As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Jessica Hyde at Hexordia
  Creating Synthetic Test Data
  
  
• Asger S
  Geolocating IP addresses in Velociraptor
  
  
• Gary Warner at CyberCrime & Doing Time
  Three UK-based Nigerian BEC Scammers Used Construction Intelligence Service to Target Victims
  
  
• Joshua I. James at DFIRScience
  Modular artifact scripts coming to iLEAPP
  
  
• Muhammed Aygün
  BAM/DAM Analizi
  
  
• N00b_H@ck3r
  LetsDefend: Memory Dumper
  
  
• Oxygen Forensics
  Extract Data from OnlyFans App with Oxygen Forensic® Cloud Extractor
  
  
• Salvation DATA
  Cookie File Forensics: Types and Directives Explained
  
  
• The DFIR Report
  BumbleBee Roasts Its Way to Domain Admin
  

THREAT INTELLIGENCE/HUNTING

• Advanced Intelligence, LLC
  “BazarCall” Advisory: The Essential Guide to Call Back Phishing Attacks that Revolutionized the Data
  
  
• Amalul Arifin
  ARP Attack, Detection Using Traffic Analysis Tools
  
  
• Anomali
  Anomali Cyber Watch: RapperBot Persists on SSH Servers, Manjusaka Attack Framework Tested in China, BlackCat/DarkSide Ransom Energy Again, and More
  
  
• Andrew Cormack at APNIC
  The future of automated incident response
  
  
• AT&T Cybersecurity
  Stories from the SOC – Credential compromise and the importance of MFA
  
  
• Avast Threat Labs
  Avast Q2/2022 Threat Report
  
  
• Avertium
  An In-Depth Look at the APT, Evilnum
  
  
• Chris Furner at Blumira
  How To Detect Microsoft Legacy Authentication With Blumira 
  
  
• Brad Duncan at Malware Traffic Analysis
  • 2022-08-08 – IcedID (Bokbot) with Cobalt Strike
  • 2022-08-03 – IcedID (Bokbot) with Cobalt Strike
    
    
• BushidoToken
  Unravelling a Mimikatz campaign
  
  
• CERT Ukraine
  Кібератаки групи UAC-0010 (Armageddon): шкідливі програми GammaLoad, GammaSteel (CERT-UA#5134)
  
  
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 06 – 12 agosto 2022
  
  
• Check Point Research
  • CloudGuard Spectral detects several malicious packages on PyPI – the official software repository for Python developers
  • 8th August – Threat Intelligence Report
  • July 2022’s Most Wanted Malware: Emotet Takes Summer Vacation but Definitely Not ‘Out-of-Office’
    
    
• Onur Mustafa Erdogan at Cisco
  Raspberry Robin: Highly Evasive Worm Spreads over External Disks
  
  
• Cisco’s Talos
  • Small-time cybercrime is about to explode — We aren’t ready
  • Threat Source newsletter (Aug. 11, 2022) — All of the things-as-a-service
  • Threat Roundup for August 5 to August 12
    
    
• Cloudbrothers
  Microsoft Defender for Endpoint Device Health
  
  
• Noel Varghese at CloudSEK
  Multiple Threat Actors Exploiting EDRs to Acquire Sensitive Information
  
  
• Corelight
  Detecting CVE-2022-30216: Windows Server Service Tampering
  
  
• Benoit Ancel at CSIS
  Inside view of BraZZZerSFF infrastructure
  
  
• Reza Rafati at Cyberwarzone
  • Litebit warned about this phishing attack
  • Shodan queries list for Threat Hunters (2022)
  • FBI Cyber division: Zeppelin ransomware advisory [+download]
    
    
• Cyble
  • Onyx Ransomware Renames its Leak Site To “VSOP”
  • Exposed VNC a major threat to Critical Infrastructure Sectors
    
    
• Cyborg Security
  Red Team Tools
  
  
• Darktrace
  • Threat Actor Tactics in the Russo-Ukrainian Conflict: Analyst Observations and Predictions
  • Bytesize Security: HTML Phishing Attachments
    
    
• Josh Hanrahan at Dragos
  How Adversaries Use Spear Phishing to Target Engineering Staff
  
  
• Esentire
  Redline Stealer Disguised as AnyDesk Software
  
  
• Przemyslaw Klys at Evotec
  Working with VirusTotal from PowerShell
  
  
• Group-IB
  Challenge accepted
  
  
• Nic Finn at GuidePoint Security
  GRIT Ransomware Report: July 2022
  
  
• HP Wolf Security
  HP Wolf Security Threat Insights Report Q2 2022
  
  
• Denis Nagayuk at Hunt & Hackett
  Concealed code execution: Techniques and detection
  
