As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Mark Spencer at Arsenal Recon
Maximum Exploitation of Windows Registry Hive Bins - Cellebrite
- Krzysztof Gajewski at CyberDefNerd
Stripped off ADS (Zone.Identifier) for files downloaded in the incognito/private mode. - Derek Eiri
Exploring X-Ways Forensics 20.6 Beta 1b, Auto-Resume - Digital Forensics Myanmar
eCDFP Module (5) File System Analysis (Part-8) (NTFS File System Analysis) - Domiziana Foti
Wireshark 101 — TryHackMe Walktrough - Elcomsoft
- Forensafe
- Jonathan Johnson
WMI Internals Part 1 - Kyle Song
Phone Scam Series: VoIP Gateway Forensics - Mail Xaminer
Do You Know How To Find Out Where A Photo Was Taken? - Miguel Diaz Lira
WriteUps - Olaf Schwarz at NVISO Labs
Investigating an engineering workstation – Part 4 - Oxygen Forensics
Obtaining Addresses from Geo Coordinates - Panagiotis Nakoutis
A deep dive into Ubuntu thumbnails.
THREAT INTELLIGENCE/HUNTING
- Bill Stearns at Active Countermeasures
On Which Interface Should I Capture Packets? - Adam at Hexacorn
Shall we say… Good bye, phishing queue? - Akamai
Ransomware Attack on Airline Industry: Turning Point for India and Others - Anastasios Pingios
Why the Equation Group (EQGRP) is NOT the NSA - Anomali
Anomali Cyber Watch: Russian KillNet DDoSed Lithuania, Building Automation Systems Targeted to Install ShadowPad, China-Sponsored Group Jumps from Home Routers to Connected Machines, and More - Anton Chuvakin
Google Cybersecurity Action Team Threat Horizons Report #3 Is Out! - Asger S
Velociraptor Threathunting – Quick Introduction - AT&T Cybersecurity
How can SOC analysts use the cyber kill chain? - Avertium
An In-Depth Look at Chinese APT ToddyCat - BleepingComputer
- Brad Duncan at Malware Traffic Analysis
- Himaja Motheram at Censys
Where the Weird Things Are 🛸 Investigating Unusual Internet Artifacts with Censys Search Data - CERT Ukraine
Кібератака UAC-0056 на державні організації України з використанням Cobalt Strike Beacon (CERT-UA#4914) - CERT-AGID
- Check Point Research
4th July – Threat Intelligence Report - CISA
North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector - Cisco’s Talos
- Daniele Molteni and Jesse Kipp at Cloudflare
New WAF intelligence feeds - Cluster25
LockBit 3.0: “Making the ransomware great again” - CrowdStrike
Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies - Cybereason
- Cyberknow
Russia-Ukraine War Cyber-Event Map - Cyble
- Veronica Drake at Flashpoint
The Pyramid of Pain and Cyber Threat Intelligence - Rachel Bishop at Huntress
Four Sneaky Attacker Evasion Techniques You Should Know About - Jan Geisbauer at Empty Datacenter
Jumphost Security - Jeffrey Appel
Microsoft Defender for Endpoint series – What is Defender for Endpoint? – Part1 - Buckaroo at Lab52
NATO Summit 2022: The perfect pretext to launch a cybercampaign - MDSec
Altiris Methods for Lateral Movement - MII Cyber Security
- Elli at Misconfig
Code Execution – Attack & Defend with MDE - Olaf Hartong at Falcon Force
Microsoft Defender for Endpoint Internals 0x03 — MDE telemetry unreliability and log augmentation - Mike Harbison and Peter Renals at Palo Alto Networks
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors - Phish Report
Indicator Of Kit - Peter Mueller at Praetorian
Multi-Step Attack Vectors: When Vulnerabilities Form an Attack Chain - Red Alert
Monthly Threat Actor Group Intelligence Report, May 2022 (ENG) - SANS Internet Storm Center
- 7-Zip & MoW, (Sun, Jul 3rd)
- 7-Zip & MoW: “For Office files”, (Mon, Jul 4th)
- EternalBlue 5 years after WannaCry and NotPetya, (Tue, Jul 5th)
- How Many SANs are Insane?, (Wed, Jul 6th)
- Emotet infection with Cobalt Strike, (Thu, Jul 7th)
- ISC Website Redesign, (Fri, Jul 8th)
- 7-Zip Editing & MoW, (Sat, Jul 9th)
- Security Investigation
- Pedro Tavares at Segurança Informática
- Tom Hegel at SentinelLabs
Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs - Sky Blueteam
Detecting CVE-2022-0847 exploitation - SOC Fortress
- Will Schroeder at SpecterOps
Koh: The Token Stealer - Mohit Jawanjal at Sucuri
Top 5 Most Common WordPress Malware Infections: An Anatomy Lesson - Miguel Hernández at Sysdig
How attackers use exposed Prometheus server to exploit Kubernetes clusters - TrustedSec
- Rob Sobers at Varonis
86 Ransomware Statistics, Data, Trends, and Facts [updated 2022]
UPCOMING EVENTS
- Paul Lorentz at Cellebrite
Premium Mid Year Update Webinar - Cybereason
- Megan Roddie at SANS
Introducing the Enterprise Cloud Forensics & Incident Response Poster
PRESENTATIONS/PODCASTS
- Black Hills Information Security
AASLR: Job Hunting With Jason and Serena - Cellebrite
- Cloud Security Podcast by Google
