As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Blake Regan
  How to create a forensic image of a physical hard drive using FTK Imager
  
  
• Alan Flora at Cellebrite
  Using Pathfinder to Avoid Ethical Dilemmas in Digital Forensics
  
  
• CTF导航
  • inctf Forensic复现 | Memlabs（下）
  • inctf Forensic复现 | Memlabs（上）
  • 电子取证之NTFS基础
    
    
• Digital Forensics Myanmar
  • Browser Forensics (Firefox, Chrome, Edge, Opera, Brave)
  • Clear Browsing Data  Forensics (Firefox, Chrome, Edge, Opera, Brave)
    
    
• Joseph Moronwi at Digital Investigator
  • Techniques In Email Forensic Analysis
  • Email Header Forensic Analysis
    
    
• Oleg Afonin at Elcomsoft
  iOS Backups: Leftover Passwords
  
  
• Forensafe
  Investigating Recent Items
  
  
• Haircutfish
  • TryHackMe
    Windows Forensics 1 — Task 5 Exploring Windows Registry & Task 6 System Information and…
  • TryHackMe
    Windows Forensics 1 — Task 7 Usage or knowledge of files/folders
  • TryHackMe
    Windows Forensics 1 — Task 8 Evidence of Execution
  • TryHackMe
    Windows Forensics 1 — Task 9 External Devices/USB device forensics
  • TryHackMe
    Windows Forensics 1 — Task 10 Hands-on Challenge & Task 11 Conclusion
    
    
• Aaron Stratton at InfoSec Write-ups
  Analysis of a Smishing Text
  
  
• Kevin Pagano at Stark 4N6
  The Bots are Buzzing – Bumble on Android
  
  
• Mailxaminer
  • Search inside PST Files without Outlook for Evidence
  • Convert Mails & Attachments from Outlook PST to MSG Files
  • Recovering Microsoft Exchange Artefacts with eDiscovery Export Tool!
  • EML File Forensics – Extract Evidence from Email Message File
  • Here’s How to Convert Gmail to PST Using Forensic Tool?
  • Everything You Should Know About Opera Mailbox Forensics
  • Ultimate Way to Perform Mozilla Thunderbird Email Forensics
  • Tags and Privileged Files – MailXaminer
  • Best Ever Search Options for Precise Email Investigation
  • 100% Proven Solution to Perform Office 365 Email Forensics
  • Know How to Convert Netscape Mail to Outlook PST File?
  • Zoho Mail Forensics for Mailbox and Email Header Analysis
  • OCR Reader Technology to Extract Textual Data from Image
  • Export Options of MailXaminer Forensics Tool
  • Outlook Express Email Forensics – Explore DBX File Email Header
  • Analyze Thunderbird MBOX Artifacts with Thunderbird Email Viewer
    
    
• Oxygen Forensics
  Import Microsoft Outlook Data Files Into Oxygen Forensic® Detective
  

THREAT INTELLIGENCE/HUNTING

• MITRE Evaluations
  • Analyzing the 2022 MITRE ATT&CK Evaluation for Managed Services
  • BlackBerry Participates in MITRE Managed Services Evaluation
  • Microsoft Defender Experts for Hunting demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations for Managed Services
  • MITRE Engenuity ATT&CK® Evaluations: Managed Services — OilRig (2022) and the Top 10 Ways to…
  • NVISO EXCELS IN MITRE ATT&CK® MANAGED SERVICES EVALUATION
  • Unit 42 Strikes Oil in MITRE Engenuity Managed Services Evaluation
  • New MITRE Engenuity ATT&CK® Evaluation: Rapid7 MDR Excels
  • Crude OilRig: Drilling into MITRE’s Managed Service Evaluations
  • MITRE Managed Services Evaluation | 4 Key Takeaways for MDR & DFIR Buyers
  • Sophos MDR: Results from the first MITRE Engenuity ATT&CK Evaluation for Security Service Providers
    
    
• Dr. Nestori Syynimaa at AADInternals
  Bypassing Azure AD home tenant MFA and CA
  
