As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Abdallah Elnoty
  2019 Defcon DFIR CTF Write-up (Memory Forensics)
  
  
• Camille Lore
  Parsing Google Voice Search
  
  
• Cellebrite
  Cellebrite Announces Fourth Quarter and Full Year 2021 Results
  
  
• Dr. Neal Krawetz at ‘The Hacker Factor Blog’
  Three Minute Forgeries
  
  
• Elcomsoft
  • Dude, Where Are My Messages?
  • GPU Acceleration On The Cheap: Using Affordable Video Cards to Break Passwords Faster
    
    
• Forensafe
  Investigating PowerShell
  
  
• InfoSec Write-ups
  • Phishing Emails and Malware Traffic Analysis
  • Browser Forsensics — CyptoMiner
  • Phishing: Creating and Analyzing
  • CyberDefenders Qradar101 Write-up
    
    
• Magnet Forensics
  Common Issues with Traditional DVR Recovery Using Cloned Hard Drives
  
  
• Oxygen Forensics
  Downgrade Method: what should be known before the procedure
  
  
• Patrick J. Siewert at ‘Pro Digital Forensic Consulting’
  When the Absence of Evidence is Good Evidence
  
  
• We are OSINTCurio.us
  Location of an IP Address
  
  
• Yogesh Khatri at ‘Swift Forensics’
  Reading OneDrive Logs
  

THREAT INTELLIGENCE/HUNTING

• Altered Security
  A primer on DCSync attack and detection
  
  
• Andy Gill at ZeroSec
  Chasing the Silver Petit Potam
  
  
• Anomali
  Anomali Cyber Watch: Mobile Malware Is On The Rise, APT Groups Are Working Together, Ransomware For The Individual, and More
  
  
• Anton Chuvakin
  Google Cybersecurity Action Team Threat Horizons Report #2 Is Out!
  
  
• ASEC
  • ASEC Weekly Malware Statistics (February 7th, 2022 – February 13th, 2022)
  • Distribution of Magniber Ransomware Stops (Since February 5th)
  • PseudoManuscrypt Being Distributed in the Same Method as Cryptbot
    
    
• Thu Pham at Blumira
  New Detections Update: Microsoft 365 Security
  
  
• Brad Duncan at Malware Traffic Analysis
  2022-02-16 – Files for an ISC diary (Astaroth/Guildma)
  
  
• BushidoToken
  Mobile Banking Phishing Campaign
  
  
• Adam Cohen Hillel and Katerina Tiddy at Cado Security
  Cado Response Now Integrates with Splunk SOAR to Automate Your Cloud Incident Response Workflow
  
  
• CERT-AGID
  • Nuova campagna malware sLoad veicolata tramite PEC
  • Rilevata campagna massiva Qakbot con target Italia
    
    
• Check Point Research
  14th February– Threat Intelligence Report
  
  
• Christoffer Strömblad at Truesec
  A First Step Towards Building a Cyber Threat Intelligence Capability
  
  
• Cisco’s Talos
  Threat Roundup for February 11 to February 18
  
  
• Oliver Cookman at Cloudflare
  Detecting Magecart-Style Attacks With Page Shield
  
  
• CrowdStrike
  • 2022 Global Threat Report: A Year of Adaptability and Perseverance
  • Defend Against Ransomware and Malware with Falcon Fusion and Falcon Real Time Response
  • CrowdStrike Partners with MITRE CTID, Reveals Real-world Insider Threat Techniques
    
    
• Oakley Cox at Darktrace
  Staying ahead of REvil’s Ransomware-as-a-Service business model
  
  
• David Burkett at Signalblur
  Operationalizing Mitre’s ATT&CK Framework
  
  
• Hacking Articles
  • Windows Privilege Escalation: SpoolFool
  • Windows Privilege Escalation: PrintNightmare
    
    
• HVS Consulting
  The APT Fallout of Vulnerabilities such as ProxyLogon, OGNL Injection, and log4shell
  
