As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Alexis Brignoni at ‘Initialization Vectors’
Android Tor Browser Thumbnails. What? - Adam at Hexacorn
- AhnLab
Case of Ransomware Infection in a Company Using Local Administrator Accounts Set with Same Password - Blake’s R&D
Monitoring File mods through ETW and Velociraptor - Matt Muir at Cado Security
The Continued Evolution of Abcbot - Elcomsoft
- Forensafe
- J0wir
Cyberdefenders – CyberCorp Case 1 - Kevin Pagano at Stark 4N6
Application Battery Usage via Settings Services - Hal Pomeranz at Righteous IT
- Security Onion
Quick Malware Analysis: December 2021 Forensic Challenge pcap from 2021-12-03 - Technisette at ‘We are OSINTCurio.us’
Viewing Social Media Profiles Without Being Logged on
THREAT INTELLIGENCE/HUNTING
- Even more Log4shell!
- Day 10: where we are with log4j from honeypot’s perspective
- 从蜜罐视角看Apache Log4j2漏洞攻击趋势
- [Announcement] New Log4j Vulnerability (CVE-2021-45105) – Log4j 2.17.0
- Auth0’s Response to Log4J
- Threat Hunting for Log4j Exploits on the Network
- How To Detect Log4j Exploits That Lead To Ransomware
- 2021-045-Mick Douglas, Log4j vulnerabilities, egress mitigations- part1
- 2021-046-Mick Douglas, Log4j vulnerabilities, egress mitigations- part2
- Log4j vulnerability Protection for Endpoints
- Defending Against Log4j Exploits with Cisco Secure Endpoint
- CrowdStrike Services Launches Log4j Quick Reference Guide (QRG)
- CrowdStrike Launches Free Targeted Log4j Search Tool
- Baselining and Hunting Log4Shell with the CrowdStrike Falcon Platform
- Nightmare Before Christmas – Curated Intel’s Response To Log4Shell
- Introducing 7.16.2 and 6.8.22 releases of Elasticsearch and Logstash to upgrade Apache Log4j2
- Log4j Update: Q&A With Flashpoint and Risk Based Security
- Critical Apache Log4j (Log4Shell) Vulnerability Updates: What You Need to Know
- The Log Keeps Rolling On: Evaluating Log4j Developments and Defensive Requirements
- Analysis of Log4jShell Attack
- Log4j Vulnerability – An Important Reminder to “Assume Breach”
- Facts to clear about Log4J for “Bug Bounty Hunters”
- Log4J vulnerability in detail
- Log4j Vulnerability Explanation In Details
- Threat Spotlight: Log injection attacks
- Observation of Attacks Targeting Apache Log4j2 RCE Vulnerability (CVE-2021-44228)
- Log4j Attacks – A Week in Review
- Responding to Cybersecurity Issues Like Log4j…and the Minor Ones too
- Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
- Log4j Lookups in Depth // Log4Shell CVE-2021-44228 – Part 2
- Investigating a Log4j Malware Attack (CVE-2021-44228)
- Apache Log4j Vulnerability/Exploitation
- CVE-2021-45105: New DoS Vulnerability Found in Apache Log4j
- Continuing Log4Shell – Zeek – Detection
- Continuing Log4Shell – Snort3 Rule – Detection
- Continuing Log4-Shell – Packet Analysis – Detection
- Continuing Log4Shell – Understanding/Testing The Exploit
- Beginning Log4-Shell – Understanding The Issue/Vulnerability
- Log4j vulnerability explained and how to respond
- Introducing Log4Shell Sentinel
- Test for Log4Shell With InsightAppSec Using New Functionality
- Defend against Log4Shell exploits (CVE-2021-44228) with ReaQta-Hive
- What do you need to know about the log4j (Log4Shell) vulnerability?
- log4shell and cloud provider internal meta data services (IMDS), (Thu, Dec 23rd)
- Answering Log4Shell-related questions
- Log4j Threat Hunting Advice
- Detecting Log4j Exploitation Attempts via Zeek in Security Onion
- Logjam: Log4j exploit attempts continue in globally distributed scans, attacks
- Simulating, Detecting, and Responding to Log4Shell with Splunk
- Log4j Vulnerabilities: Attack Insights
- Blocking log4j with Response Actions
- Assess Log4Shell Like an Attacker With Tenable’s Dynamic Detections
- Log4Shell Visualization
- How to detect Apache HTTP Server Exploitation
- What to Do About Log4j
- The Log4j story, and how it has impacted our customers
- Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
- Apache Log4j: Mitigating risks
- Log4j Vulnerability Aftermath
- log4j CVE-44228 | Scanning a Million Hosts in Less Than 30 Minutes
- Log4J’s Unique Impact In The Cloud
- Hannah Cartier at Active Countermeasures
Malware of the Day – Cryptomining and Cryptojacking - Anomali
Anomali Cyber Watch: ‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems, APT31 Intrusion Set Campaign: Description, Countermeasures and Code, State-sponsored hackers abuse Slack API to steal - Karthik Ram and Ross Warren at AWS Security
Simplify setup of Amazon Detective with AWS Organizations - Brad Duncan at Malware Traffic Analysis
2021-12-23 – Astaroth/Guildma infection from Brazil malspam - BushidoToken
Open Redirect in Oracle BlueKai - Check Point Research
20th December – Threat Intelligence Report - Cobalt Strike Research and Development