  
• Anomali
  Anomali Cyber Watch: Active Probing Revealed Cobalt Strike C2s, Black Basta Ransomware Connected to FIN7, Robin Banks Phishing-as-a-Service Became Stealthier, and More
  
  
• Aqua
  Tracee Newly Released Rules Detect Attackers Out-of-the-Box
  
  
• Erica Mixon at Blumira
  5 Best Practices For Security Log Retention
  
  
• Cado Security
  Cado Security, SentinelOne and Tines Make Kubernetes Investigation and Response Possible
  
  
• CERT Ukraine
  • Кібератака групи UAC-0010: розсилання електронних листів, начебто, від імені Держспецзв’язку (CERT-UA#5570)
  • Розповсюдження електронних листів з фейковим сканером, начебто, від імені CERT-UA (CERT-UA#5583)
  • Інформація щодо кібератак групи UAC-0118 (FRwL) з використанням шкідливої програми Somnia (CERT-UA#5185)
    
    
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 05 – 11 novembre 2022
  
  
• Check Point Research
  • 7th November– Threat Intelligence Report
  • October’s Most Wanted Malware: AgentTesla Knocks Formbook off Top Spot and New Text4Shell Vulnerability Disclosed
  • Check Point CloudGuard Spectral exposes new obfuscation techniques for malicious packages on PyPI
    
    
• Cisco’s Talos
  • Emotet coming in hot
  • The Company You Keep – Preparing for supply chain attacks with Talos IR
  • Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
  • Threat Source newsletter (Nov. 10, 2022): Vulnerability research, movies in class, and Emotet once again
    
    
• Cluster25
  Sanctioned deals: the Irano-Russian connection under Ankara’s supervision. Analysis of the NPPD leak
  
  
• Corelight
  Detecting 5 current APTs without heavy lifting
  
  
• CTF导航
  • TrickBot的木马分析-HEAVEN’S GATE
  • webshell绕过案例
  • APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
  • 解密大黄蜂Bumblebee木马，复盘攻击套路
  • LOLBIN-使用卡巴斯基终端“KES”安装程序执行任意命令
  • 利用Cloudflare 零信任进行C2通信及防护
  • APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network
    
    
• Cyble
  • Pro-Russian hacktivists targeting adversaries with Killnet ransomware
  • Massive YouTube Campaign Targeting Over 100 Applications to Deliver Info Stealer
  • Emotet returns Targeting Users Worldwide
    
    
• Darktrace
  • Inside the Yanluowang Leak: Organization, Members, and Tactics
  • The last of its kind: Analysis of a Raccoon Stealer v1 infection (Part 1)
  • The resurgence of the raccoon: Steps of a Raccoon Stealer v2 Infection (Part 2)
    
    
• Dirk-jan Mollema
  Introducing ROADtools Token eXchange (roadtx) – Automating Azure AD authentication, Primary Refresh Token (ab)use and device registration
  
  
• Joe St Sauver at DomainTools
  Using Iris Investigate Pivot Tables to Collect Bulk Screenshots
  
  
• Esentire
  • eSentire Threat Intelligence Malware Analysis: RedAlert
  • BatLoader Facilitates Fraud and Hands-On-Keyboard Attacks
  • Intruder Deploys Medusa Unlocker instead of Medusa Locker in Attempted Medusa Ransomware Operation Targeting eSentire Legal Customer
  • Qakbot Sees Fall Resurgence
    
    
• Flashpoint
  • Why Telegram Is Essential to Open Source Investigations
  • How VulnDB Is Helping Organizations Prevent Future Ransomware Attacks
    
    
• Fortinet
  • Threat Predictions for 2023: New Attack Surfaces and Threats Emerge as Cybercrime Expands
  • Ransomware Roundup: New Inlock and Xorist Variants
    
    
• Mark Alpatsky and Sharef Hlal at Group-IB
  Hired hand: Scammers mimic Saudi manpower provider
  
  
• HHS
  Venus Ransomware Targets Publicly Exposed Remote Desktop Services
  
  
• Intel471
  Denial-of-Service in the Cyber Underground
  
  
• Nicole Fishbein at Intezer
  How LNK Files Are Abused by Threat Actors
  
  
• Koen Van Impe
  ENISA Threat Landscape 2022
  
  
• Luke Leal
  Strox Phishing Service & How It Works
  
  
• Thibault Van Geluwe De Berlaere at Mandiant
  They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
  
