Ain’t That a Kik in the Head
  
  
• Nasreddine Bencherchali
  A Primer On Event Tracing For Windows (ETW)
  
  
• B. Krishna Sai Nihith
  • Heist – InCTF Internationals 2021
  • Heist Continues – InCTF Internationals 2021
  • Heist Ends – InCTF Internationals 2021
  • Ermittlung – InCTF Internationals 2021
  • Google Tasks – Android Forensics analysis
    
    
• Nik Alleyne at ‘Security Nik’
  TShark : Finding data with “contains” and “matches” (Regular Expression)
  
  
• Oxygen Forensics
  Discord Forensics: Acquire Even More from the Cloud
  
  
• Amber Schroader at Paraben Corporation
  Waze Data in Smartphones
  
  
• Security Onion
  • Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-21 Raccoon Stealer
  • Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-18 Qakbot
  • Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-20 Hancitor
  • Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-14 Ursnif
  • Quick Malware Analysis: malware-traffic-analysis.net Bazarloader pcap from 2021-08-12
    
    
• The DFIR Report
  Trickbot Leads Up to Fake 1Password Installation
  
  

THREAT INTELLIGENCE/HUNTING

• Hannah Cartier at Active Countermeasures
  Malware of the Day – Pings!
  
  
• Vitali Kremez & Yelisey Boguslavskiy at Advanced Intelligence
  Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration
  
  
• Alex Teixeira
  Anomaly-based detection workflow: leveraging the Novelty component using EDR log telemetry
  
  
• Anomali
  Anomali Cyber Watch: Aggah Using Compromised Websites to Target Businesses Across Asia, eCh0raix Targets Both QNAP and NAS, LockBit 2.0 Targeted Accenture, and More
  
  
• Blackberry
  Threat Thursday: TA575/Dridex
  
  
• Brad Duncan at Malware Traffic Analysis
  2021-08-19 – Traffic Analysis Exercise – Funkylizards
  
  
• Check Point Research
  16th August – Threat Intelligence Report
  
  
• Cisco’s Talos
  • Neurevt trojan takes aim at Mexican users
  • Malicious Campaign Targets Latin America: The seller, The operator and a curious link
  • Threat Source newsletter (Aug. 19, 2021)
  • Threat Roundup for August 13 to August 20
    
    
• ClearSky Cyber Security
  New Iranian Espionage Campaign By “Siamesekitten” – Lyceum
  
  
• Cyberabilities
  • Detecting Command & Control beaconing with Sysmon and Splunk
  • Detecting the use of malicious DLLs at scale using Sysmon and Splunk
    
    
• Oakley Cox at Darktrace
  Remote Desktop Protocol (RDP) attack analysis
  
  
• Kelsey LaBelle at DomainTools
  Valuable Datasets to Analyze Network Infrastructure | Part 2
  
  
• EclecticIQ
  Malware Marketplaces Provide Newcomers with Expanded Capability
  
  
• Batuhan Apaydın at Falco
  Blog: Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit – Part 2
  
  
• Gijs Hollestelle at Falcon Force
  FalconFriday — Detecting UAC Bypasses — 0xFF16
  
  
• HP Wolf Security
  New Survey Highlights Concerns About Cybercriminals Adopting Nation State Tools and Techniques Against Businesses
  
  
• John Hammond at Huntress
  Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
  
  
• Jon DiMaggio at Analyst1
  Nation State Ransomware
  
  
• Scythe
  • SCYTHE Presents: Malware Risks in Open Source Code
  • SCYTHE Presents: SCYTHE Domain Fronting through Azure CDN
    
    
• Kevin Beaumont at DoublePulsar
  Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities
  
  
• Devon Ackerman and Krystina Lacey at Kroll
  Three Tactics to Bypass Multi-factor Authentication in Microsoft 365
  
  
• Malwarebytes Labs
  Analysts “strongly believe” the Russian state colludes with ransomware gangs
  
  
• Michael Koczwara
  Cobalt Strike Hunting  — DLL Hijacking/Attack Analysis
  
  
• Microsoft 365 Security
  Credential Access and lateral movement: What can attackers do with the stolen credentials?
  
