As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Asger S
  Creating Standalone Artifact Collector
  
  
• Belkasoft
  • How to use Advanced Filters with Belkasoft X
  • The importance of fully charged devices in your digital forensic investigation
    
    
• Digital Forensics Myanmar
  • eCDFP Module (5) File System Analysis (Part-5)
  • #DVR_NVR_Forensics
    
    
• Oleg Afonin at Elcomsoft
  Filling the Gaps: iOS 14 Full File System Extracted
  
  
• Forensafe
  Investigating Windows LogFile
  
  
• Ian Whiffin at DoubleBlak
  iOS16iMessage
  
  
• Jan Geisbauer at Empty Datacenter
  Windows Credential Dumping
  
  
• Kevin Pagano at Stark 4N6
  • Cellebrite CTF 2022 – Marsha’s PC
  • Cellebrite CTF 2022 – Heisenberg’s Android
  • Cellebrite CTF 2022 – Beth’s iPhone
  • Cellebrite CTF 2022 – Marsha’s iPhone
    
    
• Kibaffo33
  OMGboard
  
  
• Magnet Forensics
  • How to get started with Comae
  • Automating Insider Threat Investigations with SIEM Integration in Magnet AUTOMATE Enterprise
  • How to Conquer Memory Analysis for Incident Response, Threat Hunting and Compromise Assessment
    
    
• The DFIR Report
  Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • Not installing the installers, part 3
  • A few more protocol handlers 🙂
    
    
• Vitali Kremez, Marley Smith and Yelisey Bogusalvskiy at Advanced Intelligence
  BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive
  
  
• Anomali
  Why it’s Time to Rethink Adversary Detection and Response — Now
  
  
• Bitdefender
  Bitdefender Threat Debrief | June 2022
  
  
• BleepingComputer
  • Qbot malware now uses Windows MSDT zero-day in phishing attacks
  • Bizarre ransomware sells decryptor on Roblox Game Pass store
  • Iranian hackers target energy sector with new DNS backdoor
  • Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
    
    
• Brad Duncan at Malware Traffic Analysis
  • 2022-06-09 – TA578 Contact Forms campaign Bumblebee infection with Cobalt Strike
  • 2022-06-07 – Emotet E5 infection with Cobalt Strike and Spambot activity
  • 2022-06-07 – obama186 distribution Qakbot with DarkVNC and spambot activity
    
    
• Breachquest
  What is LockBit?
  
  
• CERT Ukraine
  Масована кібератака на медійні організації України з використанням шкідливої програми CrescentImp (CERT-UA#4797)
  
  
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 04 – 10 giugno 2022
  
  
• Check Point Research
  • 6th June – Threat Intelligence Report
  • Privilege Escalation in Azure: Keep your enemies close, and your permissions closer
  • May 2022’s Most Wanted Malware:  Snake Keylogger returns to the index in eighth place following email campaigns delivering the malware via PDF files
  • Crypto-Miners Leveraging Atlassian Zero-Day Vulnerability
    
    
• Cisco’s Talos
  Threat Source newsletter (June 9, 2022) — Get ready for Cisco Live
  
  
• Vaibhav Singhal, Himanshu Anand, Daniel Stinson-Diess, Sourov Zaman, and Michael Tremante at Cloudflare
  Cloudflare observations of Confluence zero day (CVE-2022-26134)
  
  
• Cloudsek
  Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners to Launch Large-Scale Phishing Campaigns
  
  
• CrowdStrike
  • Seven Key Ingredients of Incident Response to Reduce the Time and Cost of Recovery
  • CrowdStrike Falcon Stops Modern Identity-Based Attacks in Chrome
    
    
• Cyble
  • Cybercriminals Targeting Two-Factor Authentication
  • Bumblebee Loader on The Rise
  • Android Malware Distributed Via Smishing
    
    
• Cyborg Security
  Follina Vulnerability – CVE-2022-30190
  
  
• Erica Mixon at Blumira
  • Day 2 Recap at RSA 22
  • Microsoft 365 Threat Hunting Tips From a Former Microsoft Employee
    
    
• Esentire
  eSentire Threat Intelligence Malware Analysis: Purple Fox
  
  
• Expel
  Incident report: Spotting an attacker in GCP
  
  
• Curtis Kang at Flashpoint
  China is Exploiting Network Providers and Devices, Says US Cybersecurity Advisory
  
