As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Sol Kavanagh at AWS Security
  Forensic investigation environment strategies in the AWS Cloud
  
  
• Belkasoft
  Android Viber Forensics with Belkasoft X
  
  
• Digital Forensics Myanmar
  • Covid Positive Day-1
  • Day-2
  • Day-3
  • Day-4
  • Day-6
  • Day-5
  • Day-7
  • Day-8
  • Day-9
  • Day-10
  • Day-11
  • Day-12
  • Day-13
  • Day-15
  • Day-16  (Trusted Platform Module) (TPM)
  • Day-14
  • Day-18
  • Day-17
  • eLearnSecurity Certified Digital Forensics Professional (Ecdfp)  (Introduction To Digital Forensics ) Part-1
  • eCDFP (Introduction to Digital Forensics ) – Part-2
  • eCDFP (Introduction to Digital Forensics ) – Part-3
  • eCDFP (Introduction to Digital Forensics ) – Part-4
  • eCDFP (Introduction to Digital Forensics ) – Part-6
  • eCDFP (Introduction to Digital Forensics ) – Part-5
  • hiberfil.sys
  • A Case Study on Geoprofiling and Imagery Analysis
  • What is OSNT ? Critical Thinking For OSINT
    
    
• Elcomsoft
  • Using a Trusted Device for iCloud Authentication
  • iCloud Extractions Without Passwords and Tokens: When a Trusted Device is Enough
    
    
• Forensafe
  • Investigating VMware Windows Application
  • Solving CorporateSecrets Challenge with ArtiFast Windows
  • Investigating Searched Strings
    
    
• Aarti Singh at Hacking Articles
  • Windows Privilege Escalation: Boot Logon Autostart Execution (Startup Folder)
  • Windows Privilege Escalation: Logon Autostart Execution (Registry Run Keys)
    
    
• Ian Whiffin at DoubleBlak
  iOS15 Media Adjustments
  
  
• Josh Brunty
  Validation of Forensic Tools- A Quick Guide for the DFIR Examiner
  
  
• Joshua Hickman at ‘The Binary Hick’
  iOS 15 Powered-Off Tracking & Remote Bombs
  
  
• Joachim Metz at Open Source DFIR
  Common misconceptions about Windows EventLogs
  
  
• Andrew Iwamaye, Reese Lewis, Andrew Christian, and Seth Lazarus at Rapid7
  Sneaking Through Windows: Infostealer Malware Masquerades as Windows Application
  
  
• Security Onion
  • Quick Malware Analysis: Stolen Images Evidence and BazarLoader pcap from 2021-10-14
  • Quick Malware Analysis: Stolen Images Evidence and IcedID pcap from 2021-10-12
  • Quick Malware Analysis: Stolen Images Evidence and Gozi/ISFB/Ursnif pcap from 2021-10-06
  • Quick Malware Analysis: MirrorBlast / KiXtart pcap from 2021-10-05
  • Quick Malware Analysis: MirrorBlast / Kixtart / ReflectiveGnome / FlawedGrace pcap from 2021-10-04
    
    
• ThinkDFIR
  Introducing Awesome BEC
  

THREAT INTELLIGENCE/HUNTING

• Alex Harmon
  • FORENSIC ARTIFACTS: Azure Custom Script Extension Use
  • FORENSIC ARTIFACTS: Azure Run Command Extension Use
    
    
• Azure Sentinel
  • Automation:Integrate Azure Data Explorer as Long-Term log Retention for Azure Sentinel/Log Analytics
  • Monitoring Sentinel Analytical Rules – Push Health Notifications
  • Announcing the Azure Sentinel Hackathon 2021 winners!
    
    
• Thu Pham at Blumira
  How MSPs Can Detect Nobelium, SolarWinds’ Attackers
  
  
• Brad Duncan at Malware Traffic Analysis
  2021-10-29 – Files for my talk at the 2021 Texas Cyber Summit
  
  
• Cado Security
  Automate Incident Response with the new Tines and Cado Response Integration
  
  
• Check Point Research
  25th October – Threat Intelligence Report
  
  
• Cisco’s Talos
  • SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
  • Threat Roundup for October 22 to October 29
    
    
• Joe Vest at Cobalt Strike Research and Development
  Create a proxy DLL with artifact kit
  
  
• Adam Martin at Cofense
  “Missed Voice Message,” the Latest Phishing Lure
  
  
• CrowdStrike
  • Compromised NPM Package Used in Supply Chain Attack: CrowdStrike Falcon Customers Protected
  • Tales From the Cryptojacking Front Lines
    