  
• Microsoft Security
  • Trend-spotting email techniques: How modern phishing emails hide in plain sight
  • Automating security assessments using Cloud Katana
  • How to proactively defend against Mozi IoT botnet
    
    
• MITRE-Engenuity
  • Highlighting the Importance of Detection Context using the ATT&CK Evaluations for ICS Results
  • Researching Data Sources to Build a Foundation for Detections
    
    
• NCC Group Research
  Disabling Office Macros to Reduce Malware Infections
  
  
• Nextron Systems
  Antivirus Event Analysis Cheat Sheet v1.8.2
  
  
• Penetration Testing Lab
  • HiveNightmare
  • Domain Escalation – PrintNightmare
    
    
• Recorded Future
  • Operation Secondary Infektion Continues Targeting Democratic Institutions and Regional Geopolitics
  • China Propaganda Network Targets BBC Media, UK in Large-Scale Influence Campaign
  • Amid Boom in Phishing, Fraudsters Target Customers of Small and Mid-sized Banks
    
    
• Justin Schoenfeld and Jason Killam at Red Canary
  Remote access tool or trojan? How to detect misbehaving RATs
  
  
• SANS Internet Storm Center
  • Extra Tip For Triage Of MALWARE Bazaar’s Daily Malware Batches, (Mon, Aug 16th)
  • Simple Tips For Triage Of MALWARE Bazaar’s Daily Malware Batches, (Sun, Aug 15th)
  • 5 Things to Consider Before Moving Back to the Office, (Wed, Aug 18th)
  • Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution), (Tue, Aug 17th)
  • When Lightning Strikes. What works and doesn’t work., (Thu, Aug 19th)
  • Waiting for the C2 to Show Up, (Fri, Aug 20th)
  • New Versions Of Sysinternals Tools, (Sat, Aug 21st)
  • .docx With Embedded EXE, (Sun, Aug 22nd)
    
    
• Security Intelligence
  • Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang
  • Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon
  • How Ransomware Trends Are Changing Cyber Insurance
    
    
• Security Investigation
  • What is Threat Intelligence – Importance , CTI Lifecycle & Pyramid of Pain
  • Investigation of Urlsnif Malware Network Traffic
  • Threat Hunting using Firewall Logs – Soc Incident Response Procedure
  • DeepBlueCLI – PowerShell Module for Threat Hunting
    
    
• SpecterOps
  • Thoughts on Detection
  • Entity Based Detection Engineering with BloodHound Enterprise
    
    
• Symantec Enterprise
  LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers
  
  
• Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, and Thomas Lancaster at Volexity
  North Korean APT InkySquid Infects  Victims Using Browser Exploits
  
  
• Zolder B.V.
  Office 365 audit logging
  
  

UPCOMING EVENTS

• Dave Cowen at SANS
  FOR509:Cloud Forensics & Incident Response Course Preview
  
  
• Andrew Rathbun and Josh Mitchell at Kroll
  How to Use KAPE and SQLECmd with EventTranscript.db
  
  
• Amped
  Upcoming Amped Software Webinars: Register Today for Free!
  
  
• Dan Sumpter at Exterro
  Masters of Digital Forensics Course # 2: Work smarter, not harder: optimize your system for faster forensic processing
  
  

PRESENTATIONS/PODCASTS

• Anastasios Pingios
  x33fcon: In nation-state actor’s shoes
  
  
• Archan Choudhury at BlackPerl
  Lets Defend with Me, GiveAway: Your BlueTeam, Incident Response Career Needs You, Be Quick!
  