  
• Rachel Bishop at Huntress
  Don’t Get Schooled: How to Catch a Phish
  
  
• Intel471
  • Using cybercrime as cover: How Conti operators are lying low
  • Why cybercriminals are flocking to Telegram
  • Five takeaways from Intel 471’s first Annual Threat Report
  • How cybercriminals are using messaging apps to launch malware schemes
    
    
• Ismael Valenzuela at Blackberry
  Black Hat Look-Back: Linux Implants – A Silent, Long-Living Threat
  
  
• Jamf
  What is threat hunting?
  
  
• Ken Towne at AttackIQ
  • Response to US-CERT Alert (AA22-216A): Testing Security Controls against 2021’s Top Malware Strains
  • Response to US-CERT Alert (AA22-223A): Testing Security Controls against Zeppelin Ransomware 
    
    
• Koen Van Impe at MISP
  MISP web scraper
  
  
• Max Groot and Ruud van Luijk at NCC Group
  Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study 
  
  
• Florian Roth at Nextron Systems
  Antivirus Event Analysis Cheat Sheet v1.10.0
  
  
• Anthony Paimany, Jon Goodgion, Mason Davis, Matt Jackoski, Nate Kirk, and Walter Sagehorn at Praetorian
  Thinking Outside the Mailbox: Modernized Phishing Techniques
  
  
• Sathwik Ram Prakki at Quick Heal
  Indian Power Sector targeted with latest LockBit 3.0 Variant
  
  
• Recorded Future
  • Fraud Teams Need Intelligence, Too
  • Automating Threat Intelligence Actions With Splunk SOAR Playbooks
    
    
• Red Alert
  Monthly Threat Actor Group Intelligence Report, June 2022 (ENG)
  
  
• Red Canary
  • I got an alert, now what?
  • Your Linux data in one location
    
    
• Resecurity
  • Vulnerabilities In E-Commerce Solutions – Hunting On Big Apples
  • LogoKit Update – The Phishing Kit Leveraging Open Redirect Vulnerabilities
    
    
• ReversingLabs
  How to Hunt for Ransomware with Combined PAN XSOAR Integrations
  
  
• Romaissa Adjailia
  Diving in AppLocker for Blue Team — Part 2
  
  
• SANS Internet Storm Center
  • JSON All the Logs!, (Mon, Aug 8th)
  • InfoStealer Script Based on Curl and NSudo, (Thu, Aug 11th)
  • And Here They Come Again: DNS Reflection Attacks, (Wed, Aug 10th)
  • Phishing HTML Attachment as Voicemail Audio Transcription, (Sat, Aug 13th)
    
    
• Securelist
  • Targeted attack on industrial enterprises and public institutions
  • Andariel deploys DTrack and Maui ransomware
  • VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
  • OpenTIP, command line edition
    
    
• Security Investigation
  • Chinese New Backdoor Deployed For Cyberespionage​
  • Public Exploit Available for Critical VMware Bug CVE-2022-31656
  • Cuba Ransomware Uses New RAT Malware
    
    
• Sila Ozeren at Picus Security
  • Process Injection: Portable Executable Injection — MITRE ATT&CK Spotlight
  • Process Injection — MITRE ATT&CK Spotlight
  • Process Injection: Dynamic-link Library Injection — MITRE ATT&CK Spotlight
  • Process Injection: ListPlanting — MITRE ATT&CK Spotlight
  • Process Injection: Ptrace System Calls — MITRE ATT&CK Spotlight
  • Process Injection: Thread Local Storage — MITRE ATT&CK Spotlight
  • Process Injection: Asynchronous Procedure Call — MITRE ATT&CK Spotlight
  • Process Injection: Thread Execution Hijacking — MITRE ATT&CK Spotlight
  • Process Injection: Proc Memory — MITRE ATT&CK Spotlight
  • MITRE ATT&CK Process Injection: Extra Window Memory Injection
  • MITRE ATT&CK Process Injection: Process Hollowing
  • MITRE ATT&CK Process Injection: Process Doppelgänging
  • MITRE ATT&CK Process Injection: VDSO Hijacking
    
    
• Sophos
  • Multiple attackers increase pressure on victims, complicate incident response
  • Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack
  • The State of Ransomware in Financial Services 2022
    