  
• Intezer
  TeamTNT Cryptomining Explosion 🧨
  
  
• Malwrologist
  YaraDbg
  
  
• Microsoft Security
  ‘Ice phishing’ on the blockchain
  
  
• Gabby Raymond at MITRE Engage™
  A Sneak Peak at MITRE Engage™ V1
  
  
• Simon Biggs, Richard Footman and Michael Mullen at NCC Group
  Detecting Karakurt – an extortion focused threat actor
  
  
• Nestori Syynimaa at ‘Office 365 blog’
  Stealing and faking Azure AD device identities
  
  
• Nader Shalabi at nosecurecode
  Sandboxing with Sysmon
  
  
• Penetration Testing Lab
  Persistence – Notepad++ Plugins
  
  
• Pete Cowman at Hatching
  Updates for IcedID, Mercurial, Allcome and Qakbot
  
  
• Selena Larson and Joe Wise at Proofpoint
  Charting TA2541’s Flight 
  
  
• Rahmat Nurfauzi
  Cobalt Strike & Covenant Custom Command and Control (C3)
  
  
• Recorded Future
  The Business of Fraud: Tax Refund Fraud
  
  
• S2W Lab
  Post Mortem of KlaySwap Incident through BGP Hijacking | EN
  
  
• Lance Spitzner at SANS
  Nation State Threat Actors: From a Security Awareness Perspective
  
  
• SANS Internet Storm Center
  • DHL Spear Phishing to Capture Username/Password, (Sun, Feb 13th)
  • Who Are Those Bots?, (Tue, Feb 15th)
  • Reminder: Decoding TLS Client Hellos to non TLS servers, (Mon, Feb 14th)
  • Astaroth (Guildma) infection, (Wed, Feb 16th)
  • Remcos RAT Delivered Through Double Compressed Archive, (Fri, Feb 18th)
  • More packet fu with zeek, (Thu, Feb 17th)
  • Wireshark 3.6.2 Released, (Sat, Feb 19th)
  • Video: YARA’s Console Module, (Sun, Feb 20th)
    
    
• Security Investigation
  • The Endpoint Security Checklist
  • Windows RDP Event IDs Cheatsheet
  • Anatomy of the Infamous EMPIRE Powershell Framework
    
    
• mr.d0x
  Steal Credentials & Bypass 2FA Using noVNC
  
  
• Sina Chehreghani and Kayzad Vanskuiwalla at Securonix
  Securonix Threat Labs Monthly Intelligence Insights — January
  
  
• Sophos
  • Vulnerable Exchange server hit by Squirrelwaffle and financial fraud
  • Rapid Response: The Squirrelwaffle Incident Guide
    
    
• Ben Martin at Sucuri
  Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign
  
  
• Yelisey Boguslavskiy at Advanced Intelligence
  The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works
  

UPCOMING EVENTS

• Belkasoft
  Belkasoft Capture the Flag Competition 2022. Participate and Master your Skills with Belkasoft!
  
  
• Cellebrite
  What Happens When You Press the Button – Prepping for Court
  
  
• Cybereason
  Webinar March10th 2022: Live Attack Simulation – XDR vs. No-Macro RansomOps
  
  
• HelpSystems
  Outsmarting RaaS: Strategies to Implement Before, During, and After a Ransomware Attack
  
  
• Joshua I. James at DFIRScience
  DFIRScience Maybe 20k Streaming Extravaganza! Games! Prizes! Tutorials!
  
  
• Magnet Forensics
  • Registration is Now Open for Magnet Summit 2022!
  • Putting Your DFIR Lab in the Cloud: Lessons Learned
  • Tips & Tricks // Comparing iOS Logical vs. Full File System Extractions
    

PRESENTATIONS/PODCASTS

• • Archan Choudhury at BlackPerl
    Incident Response Training, Browser Forensics – Day 20, Hindsight Demo
    
    
  • ArcPoint Forensics
    UNALLOCATED SPACE S1: EP04: HEATHER MAHALIK
    
    
  • Black Hills Information Security
    • BHIS – Talkin’ Bout [infosec] News 2022-02-14
    • The DNS over HTTPS (DoH) Mess
    • BHIS | How to Burn Out in Infosec (and what to do next) with Corey Ham and Others | 1-Hour
      
      
  • BlueMonkey 4n6
    Logical Volume Manager (LVM) – basics tutorial
    
    
  • Chris Sienko at the Cyber Work podcast
    Data backup in ransomware situations | Cyber Work Podcast
    
