As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Belkasoft
Media files forensics with Belkasoft X - Heather Mahalik at Cellebrite
- Dan Maunz at Cisco
New Nexus Forensic Guide - Dr. Brian Carrier at Cyber Triage
Cyber Triage on Azure: DFIR in the Cloud - Digital Forensics Myanmar
- Dr. Neal Krawetz at ‘The Hacker Factor Blog’
Beyond the Skyline - Elcomsoft
- Erik Hjelmvik at Netresec
Open .ETL Files with NetworkMiner and CapLoader - Robert Graham at Errata Security
Debunking: that Jones Alfa-Trump report - Forensafe
- Ian Whiffin at DoubleBlak
Message Reactions - Nicole Fishbein at Intezer
Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server - Karlo Licudine at AccidentalRebel
- Magnet Forensics
Anatomy of a Workplace Harassment Investigation - Alexander Jäger at Open Source DFIR
Use EVTX files on VirusTotal with Timesketch and Sigma (Part1) - Oxygen Forensics
Extraction of locked LG devices in Oxygen Forensic® Detective - Security Onion
- Quick Malware Analysis: SquirrelWaffle, Qakbot, and CobaltStrike pcap from 2021-10-04
- Quick Malware Analysis: SystemBC and CobaltStrike pcap from 2021-02-01
- Quick Malware Analysis: Pascholotto Email and Malware pcap from 2021-02-19
- Quick Malware Analysis: October 2021 Forensic Challenge – Part 1 of 3
- Quick Malware Analysis: October 2021 Forensic Challenge – Part 3 of 3
- Quick Malware Analysis: October 2021 Forensic Challenge – Part 2 of 3
- The DFIR Report
From Zero to Domain Admin - ZecOps
How iOS Malware Can Spy on Users Silently
THREAT INTELLIGENCE/HUNTING
- Anomali
Anomali Cyber Watch: Russian Intelligence Targets IT Providers, Malspam Abuses Squid Games, Another npm Library Compromise, and More - Blackberry
- CERT-FR
Rapport Menaces Et Incidents Du Cert-fr - Check Point Research
- Cisco’s Talos
- Eric Loui and Josh Reynolds at CrowdStrike
CARBON SPIDER Embraces Big Game Hunting, Part 2 - Curated Intelligence
Tracking the planet with Pulsedive - Cybereason
What Are the Most Common Attack Vectors for Ransomware? - William Thomas at Cyjax
Cyjax research sees TeamTNT added to Mitre ATT&CK framework - Oakley Cox at Darktrace
Living off the Land: How hackers blend into your environment - EclecticIQ
Ransomware 3 – Countering the Ransomware Threat When There Is No Silver Bullet - Emanuele De Lucia
The BigBoss Rules: Something about one of the Uroburos’ RPC-based backdoors - Flashpoint
- Andrey Zhdanov at Group-IB
The Darker Things - Jack Crook at ‘DFIR and Threat Hunting’
Measuring User Behavior - Malwarebytes Labs
- Marcus Edmonson at ‘Data Analytics & Security’
Detecting mshta in a Home Lab - Microsoft 365 Security
Revisiting Constrained Delegation - Frank Duff at MITRE-Engenuity
Introducing ATT&CK Evaluations Trials: First Up, Deception - Nathali Cano at Scythe
SCYTHE Presents: Simplifying the MITRE ATT&CK Framework - Didier Stevens at NVISO Labs
Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3 - Pete Cowman at Hatching
MacOS, TA505 and Other Family Detections - Selena Larson, Sam Scholten and Timothy Kromphardt at Proofpoint
Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery - Red Siege Information Security
Attacking SAML implementations - RiskIQ
The Vagabon Kit Highlights ‘Frankenstein’ Trend in Phishing - Dean Parsons at SANS
ICS Threat Hunting: “They’re Shootin’ at the Lights!” – PART 2 - SANS Internet Storm Center
- Sysinternals: Autoruns and Sysmon updates, (Sun, Oct 31st)
- Video: Phishing ZIP With Malformed Filename, (Sun, Oct 31st)
- Revisiting BrakTooth: Two Months Later, (Mon, Nov 1st)
- October 2021 Forensic Contest: Answers and Analysis, (Thu, Nov 4th)
- Xmount for Disk Images, (Thu, Nov 4th)
- Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory, (Sat, Nov 6th)
- Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory, (Sun, Nov 7th)
- Javier Bachiller at Security Art Work
Purple Team ¿Pero esto que és? (Parte II). Threat Intelligence - Security Investigation
- Scott J Roberts
Getting Started with Synapse - Nick Tausek at Swimlane
Building Best-of-Both-Worlds Automation and Threat Intel With Swimlane and VirusTotal – Part One - Symantec Enterprise
BlackMatter: New Data Exfiltration Tool Used in Attacks - Team Cymru
Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - Erin Sindelar at Trend Micro
Ransomware Negotiation Scenarios: What to Expect - Vicente Díaz at VirusTotal
Automate and Augment Case Management, Threat Intelligence and Enrichment - Zolder B.V.