    
• Jared Atkinson at SpecterOps
  On Detection: Tactical to Functional
  
  
• Sucuri
  • Fake Instagram Verification & Twitter Badge Phishing
  • The Importance of Website Logs
    
    
• Sysdig
  • Cryptominer detection: a Machine Learning approach
  • Detect cryptojacking with Sysdig’s high-precision machine learning
    
    
• Telsy
  The Lateral Movement
  
  
• Trend Micro
  • Oil and Gas Cybersecurity: Industry Overview Part 1
  • Improve Threat Detection & Response with OCSF
  • Oil and Gas Cybersecurity: Threats Part 2
    
    
• Volexity
  Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925
  
  
• Walmart
  • Pivoting on a SharpExt to profile Kimusky panels for great good
  • State of the RAT, Part 1
    
    
• ZScaler
  • AiTM phishing attack targeting enterprise users of Gmail
  • The Lifecycle of a Malicious Attack
    

UPCOMING EVENTS

• Cellebrite
  • Cellebrite UFED Cloud: Private and Public Extractions Pt. 2
  • Cellebrite Collect and Review solutions updates
  • We’re Not in Document Land Anymore: What Legal Professionals Need to Know About Modern Data Collections
    
    
• DFIRScience
  • Digital Forensics and the Military – Interview with Andrew Lister
  • Forensic 4:Cast Awards – The real award is DFriends we made along the way
    
    
• Magnet Forensics
  Cyber Regulations and the Effects on Financial Services
  
  
• Rodman Ramezanian at Skyhigh Security
  Learning from Lapsus$
  
  
• SANS Institute
  Changing the Paradigm of Cyber Risk Oversight
  

PRESENTATIONS/PODCASTS

• Belkasoft
  BelkaCTF #5 Solutions Video: PARTY GIRL—MISSING
  
  
• Black Hills Information Security
  • Windows Event Logs for Red Teams
  • BHIS – Talkin’ Bout [infosec] News 2022-08-08
  • AASLR: OpenSBK— Training, Openness, & Moving Forward | Kevin Johnson
  • Accelerate Finding and Developing Talented InfoSec Team Members
  • AASLR: Live With John Strand.
  • How to Accelerate Finding and Professionally Developing Talented InfoSec Team Members | Kip Boyle
    
    
• BlueMonkey 4n6
  How to create a bootable USB with persistent partition – CAINE distro
  
  
• Brakeing Down Security Podcast
  Amanda’s Sysmon Talk -p1
  
  
• Cloud Security Podcast by Google
  EP78 Classic SOC Meets Cloud: What Changes? What Stays the Same?
  
  
• Cosive
  What Goes Wrong in Threat Intel Programs – with Kayne Naughton
  
  
• Cybereason
  Malicious Life Podcast: Operation Trojan Shield – Designed by Criminals for Criminals
  
  
• Digital Forensic Survival Podcast
  DFSP # 338 – Taskers
  
  
• InfoSec_Bret
  • DFIR – Memory Analysis
  • InfoSec_Bret Talking Process Tree Investigation
    
    
• John Hubbard at ‘The Blueprint podcast’
  Cat Self: macOS and Linux Security
  
  
• Magnet Forensics
  • Top Cyber Threats to Financial Services & How to Rapidly Investigate with Digital Forensic Solutions
  • Best Practices for Digital Forensics Workflow Orchestration & Automation
  • Tips & Tricks // Instantly Search and Filter a Target Endpoint with AXIOM Cyber
    
    
• Malvuln
  BlueSky Ransomware / Arbitrary Code Execution Vulnerability
  
  
• Paraben Corporation
  E3 Remote Cloud Collector
  
  
• Uri Dorot at Radware
  A Radware Minute – New Video Series
  
  
• SANS Cloud Security
  Quick Wins in Cloud Compliance: AWS
  
  
• SANS Institute
  Kaseya Ransomware Reaction – Lessons Learned
  
  
• StealthBay
  Podcast Episode 3 – Learning About Purple Teaming
  
  
• Stephen Hasford
  Incident Response using IBM QRadar – Walkthrough
  
  
• The Defender’s Advantage Podcast
  Threat Trends: Building Cyber Resiliency Within Financial Services with FS-ISAC
  