    
  • Day Cyberwox
    Is College A SCAM? | STEM Majors, Computer Science and Cybersecurity Degrees – RANT
    
    
  • Detections by SpectreOps
    S2 – Episode 9: Robby Winchester
    
    
  • Didier Stevens
    YARA’s Console Module
    
    
  • Digital Forensic Survival Podcast
    DFSP # 313 – Shimcache and Amcache
    
    
  • Heather Terry, Kurt Wolfe, Josh Neubecker and Eric Patterson at Hurricane Labs
    SOC Talk: Our Favorite Open Source Security Tools
    
    
  • InfoSec_Bret
    IR – SOC156-105 – Unnormal Code/Command Execution
    
    
  • Joshua I. James at DFIRScience
    Data Artifacts, Analysis Results, and Reporting in Autopsy
    
    
  • Justin Tolman at AccessData
    FTK Feature Focus – Episode 35 – Redacting with FTK Plus
    
    
  • Lee Reiber’s Forensic Happy Hour
    Oxygen Forensics Episode 301
    
    
  • OALabs
    Assembly Calling Conventions For Reverse Engineers [Patreon Unlocked]
    
    
  • Magnet Forensics
    • Introducing Magnet AUTOMATE Enterprise
    • Leveraging the Cloud to Get More Data in Your Mobile Investigations
  
  
  • SANS Institute
    • The New SANS Live Training Experience
    • STAR Feb 2022 livestream links
    • Black Girls Hack Too
    • Trust and Emotional Intelligence
      
      
  • Kilian Englert and Ryan O’Boyle at Varonis
    Threat Update 78 – Abusing Power Automate to Exfiltrate Data from Microsoft 365
    

MALWARE

• Abdallah Elnoty
  Playing with AsyncRAT
  
  
• Adam at Hexacorn
  Delphi API monitoring with Frida, Part 2
  
  
• Alexander Adamov at ‘Malware Research Academy’
  Static and dynamic analysis of BlackCat ransomware (PROMIS)
  
  
• Arch Cloud Labs
  Exploring Binary Loaders Pt-1
  
  
• Cerbero
  Hex Editing of Processes on Linux
  
  
• Check Point Research
  • A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies
  • EvilPlayout: Attack Against Iran’s State Broadcaster
    
    
• Cofense
  Phishers Spoof Power BI to Visualize Your Credential Data
  
  
• Cybereason
  Cybereason vs. WhisperGate Wiper
  
  
• Doug Burks at Security Onion
  • Quick Malware Analysis: Emotet Epoch 4 and Cobalt Strike pcap from 2022-02-08
  • Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08
  • Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-10
    
    
• Eli Salem
  Highway to Conti: Analysis of Bazarloader
  
  
• Fortinet
  Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months
  
  
• Herbie Zimmerman at “Lost in Security”
  2022-02-13 Breaking out the WD40! First Stage Downloader For Remcos RAT
  
  
• Matthew Brennan at Huntress
  Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
  
  
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #77: Mapped variables
  
  
• InfoSec Write-ups
  PRACTICAL MALWARE ANALYSIS LAB PART — I
  
  
• Michael Kajiloti at Intezer
  Beyond Files: Analyze URLs with Intezer Analyze
  
  
• John Hammond
  Uncovering NETWIRE Malware – Discovery & Deobfuscation
  
  
• Koen Van Impe at VMRay
  Using VMRay Analyzer for Initial Triage and Incident Response
  
  
• Mahmoud Morsy
  • Phishing Attacks 15_12_2021
  • Phishing Attacks 16_2_2021
    
    
• Mike at “CyberSec & Ramen”
  A Tale of Two Shells
  
  
• Natalie Zargarov at Minerva Labs
  MyloBot 2022 – Evasive botnet that just sends extortion emails?
  