  
• Fourcore
  Using Windows Event Log IDs For Threat Hunting
  
  
• Gemini Advisory
  Russian Invasion of Ukraine and Sanctions Portend Rise in Card Fraud
  
  
• Yaroslav Kargalev and Ivan Lebedev at Group-IB
  Swiss Army Knife Phishing
  
  
• Drew Schmitt at GuidePoint Security
  GRIT Ransomware Report: May 2022
  
  
• Patrick Schläpfer at HP Wolf Security
  SVCReady: A New Loader Gets Ready
  
  
• InfoSec Write-ups
  • Spring4Shell Vulnerability
  • NoSQL Injection  – Redfox Security
  • Detecting DNS Tunneling using Spark Structured Streaming
    
    
• Md. Abdullah Al Mamun at Intarna
  Chrome: LOLBin For Attackers
  
  
• Paul Kimayong at Juniper Networks
  CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
  
  
• Kela
  Ransomware Victims And Network Access Sales In Q1 2022
  
  
• LockBoxx
  Bootcamp #23: When to Escalate an Alert
  
  
• Malwarebytes Labs
  • Ransomware Task Force priorities see progress in first year
  • 5 Linux malware families SMBs should protect themselves against
  • MakeMoney malvertising campaign adds fake update template
  • ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
    
    
• Ross Inman and Peter Gurney at NCC Group
  Shining the Light on Black Basta
  
  
• pat_h/to/file
  SIEMCraft – Security detection monitoring using Minecraft
  
  
• Proofpoint
  How Cyber Criminals Target Cryptocurrency
  
  
• Catalin Cimpanu at Risky Business News
  Risky Biz News: LockBit-Mandiant drama, explained
  
  
• SANS Internet Storm Center
  • Analysis Of An “ms-msdt” RTF Maldoc, (Sun, Jun 5th)
  • “ms-msdt” RTF Maldoc Analysis: oledump Plugins, (Mon, Jun 6th)
  • Atlassian Confluence Exploits Seen By Our Honeypots (CVE-2022-26134), (Tue, Jun 7th)
  • TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt), (Thu, Jun 9th)
    
    
• Securelist
  CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
  
  
• Beatriz Valls, Ana Isabel Prieto, Sergio Villanueva and Luis Búrdalo at at Security Art Work
  Cazando con Inteligencia Artificial: Detección de dominios maliciosos (III)
  
  
• Security Investigation
  • How to spot a phishing email?
  • Phishing with Reverse Tunnels and URL Shorteners – Detection & Response
  • Linux version of Black Basta ransomware encrypts VMware ESXi servers
  • New ‘DogWalk’ Windows zero-day gets free unofficial patches – Detection & Response
  • Black Basta Ransomware operators leverage QBot for lateral movements
  • Symbiote malware infects all running processes on Linux systems
  • New SVCReady malware loads from Word doc properties – Detection & Response
  • Crypto-Miners Leveraging Atlassian Zero-Day Vulnerability
    
    
• Sucuri
  • It Takes 2 Seconds of Silence to Skim a Credit Card
  • Smilodon Credit Card Skimming Malware Shifts to WordPress
    
    
• Karthikeyan C Kasiviswanathan and Yuvaraj Megavarnadu at Symantec Enterprise
  Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer
  
  
• Trellix
  Growling Bears Make Thunderous Noise
  
  
• Adam Todd at TrustedSec
  WMI Providers for Script Kiddies
  
  
• Trustwave SpiderLabs
  • Trustwave’s Action Response: More MSDT Fallout with “Dogwalk”
  • ModBus 101: One Protocol to Rule the OT World
    
    
• Siddharth Sharma and Nischay Hegde at Uptycs
  Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems
  

UPCOMING EVENTS

• Michelle Coan at Amped
  Join Us at the Amped User Days 2022
  
  
• Cyborg Security
  Dispatches from somewhere else
  

PRESENTATIONS/PODCASTS

• Archan Choudhury at BlackPerl
  Atlassian Confluence – Zero Day Exploit- CVE-2022-26134 Explained with Detection and Mitigation
  
  
• Black Hills Information Security
  • BHIS – Talkin’ Bout [infosec] News 2022-06-06
  • Phishing Made Easy(ish)
  • BHIS | Getting Started : Cybersecurity Maturity Model Certification (CMMC) Model | CJ & Adam
  • BHIS | Getting Started with the Cybersecurity Maturity Model Certification CMMC Model | CJ Cox
    
    
• BlueMonkey 4n6
  Mysteries of SSD serial numbers – how to find them using Windows and Linux.
  