MALWARE

• Abdallah Elshinbary
  YARA for config extraction
  
  
• ASEC
  Monero CoinMiner Being Distributed via Webhards
  
  
• Erik Pistelli at Cerbero
  Sample Downloader Package
  
  
• Cleafy
  SOVA malware is back and is evolving rapidly
  
  
• Tristan Madani at Cybereason
  Rundll32: The Infamous Proxy for Executing Malicious Code
  
  
• Cyble
  • Bitter APT group using “Dracarys” Android Spyware
  • MikuBot Spotted In The Wild
    
    
• Eclypsium
  One Bootloader to Load Them All
  
  
• Fortinet
  • Life After Death—SmokeLoader Continues to Haunt Using Old Vulnerabilities
  • The Swan Song for Driver Signature Enforcement Tampering
    
    
• Igor Skochinsky at Hex Rays
  Igor’s tip of the week #102: Resetting decompiler information
  
  
• Karlo Licudine at AccidentalRebel
  Malware sandbox evasion in x64 assembly by checking ram size – Part 1
  
  
• Malcat
  LNK forensic and config extraction of a cobalt strike beacon
  
  
• Microsoft Security Response Center
  Microsoft Office to publish symbols starting August 2022
  
  
• Hido Cohen and Arnold Osipov at Morphisec
  APT-C-35: New Windows Framework Revealed
  
  
• Palo Alto Networks
  • Novel News on Cuba Ransomware aka Greetings From Tropical Scorpius
  • BlueSky Ransomware: Fast Encryption via Multithreading
    
    
• Pete Cowman at Hatching
  Triage Thursday Ep. 83
  
  
• petikvx
  • Babuk Ransomware
  • Sage 2.2 Ransomware
    
    
• Brett Hawkins at Security Intelligence
  Controlling the Source: Abusing Source Code Management Systems
  
  
• Sekoia
  LuckyMouse uses a backdoored Electron app to target MacOS
  
  
• Ax Sharma at Sonatype
  PyPI Package ‘secretslib’ Drops Fileless Linux Malware to Mine Monero
  
  
• Tony Lambert
  Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)
  
  
• Trend Micro
  • CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies
  • Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users
    

MISCELLANEOUS

• abuse.ch
  abuse.ch appoints Spamhaus as a licensee to secure its future
  
  
• Belkasoft
  Trusted digital forensic solutions from Grayshift and Belkasoft help ensure public safety
  
  
• Cellebrite
  • eDiscovery Forensics Spotlight: Joe Pochron, Ernst & Young
  • Cellebrite Announces Second Quarter 2022 Results
    
    
• Craig Ball at ‘Ball in your Court’
  Clarify Requests for Native ESI
  
  
• Brett Shavers at DFIR.Training
  Networking is way more than connecting computers together
  
  
• Michael Karsyan at Event Log Explorer blog
  Event Log Explorer Forensic Edition – Snapshots
  
  
• Forensic Focus
  • UCD’s Prof. Liliana Pasquale on Filling the Cybersecurity Talent Gap
  • Brazil Police Use Oxygen Forensic® Detective to Solve Car Robbery Case
  • A Survey on the State of Video Forensics In 2022
    
    
• Bill Cozens at Malwarebytes Labs
  Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR
  
  
• Paraben Corporation
  Cornerstones of a good digital forensics’ lab
  
  
• Rapid7
  • 6 Reasons Managed Detection and Response Is Hitting Its Stride
  • Navigating the Evolving Patchwork of Incident Reporting Requirements
    
    
• SANS
  NEW DFIR COURSE DEVELPOMENT SURVEY | FOR478
  
  
• Bernardo Quintero at VirusTotal
  VirusTotal += Google
  

SOFTWARE UPDATES

• Amped
  Amped FIVE Update 25587: Faster Video Decoding, New Import Options, and Much More
  
  
• Cado Security
  Cado Security Launches Free Community Edition  
  
  
• Capa
  v4.0.0
  
  
• Federico Lagrasta
  PersistenceSniper v1.3.1
  
  
• MISP
  MISP 2.4.161 released with small improvements and bugs fixed
  
  
• OpenText
  • What’s new in OpenText EnCase Endpoint Investigator
  • What’s new in OpenText EnCase Forensic
    
    
• OSForensics
  V10.0 Build 1003 9th August 2022
  
  
• Regipy
  3.1.0
  
  
• Trellix
  DotDumper
  
  
• Willi Ballenthin, Moritz Raabe, Mike Hunhoff, and Anushka Virgaonkar at Mandiant
  capa v4: casting a wider .NET
  
  
• Xways
  Viewer Component
  
  
• YARA
  v4.2.3
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!