  
• Marco Ramilli
  Phishing Kits: Threat Actors Analysis Research
  
  
• Microsoft 365 Security
  • How one misconfiguration in ADCS can lead to full AD Forest compromise
  • Investigating Certificate Template Enrollment Attacks – (ADCS)
    
    
• Microsoft Security
  Microsoft threat intelligence presented at CyberWarCon 2022 
  
  
• Moath Maharmeh at C99.sh
  Deception & Inspection: Gathering intelligence & increasing the red team infrastructure resiliency
  
  
• Gustavo Palazolo at Netskope
  • BlackCat Ransomware: Tactics and Techniques From a Targeted Attack
  • New Phishing Technique Targeting Over 20 Crypto Wallets
    
    
• Robert Nixon at NVISO Labs
  Visualizing MISP Threat Intelligence in Power BI – An NVISO TI Tutorial
  
  
• Gijs Hollestelle at Falcon Force
  FalconFriday — Detecting Active Directory Data Collection  — 0xFF21
  
  
• PWC
  A Muddy, Advanced Persistent Teacher
  
  
• Anjali Raut at Quick Heal
  QBOT – A HTML Smuggling technique to target victims
  
  
• Dave Bogle and Brandon Dalton at Red Canary
  Validate your defenses with Atomic Test Harnesses for Linux and macOS
  
  
• Justin Palk at Red Siege Information Security
  Introduction to Sliver
  
  
• Resecurity
  Amidst Rising Tax Refund Fraud, Consumers Need Better Dark Web Intelligence
  
  
• Sandfly Security
  SSH Key Credential Tracking with Sandfly Splunk App Update
  
  
• SANS Internet Storm Center
  • IPv4 Address Representations, (Sun, Nov 6th)
  • Another Script-Based Ransomware, (Wed, Nov 9th)
  • Do you collect “Observables” or “IOCs”?, (Thu, Nov 10th)
  • Update: IPv4 Address Representations, (Fri, Nov 11th)
  • Extracting Information From “logfmt” Files With CyberChef, (Sat, Nov 12th)
    
    
• Kristen Cotten at Scythe
  SCYTHE Presents: STEEP#MAVERICK IOCs
  
  
• Dmitry Kondratyev and Andrey Ivanov at Securelist
  The state of cryptojacking in the first three quarters of 2022
  
  
• Joan Soriano at Security Art Work
  Threat Hunting: Probability based model for TTP covering (Parte I)
  
  
• Securonix
  • Securonix Threat Labs Security Advisory: Update on Analysis and Detection of Punycode Vulnerability in OpenSSL (CVE−2022-3602 and CVE-2022-3786)
  • Blue Team Debriefing – STEEP#MAVERICK Edition
    
    
• Aleksandar Milenkoski at SentinelLabs
  SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders
  
  
• SOCRadar
  Increased Healthcare Security Breaches in 2022
  
  
• Will Schroeder and Lee Christensen at SpecterOps
  Certificates and Pwnage and Patches, Oh My!
  
  
• Ben Martin at Sucuri
  Massive ois[.]is Black Hat Redirect Malware Campaign
  
  
• Nigel Douglas at Sysdig
  How to deal with ransomware on Azure
  
  
• Trend Micro
  • Massive Phishing Campaigns Target India Banks’ Clients
  • DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework
  • Hack the Real Box: APT41’s New Subgroup Earth Longzhi
  • 4 Types of Cyber Crime Groups
    
    
• TrustedSec
  • Auditing Exchange Online From an Incident Responder’s View
  • Active Directory for Script Kiddies
    

UPCOMING EVENTS

• Black Hills Information Security
  Atomic Spotlight: Exploiting HiveNightmare/SeriousSAM for Priv Escalation
  
  
• Dragos
  When Ransomware Strikes: The Impact of Ransomware in Operational Technology Environments
  