EP73 Your SOC Is Dead? Evolve to Output-driven Detect and Respond! - DFIRScience
🇺🇳 Africa DFIR CTF Award Ceremony 🎉 - Digital Forensic Survival Podcast
DFSP # 333 – Mac Autoruns - Elastic
End to End Incident Response Using Elastic Security - InfoSec_Bret
SA – SOC169-119 – Possible IDOR Attack Detected - Masters in I.T
A talk on Digital Forensics & Cyber crime with Lt Col Santosh Khadsare | Digital Forensics in Hindi - MSAB
- OALabs
Understanding Pointers for Reverse Engineers – Pointer Basics in Assembly [ Patreon Unlocked ] - Richard Davis at 13Cubed
Vote for 13Cubed! #Shorts - SANS Cloud Security
- SANS Institute
- The Defender’s Advantage Podcast
Bonus: Securing OT/ICS Systems with Nozomi Networks - This Week In 4n6
This Month In 4n6 – June – 2022
MALWARE
- ASEC
- Anandeshwar Unnikrishnan, Rishika Desai, and Benila Susan Jacob at CloudSEK
YourCyanide: An Investigation into ‘The Frankenstein’ Ransomware that Sends Malware Laced Love Letters - Fortinet
- Igor Skochinsky at Hex Rays
- David Ledbetter at InQuest
From Automated Twitter Post to Decoded Shellcode - Nicole Fishbein at Intezer
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow - Shusei Tomonaga at JPCERT/CC
- Karlo Licudine at AccidentalRebel
- Malvuln
Lockbit 3.0 / Code Execution Vulnerability - Malware Hell
- Microsoft Security
Hive ransomware gets upgrades in Rust - Morphisec
Infostealer Comparison: Top Stealers in 2022 - OALABS Research
Lockbit 3.0 Ransomware Triage - Pete Cowman at Hatching
Acquisition News and Detection Updates - petikvx
- Karlo Zanki at ReversingLabs
Update: IconBurst NPM software supply chain attack grabs data from apps and websites - Robert Giczewski
- S2W Lab
变脸, Teng Snake (a.k.a. Code Core) - Sergey Anufrienko at Securelist
Dynamic analysis of firmware components in IoT devices - Phil Stokes and Dinesh Devadoss at SentinelOne
From the Front Lines | New macOS ‘covid’ Malware Masquerades as Apple, Wears Face of APT - Silas Cutler at Stairwell
Threat report: Maui ransomware - StupidBird-Code
lockbit3.0_decrypt.py - Trend Micro
- Nipun Gupta at Zimperium
ABCsoup: The Malicious Adware Extension with 350 Variants
MISCELLANEOUS
- Alexis Brignoni at ‘Initialization Vectors’
4Cast Awards 2022 voting in progress… - Belkasoft
Android APK Downgrade Troubleshooting - Cellebrite
- Forensic Focus
- Cellebrite’s Monica Harris on Achieving Balance in Corporate Investigations and E-Discovery
- Digital Intelligence Joins Forces with Detego for a Global Webinar Series
- Why a UK Police Force Adopted Frontline Solutions From MSAB
- Extraction and Analysis of Retrievable Memory Artifacts From Windows Telegram Desktop Application
- The Best Forensic Tool to Extract and Analyze Data of Drone/UAVs
- Koen Van Impe
Cyberweapons Arms Race - Magnet Forensics
Automating Legal Hold Requests With Remote Collections in Magnet AUTOMATE Enterprise - Mail Xaminer
Digital Evidence Collection In Cyber Security - Pavel Zeman at Red Canary
What software engineers should know before joining Red Canary - Ryan Campbell at ‘Security Soup’
Weekly News Roundup — July 3 to July 9 - Salvation DATA
- SANS
- Month of PowerShell: Getting Object Properties for Windows Service Dependencies
- Month of PowerShell – Profile Hack for Easy Base64 Encoding and Decoding
- Month of PowerShell: Getting Object Properties for Windows Service Dependencies
- Month of PowerShell: Abusing Get-Clipboard
- Month of PowerShell: Cut a Column of Text
- Month of PowerShell: The Power of $PROFILE
- Month of PowerShell: String Substitution
- Instructor Spotlight: Ritu Gill
- Satisfy Your Security Awareness Craving with Snack Attack
- How do you learn best?
- Sam Discavage at Secureworks
All About the Details: How Small Things Change Everything in a SOC - Michael Hale Ligh at Volatility Labs
The 10th Annual Volatility Plugin Contest! - Xavier Mertens at /dev/random
Pass-The-Salt 2022 Wrap-Up
SOFTWARE UPDATES
- Capa
v3.2.1 - Cellebrite
Now Available: Cellebrite Digital Collector 3.4 - CyberChef
v9.46.0 - Doug Burks at Security Onion
Get ready for Security Onion 2.3.140! - Elcomsoft
Elcomsoft iOS Forensic Toolkit 7.50 closes the gap in keychain extraction - Eric Zimmerman
ChangeLog - ExifTool
ExifTool 12.43 - hashlookup
hashlookup-forensic-analyser version 1.1 released - Hex Rays
Vulnerability fix 2022-07-07 - Immersive Labs Sec
BruteRatel-DetectionTools - IntelOwl
v4.0.1 - MSAB
New release: XRY 10.2, XAMN 7.2 and XEC 7.2 - radare2
5.7.4 - Serviço de Perícias em Informática
IPED Digital Forensic Tool - Smart Projects
IsoBuster 5.0 released - Tap-IR
Trustable Artificats Parser for Incident Response - Xways
X-Ways Forensics 20.6 Beta 2
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 