As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Belkasoft
  SQLite Forensics with Belkasoft X
  
  
• Cyber Triage
  What is a Windows Recents Folder Artifact?
  
  
• Joshua I. James at DFIRScience
  iLEAPP and RLEAPP updates and dev thoughts
  
  
• Elcomsoft
  • Probing Linux Disk Encryption: LUKS2, Argon 2 and GPU Acceleration
  • Breaking Windows Passwords: LM, NTLM, DCC and Windows Hello PIN Compared
    
    
• Erik Hjelmvik at Netresec
  What is PCAP over IP?
  
  
• Forensafe
  Last Shutdown
  
  
• Kevin Pagano at Stark 4N6
  Hitchhiker’s Guide to DFIR v1 Officially Released!
  
  
• Koen Van Impe
  Down the Chainsaw path to analyse Windows Event logs
  
  
• Korstiaan Stam at ‘Invictus Incident Response’
  Automated Forensic analysis of Google Workspace
  
  
• Salvation DATA
  DVR Data Recovery: Key Points to Remember
  
  
• SANS
  A Visual Summary of SANS DFIR Summit 2022
  
  
• SANS
  SANS DFIR Cheatsheet Booklet
  
  
• Teri Radichel
  CloudTrail Does Not Log IAM Access Key Actions in the Region Where Actions Were Executed (unless…
  
  
• Kody Kinzie at Varonis
  How to Use Wireshark: Comprehensive Tutorial + Tips
  
  
• We are OSINTCurio.us
  I Do NOT Want To Visit This Website
  

THREAT INTELLIGENCE/HUNTING

• Wietze
  Save the Environment (Variable)
  
  
• Anomali
  Anomali Cyber Watch: Ransomware Module Added to SOVA Android Trojan, Bitter APT Targets Mobile Phones with Dracarys, China-Sponsored TA428 Deploys Six Backdoors at Once, and More
  
  
• Antoine Cailliau
  • Introducing SynSharp
  • Developing Sigma rules with Chainsaw
  • Creating EVTX for malicious activity
    
    
• Avertium
  An In-Depth Look at Quantum Ransomware
  
  
• Maitreya Ranganath and Mark Keating at AWS Security
  How to detect suspicious activity in your AWS account by using private decoy resources
  
  
• Blackberry
  • Luca Stealer Targets Password Managers and Cryptocurrency Wallets
  • Black Hat Look-Back: Linux Implants – A Silent, Long-Living Threat
  • Top 11 Malware Strains of 2021 — And How to Stop Them
    
    
• BleepingComputer
  • BlackByte ransomware gang is back with new extortion tactics
  • North Korean hackers use signed macOS malware to target IT job seekers
  • Microsoft Sysmon can now block malicious EXEs from being created
    
    
• Brad Duncan at Malware Traffic Analysis
  • 2022-08-10 – Three Cobalt Strikes from one IcedID (Bokbot) infection
  • 2022-08-19 – Files for an ISC diary (Astaroth/Guildma)
  • 2022-08-18 – IcedID (Bokbot) infection
    
    
• BushidoToken
  Analysis of the emerging Darth Maul eCrime Market
  
  
• CERT-AGID
  • In corso campagne di Phishing a tema Assegno Unico INPS
  • Sintesi riepilogativa delle campagne malevole nella settimana del 13 – 19 agosto 2022
    
    
• Check Point Research
  15th August – Threat Intelligence Report
  
  
• Cisco’s Talos
  • Ukraine war spotlights agriculture sector’s vulnerability to cyber attack
  • Threat Source newsletter (Aug. 18, 2022) — Why aren’t Lockdown modes the default setting on phones?
  • Threat Roundup for August 12 to August 19
    
    
• CloudSEK
  ID Card Printing Scams Orchestrated by UP-Based Group Defrauds the Indian Public
  
  
• Greg Darwin at Cobalt Strike Research and Development
  Cobalt Strike 4.7: The 10th Anniversary Edition
  