  
• Magnet Forensics
  • Lost Time, Can It Be Found?
  • Tips & Tricks // Building Streamlined Digital Forensics Workflows with Magnet AUTOMATE
    
    
• Stairwell
  Plan for Peak SOC & IR Performance in 2023
  

PRESENTATIONS/PODCASTS

• Phoenix Cast
  Mobile Forensics
  
  
• Belkasoft
  Tracking Potentially Malicious Files with Evidence of Execution
  
  
• Black Hills Information Security
  • AASLR: Cyber Range Challenge Walkthrough/Solutions w/ Serena & Beau
  • AASLR: Dynamic Device Code Phishing with Steve Borosh
  • BHIS – Talkin’ Bout [infosec] News 2022-11-07
  • Talkin’ About Infosec News – 11/11/2022
  • Securing AWS Discover Cloud Vulnerabilities via Pentesting Techniques | Beau Bullock
    
    
• BlueMonkey 4n6
  Bootable Linux environment for forensics – Sumuri PALADIN
  
  
• Breaking Badness
  138. Into the W4SP’s Nest
  
  
• Heather Mahalik at Cellebrite
  How to Discover Artifacts in Cellebrite Physical Analyzer – Part 3
  
  
• Cloud Security Podcast by Google
  EP95 Cloud Security Talks Panel: Cloud Threats and Incidents
  
  
• Brian Carrier at Cyber Triage
  ResponderCon 2022 – Videos – Batch 1
  
  
• Cyborg Security
  Episode 3
  
  
• Detections by SpectreOps
  Episode 27: Roberto Rodriguez
  
  
• Didier Stevens
  • Extracting Information From “logfmt” Files With InteractiveSieve
  • Extracting Information From “logfmt” Files With CyberChef
    
    
• Digital Forensic Survival Podcast
  DFSP # 351 – Prefetch
  
  
• FIRST
  2022 FIRST Symposium Asia Pacific Regions
  
  
• Game of Crimes
  Part 1: Tim Stommel and the Queen of the Pacific
  
  
• Gerald Auger at Simply Cyber
  Want to See How LockBit Ransomware Actors Work?
  
  
• Horangi Cyber Security
  The Cyber Defense Matrix (Ask A CISO SE02EP41)
  
  
• InfoSec_Bret
  CyberDefenders – Eli
  
  
• Insane Forensics
  How To Use Window’s Advanced Network Connection Audit Logging to Detect and Hunt for Cyber Attackers
  
  
• John Hammond
  Cybercrime & Dark Web Conversations (w/ Shmuel!)
  
  
• Koen Van Impe
  CTI-Summit 2022 Luxembourg Presentations
  
  
• LetsDefend
  Red team vs Blue team: What is the difference?
  
  
• Magnet Forensics
  • Customer Story | Greater Manchester Police Save 9.5 hrs on Digital Investigations w/ Magnet AUTOMATE
  • Getting Started with Magnet AXIOM Cyber
  • Getting Started with Magnet AXIOM
  • Getting Started With Magnet | AXIOM & AXIOM Cyber
  • Getting Started With Magnet | Module 1 Part 1: Magnet AXIOM Cyber Process Settings
  • Getting Started With Magnet | Module 1 Part 1: Magnet AXIOM Process Settings
  • Getting Started With Magnet | Module 1 Part 2: Magnet AXIOM Process Settings
  • Getting Started With Magnet | Module 2 Part 1: Examine UI and Explorers
  • Getting Started With Magnet | Module 2 Part 2: Examine UI & Menus
  • Getting Started With Magnet | Module 2 Part 3: Examine Analysis
  • Getting Started With Magnet | Module 3 Part 1: Tags, Comments, Exports, and Portable Case
  • Getting Started with Magnet | Module 3 Part 2: Case Reporting
  • [Air]Tag You’re It! – a look through location artifacts generated by Apple’s AirTag, iOS, and macOS devices within the FindMy application.
    