Detecting MFASweep using Azure Sentinel
UPCOMING EVENTS
- Lior Div and Sam Curry at Cybereason
Webinar November 18th: Anatomy of a Ransomware Attack - Dave Gruber, Doug Cahill, and James Campbell at Cado Security
Traditional DFIR Methods = Not Fit For Cloud - Elan at DFIR Diva
DFIR Related Events for Beginners – November, 2021 - Magnet Forensics
Rapid Triage for Mac with Magnet OUTRIDER - Securizame
Noticias Securízame – Eventos Y Formación De Noviembre 2021
PRESENTATIONS/PODCASTS
- Archan Choudhury at BlackPerl
Windows Forensics Analysis, Memory Forensics- Part1, Diwali GiveAway - Belkasoft
Dealing with encryption—10th episode of BelkaTalk on DFIR - Black Hills Information Security
- Breaking Badness
101. Ransomware and Malware and Justice, Oh My! - Cellebrite
- Cloud Security Podcast by Google
EP41 Beyond Phishing: Email Security Isn’t Solved - Joshua I. James at DFIRScience
- Didier Stevens
- Digital Forensic Survival Podcast
DFSP # 298 – Mac Forensics with SUMURI - Dump-Guy Trickster
Introduction to Invoke-DetectItEasy PowerShell Module - Hasherezade
HollowsHunter detecting ShellcodeFluctuation PoC - InfoSec_Bret
Intel 101 – Part 03 – FINAL - Justin Tolman at AccessData
FTK Feature Focus – Episode 28 – Mac Artifacts in System Summary - Magnet Forensics
- Nuix
2021 Nuix APAC Partner Awards - Paraben Corporation
- Ryan Tick
Automated triage collection at scale in AWS - SANS
- AC3 Threat Sightings: El Poder de la Observación
- Hunting backdoors in Active Directory Environment
- Compose Your Hunts With Reusable Knowledge and Share Your Huntbook With the Community
- Hunting and Scoping A Ransomware Attack
- Full Scholarship Cybersecurity Training With SANS
- The 14 Absolute Truths of Security
- Vulnerabilities and reports and metrics, oh my!