  
• CTF导航
  ICEID恶意软件分析
  
  
• Cyber&Ramen
  Analyzing Manjusaka Infrastructure
  
  
• Cybereason
  THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
  
  
• Mark Tsipershtein at Cybereason
  THREAT ALERT: Inside the Redeemer 2.0 Ransomware
  
  
• Daniel Wyleczuk-Stern
  Scheduled Queries vs Real Time Rules – A Guide For Detection Engineers
  
  
• Christophe Tafani-Dereeper at Datadog Security Labs
  Introducing Threatest, a Go framework for end-to-end testing of threat detection rules
  
  
• Shaul Vilkomir-Preisman at Deep Instinct
  Beating Black Basta Ransomware
  
  
• DomainTools
  A Sticky Situation Part 2
  
  
• Esentire
  NJRAT Comes Disguised as Video Streaming Software
  
  
• Dan Whalen and Peter Silberman at Expel
  How we built it: Alert Similarity
  
  
• Shunichi Imano and James Slaughter at Fortinet
  Ransomware Roundup: Gwisin, Kriptor, Cuba, and More
  
  
• Fourcore
  Detection Engineering With MITRE Top Techniques & Atomic Red Team
  
  
• Group-IB
  • Switching side jobs
  • APT41 World Tour 2021 on a tight schedule
    
    
• Hornet Security
  Email Threat Review Juli 2022
  
  
• Avigayil Mechtinger at Intezer
  macOS Threats: Automate Mac Alert Triage with Intezer
  
  
• Jeffrey Appel
  How works Microsoft Defender Threat Intelligence / Defender TI – and what is the difference between free and paid
  
  
• Jonathan Johnson
  WMI Internals Part 2
  
  
• Malwarebytes Labs
  • Viral video drives malvertising on social media platform
  • Ransomwater confusion, does the criminal know who the victim is?
  • Business Services industry targeted across the country for backdoor access
  • JSSLoader: the shellcode edition
  • Spying on the spies. See what JavaScript commands get injected by in-app browsers
    
    
• Mandiant
  • You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
  • Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
    
    
• Mark Jaffe at Illusive Networks
  What is ITDR? How to Prevent and Detect Identity Threats
  
  
• Microsoft Security
  • Disrupting SEABORGIUM’s ongoing phishing operations
  • Hardware-based threat defense against increasingly complex cryptojackers
    
    
• MikeCyberSec
  Scaling your SOC startup with LimaCharlie.io
  
  
• Ross Inman at NCC Group
  Back in Black: Unlocking a LockBit 3.0 Ransomware Attack 
  
  
• Netherlands National Cyber Security Centre
  Ransomware incident response plan
  
  
• PhishLabs
  • Response-Based Email Threats Targeting Corporate Inboxes Are The Highest Since 2020, According To HelpSystems’ Latest Agari And PhishLabs Report
  • Report: Quarterly Threat Trends & Intelligence – August 2022
    
    
• Proofpoint
  Reservations Requested: TA558 Targets Hospitality and Travel 
  
  
• Daniel Smith at Radware
  The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape
  
  
• Rahmat Nurfauzi
  Mendeteksi dan Merespon Serangan Terhadap Microsoft Exchange
  
  
• Caitlin Condon at Rapid7
  Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
  
  
• Recorded Future
  RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations Report
  
  
• Red Canary
  • Stop account compromise with Red Canary MDR and Okta
  • Intelligence Insights: August 2022
    
    
• Resecurity
  Cybercriminals Are Targeting Law Enforcement Agencies Worldwide
  
  
• SANS Internet Storm Center
  • Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255, (Sun, Aug 14th)
  • VBA Maldoc & UTF7 (APT-C-35), (Tue, Aug 16th)
  • A Quick VoIP Experiment, (Wed, Aug 17th)
  • Apple Patches Two Exploited Vulnerabilities, (Wed, Aug 17th)
  • Honeypot Attack Summaries with Python, (Thu, Aug 18th)
  • Brazil malspam pushes Astaroth (Guildma) malware, (Fri, Aug 19th)
  • Windows Security Blocks UPX Compressed (packed) Binaries, (Fri, Aug 19th)
  • YARA 4.2.3 Released, (Sat, Aug 20th)
    
