As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Digital Forensics Myanmar
Window Forensics With EZ-Tools (Part 1+2) - diyinfosec
Why learning a Forensic Artifact matters? - Elcomsoft
- Simon Wong at Expel
Attack trend alert: AWS-themed credential phishing technique - Forensafe
Investigating User Accounts - Lee Whitfield at Forensic 4cast
Mac Randomization in Windows - Forensic-Research
- Alex Bilz
Recovering WIFI SSIDs from Chromium’s Network Persistent State File - Joshua I. James at DFIRScience
- Koen Van Impe
Integrate DFIR-IRIS, MISP and TimeSketch - Melissa at Sketchymoose’s Blog
Looking at some PwnKit PoCs for Fun - Claudio Guarnieri
A Primer On Android Forensics - Oxygen Forensics
Selective Data Analysis in Oxygen Forensic® Detective - J0wir
Cyberdefenders – DetectLog4j - Antonio Sanz at Security Art Work
THREAT INTELLIGENCE/HUNTING
- A. Boukar
Host Header Injection Attacks - Adam at Hexacorn
Analysing NSRL data set for fun and because… curious - Aon
Microsoft 365: Identifying Mailbox Access - Ian Schlesinger at AT&T Cybersecurity
Stories from the SOC – WannaCry malware - Avast Threat Labs
- Bitdefender
- Blackberry
Threat Spotlight: WhisperGate Wiper Wreaks Havoc in Ukraine - Erica Mixon at Blumira
Why Email Forwarding Is a Security Risk (And How To Detect) - Brad Duncan at Malware Traffic Analysis
- Check Point Research
31st January– Threat Intelligence Report - Chris Carlson at Target
Meet Merry Maker: How Target Protects Against Digital Skimming - Cisco’s Talos
- CrowdStrike
- Daniel Roberson at DMFR Security
- Kevin Libby at DomainTools
New Phone, Who Dat? - Elastic Security Research
Sandboxing Antimalware Products for Fun and Profit - Esentire
Remcos RAT - ghost$
Discord Payload Recon - Michael Lazic at Gigamon
Investigating Lateral Movement — WMI and Scheduled Tasks - Hacking Articles
- Jeffrey Appel
Protect against AzueAD OAuth Consent phishing attempts (Illicit consent attack) - Andy Young at Keysight
Here we BotenaGo Again! - Mandiant
- Microsoft Security
- Mike at “CyberSec & Ramen”
Shortcut to Windows Update - Amy L. Robertson at MITRE ATT&CK
ATT&CK 2022 Roadmap - Musings of a Rube Goldberg blog machine
Synapse PE Exports - Nasreddine Bencherchali
Why Hunting For LOLBINs Is One Of The Best Bets - Nextron Systems
Antivirus Event Analysis Cheat Sheet v1.9.0 - Nik Alleyne at ‘Security Nik’
- Palo Alto Networks
Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine - Penetration Testing Lab
Domain Escalation – Machine Accounts - Pepe Berba
- Recorded Future
- SANS Internet Storm Center
- YARA’s Console Module, (Sun, Jan 30th)
- Be careful with RPMSG files, (Mon, Jan 31st)
- Automation is Nice But Don’t Replace Your Knowledge, (Tue, Feb 1st)
- Finding elFinder: Who is looking for your files?, (Wed, Feb 2nd)
- Keeping Track of Your Attack Surface for Cheap, (Thu, Feb 3rd)
- Power over Ethernet and Thermal Imaging, (Sat, Feb 5th)
- Security Investigation
- Pedro Tavares at Segurança Informática
Taking the bait: The modus operandi of massive social engineering waves impacting banks in Portugal - Seongsu Park
Ransomware Playbook - Sophos
- Cody Thomas at SpecterOps
Mythic 2.3 — An Interface Reborn - Ben Martin at Sucuri
WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details - Symantec Enterprise
- Tareq Alkhatib
Finding Inconsistencies In MITRE ATT&CK Data Sources - Josh Hopkins at Team Cymru
Expert Analyst Insight into North Korean ‘Internet Outages’ - Jean-Francois Maes at TrustedSec
I’m bringing relaying back: A comprehensive guide on relaying anno 2022 - Tyson Supasatit at Uptycs
What is MITRE D3FEND and How Should My Organization Use It? - Varonis
- Steven Adair and Thomas Lancaster at Volexity
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
UPCOMING EVENTS
- Belkasoft
[WEBINAR] Down The Rabbit Hole: Carving and its Implementations in Digital Forensics - SANS
Network Forensics: Tools of the Trade… At Scale and on a Budget - Securizame
NOTICIAS SECURÍZAME – EVENTOS Y FORMACIÓN DE FEBRERO 2022
PRESENTATIONS/PODCASTS
- Archan Choudhury at BlackPerl
Incident Response Training, How to Remove Malware- Day 19, Automate Linux Analysis - Black Hat
Black Hat Europe 2021 - Black Hills Information Security
- Breaking Badness
110. A Sad State of Malwares - Chewing the FAT
Episode 9 - Cyan Forensics
Cyan launches new Podcast with Sir Mark Rowley as its first guest - CYBERWARCON
CYBERWARCON 2021 - Day Cyberwox
TOP 2 Cybersecurity Certifications for Aspiring Cybersecurity Analysts - Detection: Challenging Paradigms