  
• Black Hills Information Security
  • BHIS | Talkin’ Bout News 2021-08-16
  • Talkin’ About Infosec News – 8/18/2021
    
    
• Breaking Badness
  94. Spooler Heads Prevail
  
  
• Bret Witt
  Intel 101 – Part 01
  
  
• Cado Security
  It’s Time to Buff Your Cloud Game
  
  
• Cellebrite
  • End to End Triage Practices Leveraging Digital Collector and Responder (Lab)
  • Advanced Extraction Methodologies for Cellular Telephones
  • Investigating Human – Sex Trafficking
  • Learn how Investigative Notes feature can help your investigations
  • The Top Techno Security Threat Cellebrite Helps Overcome Around the World
  • Verifying App Genie Results
  • 2021 Digital Intelligence Benchmark Report by Cellebrite
  • Episode 16: I Beg to DFIR – What’s on the Horizon – the second half of 2021
    
    
• Chewing the FAT
  Episode 4
  
  
• Cybereason
  • Malicious Life Podcast: DeadRinger – Exposing Chinese APTs Targeting Major Telcos
  • Webinar: REvil Ransomware – Pick Your Path
    
    
• Day Cyberwox
  • Top 5 Skills You Need to Become A Cybersecurity/SOC Analyst in 2021
  • How I Passed the AWS Certified Cloud Practitioner | Everything You Need to Know for the CLF-C01
    
    
• DEFCON
  DEF CON 29 Adversary Village – Daniel Duggan – Designing a C2 Framework
  
  
• Didier Stevens
  My YouTube Playlists
  
  
• Digital Detectives
  Ten Tips for Better ESI Expert Reports from Craig Ball
  
  
• Digital Forensic Survival Podcast
  DFSP # 287 – CSA Cloud Threats 6
  
  
• Down the Security Rabbithole Podcast
  DtSR Episode 459 – TPA A Defenders Endpoint Perspective
  
  
• Eric and Mark at ‘Forensics and Beer’
  Hashing
  
  
• Gerald Auger at Simply Cyber
  Cybersecurity Career Case Study from Intern to Pro – (Ethan Robish at Blackhills)
  
  
• Google Cloud Security Podcast
  The Mysteries of Detection Engineering: Revealed!
  
  
• Justin Tolman at AccessData
  FTK Feature Focus – Episode 23 – Saving Processing Profiles
  
  
• MSAB
  • XRY in 5   Pre scanning of iOS device
  • XAMN in 5 – Similar pictures filter
    
    
• Nuix
  Keeping up with Legal and Investigations Changes for Corporations
  
  
• Rapid7
  [The Lost Bots] Episode 3: Stories From the SOC
  
  
• StealthBay
  Podcast Episode 2 – Cyber Security for Smart Cars & Automotive Industry
  
  
• Uriel Kosayev
  Malware Analysis Workshop – Dissecting the WannaCry Ransomware
  
  
• Watson Infosec
  • Malware Analysis Techniques
  • Lets Talk, Cybersecurity Interviews.
    
    

MALWARE

• Manorit Chawdhry at CERT Polska
  Linux Injector for automated malware analysis
  
  
• Cyberint
  Redline Stealer
  
  
• Cyble
  A Deep-Dive Analysis Of LOCKBIT 2.0
  
  
• Aaron Stephens at Fire Eye Threat Research
  Detecting Embedded Content in OOXML Documents
  
  
• Gameel Ali
  Emotet Malware 0x02
  
  
• Matthew Brennan at Huntress
  Snakes on a Domain: An Analysis of a Python Malware Loader
  
  
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #53: Manual switch idioms
  
  
• Intezer
  • Intezer Analyze Detects MITRE D3FEND™ Techniques
  • Cobalt Strike: Detect this Persistent Threat
    
    
• PhishLabs
  New Quarterly Threat Trends & Intelligence Report Now Available
  
  
• Segurança Informática
  • Secrets behind the Lazarus’s VHD ransomware
  • Ragnar Locker – Malware analysis
    