    
• Security Intelligence
  • X-Force 2022 Insights: An Expanding OT Threat Landscape
  • How to Remediate a Cross-Site WebSocket Vulnerability
  • From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
    
    
• Security Investigation
  Raccoon Infostealer Malware Returns with New TTPS – Detection & Response
  
  
• SentinelOne
  • Detecting a Rogue Domain Controller – DCShadow Attack
  • More Evil Markets | How It’s Never Been Easier To Buy Initial Access To Compromised Networks
  • Chronicle of an Identity-Based Attack | Singularity™ Identity vs. Cisco Breach
    
    
• SOC Fortress
  • FREE Wazuh Advanced Wazuh Detection Rules
  • Wazuh SIEM Integrations (III) — Microsoft Defender for Endpoint
    
    
• Sean Gallagher at Sophos
  Cookie stealing: the new perimeter bypass
  
  
• SpecterOps
  • On Detection: Tactical to Functional – Part 4: Compound Functions
  • On Detection: Tactical to Functional – Part 5: Expanding the Operation Graph
    
    
• Sucuri
  • SocGholish: 5+ Years of Massive Website Infections
  • Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads
    
    
• Symantec Enterprise
  Shuckworm: Russia-Linked Group Maintains Ukraine Focus
  
  
• Trend Micro
  • Oil and Gas Cybersecurity: Recommendations Part 3
  • What Exposed OPA Servers Can Tell You About Your Applications
  • Protecting S3 from Malware: The Cold Hard Truth
  • Analyzing the Hidden Danger of Environment Variables for Keeping Secrets
  • Business Email Compromise Attack Tactics
    
    
• Troy Lainhoff at Microsoft
  Using Microsoft Security APIs for Incident Response – Part 1
  
  
• Trustwave SpiderLabs
  Overview of the Cyber Weapons Used in the Ukraine – Russia War
  
  
• Vicente Díaz at VirusTotal
  Hunting Follina
  
  
• Z0ldyck
  Abusing ISO/IMG Files
  
  
• Niraj Shivtarkar at ZScaler
  Grandoreiro Banking Trojan with New TTPs Targeting Various Industry Verticals
  

UPCOMING EVENTS

• Cellebrite
  Making Digital Forensic Work Easier – New Updates for UFED and Physical Analyzer Ultra
  
  
• Cybereason
  Webinar August 25th 2022: Leveraging MITRE ATT&CK to Bolster Your Security
  
  
• Magnet Forensics
  • The Basics of Digital Image and Video Compression
  • Investigate Malware & Ransomware with Speed and Efficiency
  • Tips & Tricks // Acquiring Data from the Cloud
    
    
• SANS
  SANS Threat Analysis Rundown (STAR) | Live Stream
  

PRESENTATIONS/PODCASTS

• ArcPoint Forensics
  UNALLOCATED SPACE S1: EP10 Alexis Brignoni
  
  
• Black Hills Information Security
  • AASLR: What I Learned at Defcon 30, with Nathan Sweaney
  • AASLR: Hunting Secrets with Paramalyzer | Jason Gillam
  • Talkin’ About Infosec News – 8/18/2022
    
    
• Blue Team Village
  DEFCON 30
  
  
• Brakeing Down Security Podcast
  Amanda’s Sysmon Talk -p2
  
  
• Breaking Badness
  128. Black Hat Trick
  
  
• Cellebrite
  • New Tips And Tricks Section in Updated Cellebrite Physical Analyzer
  • How to Leverage Google Cloud Data Collection for Investigative Information – Physical Analyzer
  • How To Use The Open Advanced Feature In Cellebrite Physical Analyzer
  • How to Lawfully Collect the Maximum Amount of Data From Android Devices
  • How to Create a New Lab Submission In Cellebrite Guardian – Part 2
  • How to Create a New Lab Submission in Cellebrite Guardian – Part 1
  • How to Use the New File System View in Physical Analyzer Ultra
    