  
• Brakeing Down Security Podcast
  Jon DiMaggio_Art-of-cyberwarfare_hacking_back-insider-threat-messaging_P1
  
  
• Breaking Badness
  123. ACE in the Hole
  
  
• Cisco’s Talos
  Talos EMEA monthly update: Business email compromise
  
  
• Day Cyberwox
  Transitioning In Cybersecurity | 3 Months as a Cloud Threat Detection Engineer at Datadog
  
  
• DFIRScience
  Mounting Linux Logical Volumes in Forensic Disk Images
  
  
• Digital Forensic Survival Podcast
  DFSP # 329 – Shellbags
  
  
• DS4N6
  [BLOG]  RSA Conference ’22 – “CHRYSALIS: Age of the AI-Enhanced Threat Hunters & Forensicators” – Wrap-Up & Community Resources Announced, by  Jess Garcia
  
  
• Hacker Valley Blue
  Unlocking Cyber Education with John Hammond
  
  
• InfoSec_Bret
  • SA – SOC173-123 – Follina 0-Day Detected
  • DFIR Challenge – Conti Ransomware
    
    
• John Hammond
  • ACTIVE DIRECTORY #00 Creating our Server + Workstation Virtual Environment
  • Format String #shorts
  • Unpacking UPX #shorts
    
    
• Justin Tolman at AccessData
  CISA Cybersecurity Incident Response Playbooks – Episode 6 – Post-Incident Activities
  
  
• Lukasz Olszewski at Cyberush
  Incident Response.  The most common Lessons Learned and how to get them right.
  
  
• MSAB
  The New MSAB Customer Portal
  
  
• SANS Institute
  • Live with Jess Garcia | RSA Conference 2022
  • Live with Carl Marrelli | RSA Conference 2022
  • Live with Jake Williams | RSA Conference 2022
  • Live with Karen S. Evans | #RSAC2022
    
    
• Sumuri
  NEW RECON LAB Feature Optical Character Recognition!
  
  
• The Defender’s Advantage Podcast
  Frontline Stories: Introducing Mandiant Digital Risk Protection
  
  
• Uriel Kosayev
  Understanding Follina (CVE 2022 30190) – Malware for Fun
  
  
• Watson Infosec
  How To ElasticXDR Fleet Server Enrollment & Customize Dashboard
  

MALWARE

• ASEC
  Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190)
  
  
• Atomic Matryoshka
  From the User Perspective – TrickBot Phish
  
  
• Avast Threat Labs
  Decrypted: TaRRaK Ransomware
  
  
• Cryptax
  Quick look into a new sample of Android/BianLian
  
  
• Doug Burks at Security Onion
  Quick Malware Analysis: Emotet E5 with Cobalt Strike and Spambot pcap from 2022-06-07
  
  
• Jacob Pimental at GoggleHeadedHacker
  BlackGuard Analysis – Deobfuscation Using Dnlib
  
  
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #93: COM reverse engineering and COM Helper
  
  
• Intezer and Blackberry
  Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat
  
  
• Johannes Bader
  • The Domain Generation Algorithms of SharkBot
  • Full Control over HTTP Requests Headers in Python
    
    
• Lina Lau at Inversecos
  How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
  
  
• McAfee Labs
  • Phishing Campaigns featuring Ursnif Trojan on the Rise
  • Instagram credentials Stealers: Free Followers or Free Likes
  • Instagram credentials Stealer: Disguised as Mod App
    
    
• OALABS Research
  Cobalt Strike Analysis
  
  
• Palo Alto Networks
  • LockBit 2.0: How This RaaS Operates and How to Protect Against It
  • Exposing HelloXD Ransomware and x4k
    
    
• Pete Cowman at Hatching
  Support for Eternity Project and EnemyBot, Plus Family Updates
  
  
• petikvx
  • DoubleZero Ransomware
  • How to reset login password on Windows
  • Vovabol Ransomware
  • Revil Sodinokibi Ransomware
  • Sugar Ransomware
  • Pandora Ransomware
    
    
• Thomas Roccia at SecurityBreak
  10 Python Libraries for Malware Analysis and Reverse Engineering
  