- Brian Dye at Corelight
Security strategy for the next Log4j - CrowdStrike
- Anthony M. Freed at Cybereason
History’s Most Notorious Ransomware Gangs - Terry Mayer at Cyjax
Russia and Ukraine: avoiding war - DeTTECT
v1.5.0 - EclecticIQ
- Joe Desimone and Samir Bousseaden at Elastic
Elastic Security uncovers BLISTER malware campaign - F-secure
ESFang – Exploring the macOS Endpoint Security Framework (ESF) for Threat Detection - Group-IB
- Allan Liska at Recorded Future
Are Ransomware Attacks Slowing Down? It Depends on Where You Look - SANS Internet Storm Center
- More Undetected PowerShell Dropper, (Tue, Dec 21st)
- PowerPoint attachments, Agent Tesla and code reuse in malware, (Mon, Dec 20th)
- December 2021 Forensic Contest: Answers and Analysis, (Wed, Dec 22nd)
- Nicely Crafted indeed.com Login Page, (Thu, Dec 23rd)
- Defending Cloud IMDS Against log4shell (and more), (Thu, Dec 23rd)
- Example of how attackers are trying to push crypto miners via Log4Shell, (Fri, Dec 24th)
- David Bisson at Security Intelligence
Ransomware Attackers’ New Tactic: Double Extortion - Priyadharshini Balaji at Security Investigation
Zeek – Network Traffic Analysis and Security Monitoring Tool - Trustwave SpiderLabs
COVID-19 Phishing Lure to Steal and Mine Cryptocurrency - Xavier Mertens at /dev/random
Velociraptor & Loki
UPCOMING EVENTS
- Magnet Forensics
PRESENTATIONS/PODCASTS
- Andrew Rathbun on ‘Chewing the FAT’
Episode 8 - Acelab
A Video from the ACE Lab Webinar on the Modern Challenges in Data Recovery & Digital Forensics - Archan Choudhury at BlackPerl
SOC Open Source, ELK- TheHive- Cortex- MISP Complete Setup Guide, Part 1 - Belkasoft
Acquiring iCloud Backups—17th Episode of BelkaTalk on DFIR - Black Hills Information Security
- Breaking Badness
106. Log4Shell Shock - Cellebrite
Explore real-world digital intelligence challenges in Cellebrite’s annual Industry Benchmark Report - Chris Sienko at the Cyber Work podcast
High-tech hacking tools and how to defend against them | Cyber Work Podcast - Cybereason
Malicious Life Podcast: Shawn Carpenter – A Cyber Vigilante - Joshua James at DFIRScience
Bitcoin forensics – visualizing blockchain transactions with Maltego - Digital Forensic Survival Podcast
- Dump-Guy Trickster
Advanced DnSpy tricks in .NET reversing – Tracing, Breaking, dealing with VMProtect - Gerald Auger at Simply Cyber
Getting an Entry Level Cybersecurity Job in 2022 (Where to Look!) - InfoSec_Bret
- Magnet Forensics
- Richard Davis at 13Cubed
Detecting NTDS.DIT Theft – ESENT Event Logs - SANS Institute
Your Calling Card: Building Your Cybersecurity Leadership Brand: Part 4 - SecurityNinja
MALWARE
- 0day in {REA_TEAM}
Reversing With IDA From Scratch (P37) - Arch Cloud Labs
Shellcode Generation with The Radare2 Framework - Atomic Matryoshka
“Cracking Open the Malware Piñata” Series: Analysis Environment Setup - Ben Lee
- Nick Chalard at InQuest
(Don’t) Bring Dridex Home for the Holidays - Intezer
The Role of Malware Analysis in Cybersecurity - Malwarebytes Labs
Dridex affiliate dresses up as Scrooge - Michael Koczwara
Attack Analysis — Cobalt Strike C2 & Hancitor/Malware - Jim Walter and Niranjan Jayanand at SentinelOne
New Rook Ransomware Feeds Off the Code of Babuk - Sophos
- Vishal Thakur
MISCELLANEOUS
- Amped
- Anton Chuvakin
- Brett Shavers at DFIR.Training
What’s in your DFIR Go-bag? - Camille Lore
You don’t have to learn to code to be in cybersecurity…. - Forensic Focus
- Jesse Spangenberger at ‘Cyber Fenix DFIR & Technology’
Open Security Holiday CTF - Christopher Luft at LimaCharlie
Cloud Function Dashboard with LimaCharlie - Magnet Forensics
A Year-End Message from Adam Belsher & Jad Saliba - Mike Cohen at Velocidex
SFTP In AWS - Oxygen Forensics
2021 in Review: A Highlight of our Year - Pete Cowman at Hatching
A Year in Review, plus Detection Updates - Christopher Maddalena at SpecterOps
Ghostwriter: Looking Back at 2021
SOFTWARE UPDATES
- Amped
Amped FIVE Update 22997: Blank Video, Audio Loader, Audio Muxer, Audio Sync, and Much More - Apache
Release 2.2.1 – 12/19/2021 - Atola
Atola Insight Forensic 5.1.1 released - Autopsy
Autopsy 4.19.3 - Cellebrite
Now Available: Cellebrite Physical Analyzer and Cellebrite UFED Cloud v7.51 - Didier Stevens
- Elcomsoft
- ExifTool
ExifTool 12.38 - Igor Skochinsky at Hex Rays
IDA 7.7 released - Maxim Suhanov
dfir_ntfs 1.1.0 - MISP
MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more. - OSForensics
V9.1 Build 1006 23rd December 2021 - Ryan Benson at dfir.blog
Hindsight v2021.12 - Ryan Hausknecht
PowerZure 2.1 Update - Security Onion
Security Onion 2.3.91 Now Available including Elastic 7.16.2 and Log4j 2.17.0! - Smart Projects
IsoBuster 4.9 released - Ulf Frisk
MemProcFS Version 4.5 - Xways
- Yamato Security
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 