    
• CyberRaiju
  Fortnite hackers, GET HACKED? Redline Stealer MALWARE ANALYSIS
  
  
• Detection: Challenging Paradigms
  Episode 26: Jamie Williams (Pt. 2)
  
  
• DFIRScience
  • What data can you find in RAM?
  • Digital Forensics and the Military – Interview with Andrew Lister
    
    
• Digital Forensic Survival Podcast
  DFSP # 339 – That SUDO that you do
  
  
• FIRST
  FIRSTCON 2022
  
  
• Heather Mahalik at Cellebrite
  • How To Get the Most Out Of The Support Area Of The Cellebrite Community Portal – Part 2
  • How to Leverage Google Cloud Data Collection for Investigative Information – Physical Analyzer
  • New Tips And Tricks Section in Updated Cellebrite Physical Analyzer
    
    
• InfoSec_Bret
  IR – SOC174-124 – DogWalk 0-Day Activity
  
  
• Joe Słowik
  Thrice Is Nice: Ukraine In Review
  
  
• John Hammond
  • Can you DISABLE Windows Defender Antivirus?
  • PERMANENTLY TURN OFF Windows Defender on Windows 11
    
    
• John Hubbard at ‘The Blueprint podcast’
  Alexia Crumpton: MITRE ATT&CK for Defenders
  
  
• Journey Notes
  New webinar: Understand and defeat website supply-chain attacks
  
  
• Magnet Forensics
  • Magnet DVR Examiner Features You May be Missing
  • Using Associations in Magnet DVR Examiner
    
    
• Mike Cohen at Rapid7
  https://docs.velociraptor.app/presentations/2022_sans_summit/
  
  
• RickCenOT
  BREAKDOWN Realistic Pentest of a Beckhoff Industrial Control System CX-9001 (open Source Tools)
  
  
• SANS Institute
  • Ransomware Summit 2022
  • SANS Netwars Core Tournament Version 8 Demo
  • SANS Cyber Solutions Fest 2022 – Track: Ransomware
  • SANS Cyber Solutions Fest 2022 – Track: SOC & SOAR
  • SANS Cyber Solutions Fest 2022 – Track: Cloud Security
  • SANS Cyber Solutions Fest 2022 – Track: Threat Hunting & Intelligence
  • Phase 3: Finish Strong
  • Phase 1: On Your Marks
  • Phase 2: Accelerate and Glide
    
    
• Sumuri
  SUMURI Podcast Episode 013 – RECON ITR Now Supporting M2 Macs!
  
  
• The Defender’s Advantage Podcast
  Skills Gap: Building a Successful Security Operations Team
  

MALWARE

• Any.Run
  Malware Analysis Report in One Click
  
  
• ASEC
  • ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022)
  • ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022)
    
    
• c3rb3ru5d3d53c
  • [37] Malware Theory – Pointers
  • [38] Malware Theory – The Stack
  • [39] Malware Theory – Heap, Segment Registers, Memory Layout, TEB/TIB and the PEB
    
    
• Cyble
  • Phishing Site used to Spread Typhon Stealer
  • MasterFred Using Gymdrop to Distribute Xenomorph Android Banking Trojan
  • BianLian: New Ransomware variant on the rise
  • EvilCoder Project Selling Multiple Dangerous Tools Online
    
    
• Hussein Adel
  Malware analysis and Reverse Engineering tools
  
  
• Hex Rays
  • IDA Teams: Documentation published
  • Igor’s tip of the week #103: Sharing plugins between IDA installs
    
    
• InQuest
  • Introducing File Detection and Response (FDR)
  • Pulling together the pieces to build the puzzle
    
    
• Karlo Licudine at AccidentalRebel
  Malware sandbox evasion in x64 assembly by checking ram size – Part 2
  
  
• Jeroen Beckers at NVISO Labs
  Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)
  
  
• Pete Cowman at Hatching
  Triage Thursday Ep. 84
  
  
• petikvx
  • Bluesky Ransomware
  • Cuba Ransomware
  • Blacksun Ransomware
  • KillMBR Ransomware
    