- CISSP Cram Session
- Cleaning Up Our Cyber Hygiene
- Security Onion
Security Onion on Security Weekly Episode 717 - Virus Bulletin
VB2021 localhost videos available on YouTube - Watson Infosec
ElasticXDR 7.15.1 Overview - Zeek in Action
MALWARE
- 0xdf hacks stuff
- Martin Chlumecký at Avast Threat Labs
DirtyMoe: Deployment - Harsh Patel and Zachary Bailey at Cofense
Spooky Ransomware Steals Past SEGs in Under 15 Minutes - Cyber Geeks
A detailed analysis of the STOP/Djvu Ransomware - Shaul Vilkomir-Preisman at Deep Instinct
Understanding the Windows JavaScript Threat Landscape - Xiaopeng Zhang at Fortinet
Deep Dive into a Fresh Variant of Snake Keylogger Malware - Igor Skochinsky at Hex Rays
Igor’s tip of the week #63: IDA installer command-line options - Dmitry Melikov at InQuest
Adults Only Malware Lures - Johannes Bader
Analysing TA551/Shathak Malspam With Binary Refinery - LockBoxx
Notes on Keyloggers - Mahmoud Morsy
- Malwarebytes Labs
- Marco Ramilli
CONTI Ransomware: Cheat Sheet - Marcus Edmonson at ‘Data Analytics & Security’
To Catch a Hacker in My Home Lab – Atreides - mr.d0x
Malapi - Red Alert
Threat Actor targeted attack against Finance and Investment industry - Aaron Gdanski and Limor Kessem at Security Intelligence
From Thanos to Prometheus: When Ransomware Encryption Goes Wrong - Pedro Tavares at Segurança Informática
Troystealer malware analysis - Dennis Schwarz at ZScaler
Spike in DanaBot Malware Activity
MISCELLANEOUS
- Marco Fontani at Amped
Summing Up: How Do I Convert, Play, Enhance, Annotate, and Export Video Evidence With a Single Tool? - Amina Zilic at Binalyze
The Tenth Step to Forensic Readiness: Legal review - Cassie Doemel at AboutDFIR
AboutDFIR Site Content Update 11/6/21 - Cellebrite
India’s DFIR Community Turns To Digital Intelligence Technology To Solve Their Toughest Cases - Paul Lee, Yuri Kramarz and Martin Lee at Cisco’s Talos
The features all Incident Response Plans need to have - Joshua I. James at DFIRScience
What job opportunities does digital forensics give me? - Michael Karsyan at Event Log Explorer blog
Setting up Windows to read events from remote computers over a local network. - Faith Opiyo at CyberSecFaith
Building my Home Lab part 4: deploying the domain controller and endpoints - Forensic Focus
- Todd Shipley on the Dark Net, and the Importance of Relationship-Building for Investigations
- PRNU Based Verification of Multi-Camera Smartphones
- How to Use Variable Motion Deblurring in Amped FIVE
- Get your dedicated FREE trial of Binalyze AIR up and running in just 2 mins!
- Work Smarter, Not Harder — Optimize Your System for Faster Forensic Processing
- Register For Webinar: Launching Binalyze Forensic Investigation Suite
- Towards Deep Fake Video Detection Using PRNU Based Method
- Josh Moulin
Creating a Digital Forensic Capability - Anne Campbell at Barracuda
Don’t pay the ransom: A three-step guide to ransomware protection - Kevin Pagano at Stark 4N6
Forensics StartMe Updates (11/1/2021) - Magnet Forensics
Meet the Magnet Forensics’ Training Team: Sean Boero - Amelia Albanese at Palo Alto Networks
Australia’s Response to the Rise of Ransomware - Tami Smith at ‘Pro Digital Forensic Consulting’
Popular Case Studies in Digital Forensics - Brittany Roberts at ADF
The Ultimate Checklist for Buying a Digital Forensics Tool - Ryan Campbell at ‘Security Soup’
Weekly News Roundup — October 31 to November 6 - SANS
- Doug Burks at Security Onion
New Security Onion 2 Training Available: Practical Analysis with Security Onion 2!
SOFTWARE UPDATES
- Berla
iVe Software v3.3.1 Release - Brim
v0.27.0 - Didier Stevens
- Elcomsoft
Elcomsoft System Recovery 8.0 – a forensically sound field analysis tool with write-blocking disk imaging - F-Response
F-Response 8.3.1.8 Released – Updates to Collect, Classic, and Windows 11 - Mike Cohen at Velocidex
Velociraptor 0.6.2 Release - Alisha Cales at Paraben Corporation
- Regipy
2.2.2 - Ahmed Khlief at Shells.Systems
APT-Hunter V2.0 : More than 200 use cases and new features - Velociraptor
Release 0.6.2 - Xways
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!