  
• PhishLabs
  Report: Quarterly Threat Trends & Intelligence – February 2022
  
  
• S2W Lab
  Tracking SugarLocker ransomware & operator
  
  
• Karsten Hahn at ‘G Data Software’
  Allcome clipbanker is a newcomer in underground forums
  
  
• Pedro Tavares at Segurança Informática
  Threat Report Portugal: Q4 2021
  
  
• Shaquib Izhar
  Pwning with shortcut : Abusing windows lnk feature to get foothold
  
  
• Bill Marczak, Ali Abdulemam, John Scott-Railton, Bahr Abdul Razzak, Siena Anstis, Noura Al-Jizawi, and Ron Deibert at ‘The Citizen Lab’
  PEARL 2 PEGASUS: Bahraini activists hacked with Pegasus just days after a report confirming other victims
  
  
• Tony Lambert
  Analyzing a Stealer MSI using msitools
  
  
• Jason Reaves and Joshua Platt at Walmart
  PrivateLoader to Anubis Loader
  

MISCELLANEOUS

• Nick Klein at CyberCX
  To pay or not to pay: In a ransomware attack, this is not always the question
  
  
• Martino Jerian at Amped
  A Survey on Video Evidence: The Highlights from the Amped User Days 2021
  
  
• Belkasoft
  Browser forensics and the case of Casey Anthony
  
  
• Joe Vest at Cobalt Strike Research and Development
  Cobalt Strike Training Options
  
  
• Craig Ball at ‘Ball in your Court’
  Fast v. Godaddy.com: Exemplary Jurisprudence and Overlooked Opportunity?
  
  
• Dr. Brian Carrier at Cyber Triage
  Free DFIR With Cyber Triage Lite – Intro and USB-based Collection
  
  
• CyberDrain
  CyberDrain CTF Returns!
  
  
• Doug Metz at Baker Street Forensics
  Summit Bound
  
  
• Forensic Focus
  • How Better Processes and Information Can Improve Digital Forensic Science: January’s Research Roundup
  • How Detego Can Help Police Forces Obtain Critical Digital Evidence And Speed Up Investigations
  • Remote Mobile Collection for Corporate Investigations
  • Forensic Analysis Of Xiaomi IoT Ecosystem
    
    
• Fortinet
  Q&A: Ransomware Settlements and Cyber Insurance
  
  
• Magnet Forensics
  New Report: The Evolution of Digital Forensics in the Next Normal
  
  
• Ryan Campbell at ‘Security Soup’
  Weekly News Roundup — February 6 to February 12
  
  
• Lance Spitzner at SANS
  The Annual SANS Security Awareness Report Survey is Now Open 2022
  
  
• Michael Hale Ligh at Volatility Labs
  The 2021 Volatility Plugin Contest results are in!
  
  
• John Patzakis at X1
  How X1 Social Discovery Uniquely Meets the Challenge of Social Media Evidence Collection
  

SOFTWARE UPDATES

• Acelab
  The New PC-3000 Software Version is Available!
  
  
• Amped
  Amped Replay Update 23579: Unload Timestamps, Audio Playback, Improved Crop, Resize, Annotations, and More
  
  
• Brian Maloney
  OneDriveExplorer v2022.02.18
  
  
• Cellebrite
  Now Available: Cellebrite Physical Analyzer, Logical Analyzer, Reader, and UFED Cloud v7.53
  
  
• Costas K
  MFTBrowser.exe (x64) v.0.0.66.0
  
  
• Digital Detective
  NetAnalysis® v3.2 and HstEx® v5.2 Released
  
  
• Eric Zimmerman
  ChangeLog
  
  
• Hashlookup Forensic Analyser
  hashlookup-forensic-analyser version 0.9 released with MIME type statistics
  
  
• Kovar & Associates
  URSA UCAP 2.0 Platform’s Expanded Flexibility Enables The Intake of Volumes of Telemetry Data For Comprehensive Analysis of UAV Behavior, Regardless of Vendor or Data Type.
  
  
• Mail Xaminer
  Working With Advanced Filters – Mailxaminer Tool
  
  
• Maxim Suhanov
  dfir_ntfs 1.1.9
  
  
• Metaspike
  Forensic Email Intelligence – v1.4.8084
  
  
• Oxygen Forensics
  Oxygen Forensic® Detective v.14.3
  
  
• radare2
  5.6.2
  
  
• Xways
  X-Ways Forensics 20.5 Preview 5
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!