    
• Curated Intelligence
  Conti Leaked Playbook TTPs
  
  
• Cybereason
  • An Operation-Centric Approach to RansomOps Prevention
  • Microsoft Publishes Veiled Mea Culpa Disguised as Research
  • EDR Buyer’s Guide: Microsoft E5 Licenses and Security Risks
    
    
• William Thomas at Cyjax
  Mercenary APTs – An Exploration
  
  
• ENISA
  Hackers-for-Hire drive the Evolution of the New ENISA Threat Landscape
  
  
• Esentire
  Years Old Infection Discovered After Installing the eSentire MDR for Endpoint Agent
  
  
• Joe Slowik at Gigamon
  Bear in the Net: A Network-Focused Perspective on Berserk Bear
  
  
• Google Workspace Updates
  VirusTotal integration with the security investigation tool provides deeper insight into Gmail events
  
  
• Ruslan Chebesov and Sergey Kokurin at Group-IB
  Cannibal Carders
  
  
• InfoSec Write-ups
  • Purple Team Operations [Part 1]: How To Assess Cyber Threats and Risk For Your Organization?
  • Blue Team Operations [Part 4]: How To Investigate Network Incidents as a SOC Analyst
    
    
• Jan Geisbauer at Empty Datacenter
  Azure Sentinel Internals: Incidents
  
  
• Lacework
  TeamTNT Continues to Target Exposed Docker API
  
  
• Anton Ovrutsky at Lares
  Sysmon for Linux Test Drive
  
  
• Julien Richard at Luatix
  OpenCTI data sharing
  
  
• Ken Proska, Corey Hildebrandt, Daniel Kapellmann Zafra, and Nathan Brubaker at Mandiant
  Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
  
  
• Mehmet Ergene
  Reducing Alert Fatigue by Lightning Fast Alert Prioritization with Azure Sentinel
  
  
• Microsoft 365 Security
  Revisiting Unconstrained Delegation
  
  
• Microsoft Security
  • NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
  • Protect your business from password sprays with Microsoft DART recommendations
    
    
• Jonathan Evans, Jon Baker, and Richard Struse at MITRE-Engenuity
  CVE + MITRE ATT&CK® to Understand Vulnerability Impact
  
  
• Nextron Systems
  Monero Mining Pool FQDNs
  
  
• Didier Stevens at NVISO Labs
  Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2
  
  
• Palo Alto Networks
  • Nightmare Email Attacks (and Tips for Blocking Them)
  • Network Scanning Traffic Observed in Public Clouds
    
    
• Proofpoint
  • New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
  • TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware
    
    
• Rachelle Chouinard at Abnormal
  New Quishing Campaign Shows How Threat Actors Innovate to Bypass Security
  
  
• ReaQta
  AvosLocker Ransomware (RaaS): A New Ransomware Group Emerges
  
  
• Recorded Future
  • Operation Secondary Infektion Impersonates Swedish Riksdag, Targets European Audiences
  • How to Investigate Typosquats
    
    
• Joe Savini at Red Canary
  Microsoft Identity: Demystifying Defender for Identity and Azure Identity Protection
  
  
• Ryan Hausknecht
  Attacking Azure & Azure AD, Part II
  
  
• SANS Internet Storm Center
  • Decrypting Cobalt Strike Traffic With a “Leaked” Private Key, (Mon, Oct 25th)
  • Hunting for Phishing Sites Masquerading as Outlook Web Access, (Tue, Oct 26th)
  • Multiple Apple Patches for October 2021, (Thu, Oct 28th)
  • Remote Desktop Protocol (RDP) Discovery, (Sat, Oct 30th)
    
    
• Securelist
  APT trends report Q3 2021
  
  
• Anusthika Jeyashankar at Security Investigation
  Directory Services Restore Mode Password Reset – Event IDs to Monitor
  
  
• Claire Tills at Tenable
  Examining the Treat Landscape
  
  
• Dave Shackleford at ZScaler
  Understanding Attack Progression
  

UPCOMING EVENTS

• Ashley Hernandez and Drew Fahey at Cellebrite
  Streamlining Investigations with Targeted Data Collection
  
  
• Cybereason
  • Webinar: Live Attack Simulation – Ransomware Threat Hunter Series
  • Webinar: Live Attack Simulation – EMEA Ransomware Threat Hunter Series
    
    
• Magnet Forensics
  Moving Digital Forensic Labs to the Cloud
  
  
• Kelley Wilds at Recon InfoSec
  SOC X 2023
  

PRESENTATIONS/PODCASTS

• Chewing the FAT interview with Alexis Brignoni
  Episode 6
  
  
• Archan Choudhury at BlackPerl
  EASY Creation of Malware Analysis and Digital Forensics Lab
  
  
• Black Hat
  Demystifying “Limitless XDR” with Nate Fick
  
  
• Black Hills Information Security
  • BHIS – Talkin’ Bout [infosec] News 2021-10-25
  • BHIS | Hack for Show, Report For Dough: Part 2 w/ BB King (1-Hour)
  • Talkin’ About Infosec News – 10/28/2021
    
    
• Cellebrite
  • Gain the Most out of Your Investigation with Cryptocurrency Artifacts
  • How to Verify App Genie Results in Cellebrite Physical Analyzer
    
    
• Cloud Security Podcast by Google
  EP40 2021: Phishing is Solved?
  