  
• Pedro Tavares at Segurança Informática
  Mars Stealer malware analysis
  
  
• SentinelOne
  • From the Front Lines | Another Rebrand? Mindware and SFile Ransomware Technical Breakdown
  • Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
    
    
• Trend Micro
  • Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme
  • Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
    
    
• Niraj Shivtarkar and Avinash Kumar at ZScaler
  Lyceum .NET DNS Backdoor
  

MISCELLANEOUS

• Adrian at ‘Agood cloud’
  thehive5
  
  
• Any.Run
  ANY.RUN Partners with CyberDefenders Training and Assessment Platform
  
  
• Jean-François Maes at Cobalt Strike Research and Development
  There’s Another New Deputy in Town
  
  
• Cybereason
  Report: Ransomware Attacks and the True Cost to Business 2022
  
  
• Doug Burks at Security Onion
  Security Onion Documentation printed book now updated for Security Onion 2.3.130!
  
  
• Dragos
  • Dragos OT-CERT Providing Industrial Cybersecurity Resources for the OT Community
  • Minimizing the Consequences of Shared Credentials Across IT and OT Environments
    
    
• Forensic Focus
  • Santosh Khadsare on Capacity Building in Digital Forensics
  • FTK Feature Focus: Project Vic
  • Get More From the Cloud: Health Apps
  • Detego Global’s Ballistic Imager Selected as SC Media’s Trust Award Finalist
    
    
• Christopher Luft at Lima Charlie
  DFIR Expert Interview: Kimber Dowsett
  
  
• Morphisec
  Business Ransomware Protection Takes More Than EDR
  
  
• MSAB
  MSAB – a Major Player in IDC report on Digital Forensics
  
  
• Oxygen Forensics
  Analysis of Facebook Account Data in Oxygen Forensic® Detective
  
  
• Anna Seitz at Red Canary
  The myth of “soft skills”: Why intelligence teams need strong communicators
  
  
• Justin Palk at Red Siege Information Security
  Creating a Simple Windows Domain for Offensive-Testing, Part 2
  
  
• Robert M. Lee
  My Reaction to the Bloomberg Article on Me and the 100 Day Action Plan
  
  
• Ryan Campbell at ‘Security Soup’
  Weekly News Roundup — June 5 to June 11
  
  
• Salvation DATA
  • What Does It Take to Become a Digital Forensics Analyst?
  • 10 Cyber Threats and Security Risks to Avoid
    
    
• SANS
  • Instructor Spotlight: Nico Dekens
  • Instructor Spotlight: Doc Blackburn
  • 2022 Verizon DBIR – What Does it Mean?
  • Instructor Spotlight: Nik Alleyne
    
    
• Syed Hasan
  AWS Instance Metadata Service: A Quick Refresher
  
  
• Telsy
  The Advanced Persistent Threats (APT)
  
  
• Sergio Caltagirone at Threat Intel Academy
  Intelligence or Marketing? Which is it and how to tell using the ADEPT model
  
  
• Veronica Schmitt
  If you only knew the power of the log side
  

SOFTWARE UPDATES

• ANSSI-FR
  DFIR4vSphere
  
  
• Belkasoft
  Belkasoft X v.1.13: Support for nested archives review and analysis, checkm8-based acquisition for iOS 15.5, Tableau TX1 integration, iOS screen capturing, BTRFS support, advanced eDiscovery filters, automatic UTC to local time recalculation, more Android APK downgrade applications, in-depth support for Photos.sqlite on iOS, and many more
  
  
• CyberChef
  v9.39.1
  
  
• Doug Burks at Security Onion
  Security Onion 2.3.130 now available including Dashboards, Analyzers, and much more!
  
  
• Elcomsoft
  Elcomsoft iOS Forensic Toolkit 7.40 extends agent-based full file system extraction
  
  
• iNPUT-ACE
  iNPUT-ACE is Now Axon Investigate Version 2.8
  
  
• MantaRay Forensics
  VirusShare_0-423_MR4n6_Hash_Sets
  
  
• Metaspike
  Forensic Email Collector v3.75 Release Notes
  
  
• Regipy
  2.5.3
  
  
• Velociraptor
  Release 0.6.5-RC1
  
  
• Xways
  X-Ways Forensics 20.6 Preview 4
  
  
• Yamato Security
  Hayabusa v1.3.0 🦅
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!