    
• Trend Micro
  • Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military
  • LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
  • Tokyo Olympics Leveraged in Cybercrime Attack
  • Fake Cryptocurrency Mining Apps Trick Victims Into Watching Ads, Paying for Subscription Service
    
    
• Jason Reaves and Joshua Platt at Walmart
  Looking at the new Krypton crypter and recent Data Exfiltrator Samples
  
  

MISCELLANEOUS

• Amped
  • How Can I Improve Contrast and Brightness of a Video in Amped Replay?
  • How to Use the Convert DVR Fallback Procedures in Amped FIVE
  • How to Use the Adjust Timestamp Filter in Amped FIVE
    
    
• Arch Cloud Labs
  Two Years Blogging – A Review of Designing Homelab Projects
  
  
• Yulia Samoteykina at Atola
  Imaging and hot plug of NVMe drives with DiskSense 2
  
  
• Belkasoft
  Android Screen Capturing
  
  
• Cellebrite
  • Securing Data from Witness Devices
  • An Industry at Risk: Protect Your Life Sciences Company with a Digital Intelligence Strategy
    
    
• Dr. Neal Krawetz at ‘The Hacker Factor Blog’
  An Apple Affray
  
  
• Elan at DFIR Diva
  The Get Your Start in DFIR Scholarship Site Just Launched!
  
  
• Forensic Focus
  • Automatic Classification Of CVE Items And Cyber Security Articles
  • Avoiding Burnout At The Digital Forensics Coalface
  • Martino Jerian, Founder & CEO, Amped Software
  • Extracting Evidence From Damaged Devices
    
    
• Koen Van Impe
  Legal and cooperation frameworks between CSIRTs and law enforcement agencies
  
  
• Nico Leidecker at NVISO Labs
  Building an ICS Firing Range – Part 1
  
  
• Chuck Dodson, Sr at OpenText
  A day in the life of evidence: Part 2
  
  
• Ryan Campbell at ‘Security Soup’
  • Weekly News Roundup — August 8 to August 14
  • Weekly News Roundup — August 15 to August 21
    
    
• Sandor Tokesi at Forensics Exchange
  The best Commitment Tier for you
  
  
• SANS
  • Instructor Spotlight: Jean-François Maes
  • Level Up Your Cyber Career with SANS #LevelUp
  • Got What It Takes For SEC760? Check Out this Short Quiz (Updated!)
  • SEC760 Prep Quiz Answers
    
    
• Security Investigation
  Soc Interview Questions and Answers – CYBER SECURITY ANALYST
  
  
• Stephen Marchewitz at TrustedSec
  Is Cyber Insurance Becoming Worthless?
  
  
• John Patzakis at X1
  Facebook Groups is an Important Source of Electronic Evidence
  
  

SOFTWARE UPDATES

• Amped
  Amped FIVE Update 21826: Adjust Timestamp, Time Calculator, PTS Playback, Advanced Conversion Procedures, and Much More
  
  
• Cellebrite
  Now Available: Cellebrite Inspector 10.4
  
  
• CyberChef
  v9.32.1
  
  
• Didier Stevens
  • Update: oledump.py Version 0.0.62
  • Update: pdfid.py Version 0.2.8
  • Update: pdf-parser.py Version 0.7.5
  • Update: AnalyzePESig Version 0.0.0.8
    
    
• Metaspike
  Forensic Email Collector v3.61.4.0
  
  
• Ogg3
  CheckArroyo
  
  
• OSForensics
  V9.0 build 1001 17th August 2021
  
  
• Security Onion
  Security Onion 2.3.70 now available!
  
  
• Ulf Frisk
  MemProcFS Version 4.2
  
  
• Velociraptor
  Release 0.6.1-rc1
  
  
• Xways
  X-Ways Forensics 20.4 Preview 3
  
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!