  
• Cybereason
  Malicious Life Podcast: Marcus Hutchins – A Controversial Hero
  
  
• Detection: Challenging Paradigms
  S2 – Episode 5: Mathieu Saulnier
  
  
• Joshua James at DFIRScience
  Android logical acquisition with android_triage
  
  
• Didier Stevens
  Cobalt Strike: Decrypting C2 Traffic With A “Leaked” Private Key
  
  
• Digital Forensic Survival Podcast
  DFSP # 297 – Nested Groups
  
  
• Dump-Guy Trickster
  Reversing CryptoCrazy Ransomware – PoC Decryptor and some Tricks
  
  
• Gerald Auger at Simply Cyber
  How to Get Started as a Cybersecurity Mentor?
  
  
• InfoSec_Bret
  Intel 101 – Part 02
  
  
• Magnet Forensics
  Magnet OUTRIDER 3.0: Triage for macOS
  
  
• OALabs
  Blackmatter Ransomware – Livestream Lunch and Learn: Reverse Engineering and Binary Attribution
  
  
• Radware
  Radware Threat Researchers Live: Ep.15
  
  
• Jack Cable at Rapid7
  [Security Nation] Jack Cable on Ransomwhere
  
  
• Richard Davis at 13Cubed
  Event Log Chainsaw Massacre – Powerful Threat Detection
  
  
• SANS
  • I Knew You Were Trouble – Detecting Threat Actors Before They Deploy Ransomware
  • Keynote: Threat Hunting: Old Data, New Tricks!
  • Hunting mediante la detección de anomalías con Machine Learning y DAISY
  • Threat Hunting: Lotta Ins, Lotta Outs, Lotta What Have Yous
  • Identifying Opportunities to Collaborate and Contribute back
  • What Keeps You Up At Night?
  • Landing a Job: Resumes and the Application Process
    
    
• Sumuri
  RECON ITR – Mac Imaging, Triaging and Reporting
  
  
• Watson Infosec
  NextDNS Overview & Review
  

MALWARE

• Chuong Dong at 0ffset
  DRIDEX: Analysing API Obfuscation Through VEH
  
  
• 0xdf hacks stuff
  • Flare-On 2021: antioch
  • Flare-On 2021: spel
  • Flare-On 2021: flarelinuxvm
  • Flare-On 2021: beelogin
  • Flare-On 2021: myaquaticlife
    
    
• 360 Core Security
  针对巴以地区长达三年的攻击活动揭露
  
  
• 360 Netlab
  Pink, a botnet that competed with the vendor to control the massive infected devices
  
  
• Hannah Cartier at Active Countermeasures
  Malware of the Day – Octopus
  
  
• Any.Run
  Free ANY.RUN Sandbox for Educational Purposes
  
  
• Avast Threat Labs
  Avast releases decryptor for AtomSilo and LockFile ransomware
  
  
• Blackberry
  Threat Thursday: Jennlog Malicious Loader
  
  
• Bogdan Vennyk
  Flare-on 8 task 9 write-up
  
  
• Cado Security
  Links to Previous Attacks in UAParserJS Compromise
  
  
• CERT Polska
  Vidar stealer campaign targeting Baltic region and NATO entities
  
  
• Fabian Wosar at Curated Intelligence
  Decrypting BlackMatter Ransomware
  
  
• Cybereason
  • THREAT ALERT: Malicious Code Implant in the UAParser.js Library
  • THREAT ANALYSIS REPORT: Snake Infostealer Malware
    
    
• Asaf Gilboa at Deep Instinct
  Evading EDR Detection with Reentrancy Abuse
  
  
• Shunichi Imano and Fred Gutierrez at Fortinet
  Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers
  
  
• Tony Robinson at Hurricane Labs
  • Malware Analysis Part 1: How does it work?
  • Malware Triage: Dissecting Threats to Your Security
    
    
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #62: Creating custom type libraries
  
  
• Lina Lau at Inversecos
  How to Backdoor Azure Applications and Abuse Service Principals
  