    
• Pawan Kumar N at Qualys
  AsyncRAT C2 Framework: Overview, Technical Analysis & Detection
  
  
• Securelist
  • Threat in your browser: what dangers innocent-looking extensions hold for users
  • Two more malicious Python packages in the PyPI
    
    
• Snyk
  • Snyk finds PyPi malware that steals Discord and Roblox credential and payment info
  • Ruby gem installations can expose you to lockfile injection attacks
    
    
• Ax Sharma at Sonatype
  More than 200 cryptomining packages flood npm and PyPI registry
  
  
• Satyajit Daulaguphu at Tech Zealots
  A Comprehensive Guide To PE Structure, The Layman’s Way
  
  
• ThreatFabric
  Bugdrop: the first malware trying to circumvent Google’s security Controls
  
  
• Siddharth Sharma and Nischay Hedge at Uptycs
  Is Tox The New C&C Method For Coinminers?
  
  
• Oleg Boyarchuk and Stefano Ortolani at VMware Security
  How to Replicate Emotet Lateral Movement
  

MISCELLANEOUS

• Adam at Hexacorn
  • Password as a (Yara) Service
  • What to know, what to learn? What are useful skills for cyber in 2022?
    
    
• Breachquest
  The Rise of Business Email Compromise (BEC) Attacks
  
  
• Cassie Doemel at AboutDFIR
  AboutDFIR Site Content Update 8/14/22
  
  
• Cellebrite
  Cellebrite Sweeps the Board at 2022 Forensics 4:cast Awards at the 2022 SANS DFIR Summit
  
  
• Greg Day at Cybereason
  Why Detection Efficacy Should Be in Your Top Metrics
  
  
• Jake King at Elastic
  The secret is out: Why Open Security is key to preventing cyber threats
  
  
• Exterro
  FTK® FORENSIC TOOLS VERSION 7.6 – coming in September!
  
  
• Forensic Focus
  Modern Digital Forensic Tools: How New Tools Cut Through the Noise to Find Evidence
  
  
• Jonathan Nguyen-Duy at Fortinet
  MSSP Checklist: Tips for Achieving Success
  
  
• IntaForensics
  Meet the Team: Simon Young
  
  
• Lily Hay Newman at Wired
  Spyware Hunters Are Expanding Their Tool Set
  
  
• Pieter Arntz at Malwarebytes Labs
  Explained: Steganography
  
  
• petikvx
  How to use Clamav on Linux and Windows
  
  
• Laura Hamel at Red Canary
  MDR vs MSSP: Which one is right for your organization?
  
  
• Kunjan Zaveri at X1
  Important SaaS Architecture Considerations for Legal Tech Software
  
  
• 博客园 – Pieces0310
  Dual Messengers on iDevice – Pieces0310
  

SOFTWARE UPDATES

• Andrew Rathbun
  KAPE-EZToolsAncillaryUpdater 3.6
  
  
• ANSSI
  DFIR4vSphere
  
  
• ArcPoint Forensics
  ATRIO Update: 1.1.9: Key Features
  
  
• Capa
  v4.0.1
  
  
• Didier Stevens
  Update: 1768.py Version 0.0.15
  
  
• Doug Burks at Security Onion
  Security Onion 2.3.140 20220812 Hotfix Now Available!
  
  
• Elcomsoft
  Elcomsoft Distributed Password Recovery 4.45 supports Windows Hello PIN codes and LUKS2 encryption
  
  
• Federico Lagrasta
  PersistenceSniper v1.4.0
  
  
• Foxton Forensics
  Browser History Examiner — Version History – Version 1.16.10
  
  
• Yamato Security
  Hayabusa v1.5.1 🦅
  
  
• Joachim Schict
  Mft2Csv v2.0.0.46
  
  
• Velociraptor
  Velociraptor 0.6.6 Release
  
  
• Xways
  • Viewer Component
  • X-Ways Forensics 20.6 SR-2
    

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!