S2 – Episode 8: Ryan Hausknecht - Joshua I. James at DFIRScience
- Dump-Guy Trickster
IDAPro Reversing Delphi MBR Wiper and Infected Bootstrap Code - Gerald Auger at Simply Cyber
My Day to Day Malware Analysis Tool, Intezer Analyze, Overview - Hasherezade
Adding imports list dumped by PE-sieve into IDA (with IFL plugin) - Heather and Roxy at Hurricane Labs
SOC Talk: Malware on USB - InfoSec_Bret
IR – SOC145-103 – Ransomware Detected - John Hammond
Let’s Write Golang - Karsten Hahn at Malware Analysis For Hedgehogs
Demo – Fake Antivirus Alerts in Edge browser notifications - Magnet Forensics
Introducing Magnet AUTOMATE Enterprise - NTCore
.NET BinaryFormatter Encoded Payload Extraction - OALabs
How To Unpack VMProtect 3 (x64) Night Sky Ransomware With VMPDump [Patreon Unlocked] - Radware
Threat Researchers Live: Ep 18 - Richard Davis at 13Cubed
Puzzling RDP Cache – Putting the Pieces Together - SANS
- Sumuri
New RECON LAB Add Source Menu - This Week In 4n6
This Month In 4n6 – January – 2022 - Watson Infosec
pfSense LAB & Real World Build - X-Force
Analyzing PowerShell Payloads – Part 6 - Zeek in Action
MALWARE
- 3xp0rt
Mars Stealer: Oski refactoring - Alexandre Borges at ‘Exploit Reversing’
Malware Analysis Series (MAS) – Article 2 - Any.Run
ANY.RUN brings a New Technology for Instant Malware Analysis - Cado Security
CoinStomp Malware Family Targets Asian Cloud Service Providers - Changalamaadan
Practical Malware Analysis Lab Part — I - Cyber Geeks
A detailed analysis of Lazarus APT malware disguised as Notepad++ Shell Extension - Cybereason
- Erik Hjelmvik at Netresec
PolarProxy in Windows Sandbox - Jim Richberg at Fortinet
Cybercriminals Seek Ransomware Payments and Settlements - Igor Skochinsky at Hex Rays
Igor’s tip of the week #75: Working with unions - Yuta Fuchikami at JPCERT/CC
FAQ: Malware that Targets Mobile Devices and How to Protect Them - Kiran Raj at McAfee Labs
Emotet’s Uncommon Approach of Masking IP Addresses - Microsoft Security
The evolution of a Mac trojan: UpdateAgent’s progression - Matt Lewis at NCC Group
Machine Learning for Static Analysis of Malware – Expansion of Research Scope - Sebdraven
WhisperKill vs WhiteBlackCrypt: un petit soucis de fichiers… - Security Intelligence
- Security Onion
- Phil Stokes at SentinelOne
Sneaky Spies and Backdoor RATs | SysJoker and DazzleSpy Malware Target macOS - Threat Lab Indonesia
Phishing and Spam Malware Emotet Analysis - Tony Lambert
- Alfredo de Oliveira at Trend Micro
Cryptojacking Attacks Target Alibaba ECS Instances - Joshua Platt, Jonathan Mccay and Jason Reaves at Walmart
Sugar Ransomware, a new RaaS
MISCELLANEOUS
- Andrew Rathbun and Eric Zimmerman at Kroll
KAPE Quarterly Update – Q4 2021 - Martino Jerian at Amped
An Interview With Paul Hopcroft From Nottinghamshire Police, UK - Belkasoft
5 Bloopers of a Digital Forensic Investigator - Coveware
Law enforcement pressure forces ransomware groups to refine tactics in Q4 2021 - DFIR.Training
- Joshua I. James at DFIRScience
Is there a difference between Digital Forensic Investigation Method and Digital Forensic Technique? - Robert M. Lee at Dragos
What to Expect When Interviewing at Dragos: Lessons Learned for You and Other Employers - Robert Graham at Errata Security
No, a researcher didn’t find Olympics app spying on you - Forensic Focus
- Kevin Pagano at Stark 4N6
Forensics StartMe Updates (2/1/2022) - LimaCharlie
Collect & Monitor Telemetry From Any Source - Karen Sprenger at LMG Security
8 Crucial Incident Response Steps - Magnet Forensics
- Carlos Canto at Rapid7
Velociraptor Version 0.6.3: Dig Deeper With More Speed and Scalability - Ryan Campbell at ‘Security Soup’
Weekly News Roundup — January 30 to February 5
SOFTWARE UPDATES
- Amped
Authenticate Update 23481: Improved Variation of Prediction Footprint Analysis and More - Brian Maloney
OneDriveExplorer - DFIRTrack
v2.4.1 - Elcomsoft
Elcomsoft iOS Forensic Toolkit 8.0 beta 4: forensically sound checkm8 extraction of iPhone 8, 8 Plus and iPhone X - Eric Zimmerman
ChangeLog - Fernando Mercês
entropy - Foxton Forensics
Browser History Examiner — Version History – 1.16.7 - Magnet Forensics
Introducing Magnet AUTOMATE Enterprise - MantaRay Forensics
2021 Q4 VirusShare Update 01 - Maxim Suhanov
dfir_ntfs 1.1.8 - MISP
MISP 2.4.153 released with improvements and bugs fixes - OSForensics
V9.1 Build 1009 3rd February 2022 - radare2
5.6.0 – codename Miteigi - Security Onion
Security Onion 2.3.100 20220203 Hotfix Now Available! - Srum-Dump
2.4 Kayak - Ulf Frisk
MemProcFS Version 4.7
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 