  
• Yuma Masubuchi at JPCERT/CC
  Malware WinDealer used by LuoYu Attack Group
  
  
• Mahmoud Morsy
  • Phishing Attacks 25_10_2021
  • IOCs 25_10_2021
  • Phishing Attacks 26_10_2021
    
    
• Malwarebytes Labs
  • What is fileless malware?
  • Threat profile: Ranzy Locker ransomware
  • The return of the Malwarebytes CrackMe
    
    
• Mark Mo
  Find Suspicious Permissions
  
  
• Hido Cohen & Michael Dereviashkin at Morphisec
  DECAF Ransomware: A New Golang Threat Makes Its Appearance
  
  
• Nick Harbour at Mandiant
  Flare-On 8 Challenge Solutions
  
  
• Jessica Ellis at PhishLabs
  Advanced Banking Trojan Sets New Standard for Android Malware
  
  
• Sean Gallagher at Sophos
  Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor
  
  
• VinCSS
  [RE025] TrickBot … many tricks
  
  
• Vladislav Hrčka at WeLiveSecurity
  Wslink: Unique and undocumented malicious loader that runs as a server
  

MISCELLANEOUS

• Craig Ball at ‘Ball in your Court’
  Federal Court Rules on Whether Documents Containing Agreed-Upon Keywords are Responsive Per Se
  
  
• Elan at DFIR Diva
  The Free and Affordable Training Sites Have Merged!
  
  
• Forensic Focus
  • Oxygen Forensics’ Lee Reiber on Keeping Pace in Digital Forensics
  • Can AI Be Used for Forensics and Investigations?
  • CNN Based Zero Day Malware Detection Using Small Binary Segments
  • Exterro Plans FTK® Product Portfolio Upgrades for Scalability, Accuracy and Faster Processing Engine
  • HancomWITH MD-Series Release Note Highlights (3Q 2021)
  • Presentation Filters and Techniques with Amped FIVE
  • Register for Webinar: Using GrayKey Passcode History and Hashcat (Law Enforcement Restricted)
  • Andy Lister, Global Business Development Director, Detego
  • Oxygen Forensics has once again increased support for encrypted apps
  • Forensic Analysis for AI Speaker with Display: Amazon Echo Show 2nd Generation
    
    
• Isabelle Quinn at InQuest
  How Email Works
  
  
• Josh Brunty
  Creating an HTML Index Using Python
  
  
• Marco Fontani at Amped
  How Do I Generate a Report of My Work With Amped Replay?
  
  
• Nextron Systems
  TryHackMe Training Room for THOR Lite
  
  
• Alisha Cales at Paraben Corporation
  Digital Forensic Training Support during Cyber Crisis
  
  
• Stuart Smith at Red Canary
  Embrace the tangles: Infosec career advice from a technical account manager
  
  
• Ryan Campbell at ‘Security Soup’
  Weekly News Roundup — October 24 to October 30
  
  
• Javier Bachiller at Security Art Work
  Purple Team: ¿pero esto qué es? (I)
  
  
• Katie Niemi at tcdi
  What Should I Include in my Incident Response Plan?
  
  
• Erin Sindelar at Trend Micro
  What To Expect in a Ransomware Negotiation
  
  
• Vicente Díaz at VirusTotal
  Introducing VirusTotal MSSP Program: Differentiate and become indispensable with preventive capabilities
  
  
• John Patzakis at X1
  Index and Search In-Place Workflows Key to Reducing eDiscovery Costs and Risks
  

SOFTWARE UPDATES

• AccessData
  • Forensic Tools 7.5.1
  • FTK Central
    
    
• Acelab
  The Latest PC-3000 Mobile Software Update Ver. 1.5 is Here!
  
  
• Capa
  v3.0.3
  
  
• Cellebrite
  Cellebrite Expands Industry-Leading Digital Intelligence Platform with the Launch of SaaS Based Investigative Digital Evidence Management System
  
  
• Costas K
  MFTBrowser.exe (x64)
  
  
• Elcomsoft
  ElcomSoft Phone Breaker 10 adds device-based iCloud authentication
  
  
• ExifTool
  ExifTool 12.34
  
  
• IntelOwl
  v3.2.0
  
  
• Magnet Forensics
  Magnet OUTRIDER 3.0: Triage for macOS
  
  
• Mihari
  v3.10.1
  
  
• Nextron Systems
  THOR 10.6.11 with Support for Apple M1 Architecture
  
  
• Open Source DFIR
  Plaso 20211024 released
  
  
• Oxygen Forensics
  Oxygen Forensic® Detective v.14.1
  
  
• Xways
  • X-Ways Forensics 20.3 SR-7
  • X-Ways Forensics 20.4 Beta 3
    

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!