    
• MalGamy
  live about my resources
  
  
• Ollie Whitehouse at NCC Group
  Tales of Windows detection opportunities for an implant framework
  
  
• OALabs
  M1 Mac Malware Analysis VM Setup with Windows 11 (Free)
  
  
• Sumuri
  • Introducing the new RECON ITR Interface!
  • SUMURI | More than 10 years of Giving Back
    
    
• The Defender’s Advantage Podcast
  Threat Trends: Tracking DPRK Use of Cryptocurrencies
  
  
• The Ransomware Files
  Thank You
  

MALWARE

• 0xdf hacks stuff
  • Flare-On 2022: Pixel Poker
  • Flare-On 2022: Magic 8 Ball
  • Flare-On 2022: T8
  • Flare-On 2022: darn_mice
  • Flare-On 2022: à la mode
  • Flare-On 2022: anode
  • Flare-On 2022: backdoor
  • Flare-On 2022: encryptor
  • Flare-On 2022: Nur geträumt
  • Flare-On 2022: The challenge that shall not be named
    
    
• AK1001
  Malware Analysis: TelegramRAT wrapped by pyinstaller
  
  
• Akamai
  KmsdBot: The Attack and Mine Malware
  
  
• ASEC
  • LockBit 3.0 Being Distributed via Amadey Bot
  • ASEC Weekly Malware Statistics (October 31st, 2022 – November 6th, 2022)
  • Distribution of Word File (External + RTF) Modified to Avoid Detection
  • Penetration and Distribution Method of Gwisin Attacker
  • Magniber Ransomware Attempts to Bypass MOTW (Mark of the Web)
  • Emotet Being Distributed Again via Excel Files After 6 Months
  • HackHound IRC Bot Being Distributed via Webhards
    
    
• Avast Threat Labs
  PNG Steganography Hides Backdoor
  
  
• Lawrence Abrams at BleepingComputer
  Azov Ransomware is a wiper, destroying data 666 bytes at a time
  
  
• Osanda Malith Jayathissa
  Encrypting Shellcode using SystemFunction032/033
  
  
• CISA
  10410305-1.v1 JSP Webshell
  
  
• Lukasz D at Compass Security
  A Symmetric Cipher Ransomware … YES!
  
  
• Johann Aydinbas and Axel Wauer at DCSO CyTec
  #ShortAndMalicious: StrelaStealer aims for mail credentials
  
  
• Docguard
  LockBit3.0 Manual Analysis
  
  
• Brian Baskin at Ghetto Forensics
  Flare-On 9 – The Worst Writeups
  
  
• hasherezade’s 1001 nights
  • Flare-On 9 – Task 9
  • Flare-On 9 – Task 10
    
    
• Molly “PonchoSec” N. at Huntress
  Creating macOS Ransomware
  
  
• Igor Skochinsky at Hex Rays
  • Igor’s Tip of the Week #113: Image-relative Offsets (RVA)
  • Igor’s Tip of the Week #114: Split offsets
    
    
• Kristina Balaam, Alemdar Islamoglu, Justin Albrecht, and Ruohan Xiong at Lookout
  Lookout Discovers Long-running Surveillance Campaigns Targeting Uyghurs | Lookout
  
  
• Pete Cowman at Hatching
  Triage Thursday Ep. 89
  
  
• petikvx
  • How to unlock Trojan-Ransom.MSIL.Survey.a
  • Some old constructor
  • How to unpack and decompile autoit sample (UPX)
    
    
• Louis Lang at Phylum Research Blog
  Python Malware Replaces Crypto Addresses in Developer Clipboards
  
  
• Ben Joels at Snyk
  Key points from Google and Accenture’s ransomware white paper
  
  
• Vlad at ‘Слава Україні — Героям Слава!’
  McAfee – Trellix. Оновлення сертифікатів [UA]
  
  
• VMRay
  How to extract Emotet’s Configuration statically
  
  
• Yassir Laaouissi
  FlareOn 9 – Writeup
  
  
• Zhassulan Zhussupov
  Malware analysis: part 6. Shannon entropy. Simple python script.
  
  
• Nipun Gupta at Zimperium
  The Case of Cloud9 Chrome Botnet
  

MISCELLANEOUS

• Chris Brenton at Active Countermeasures
  Why Threat Hunting should be a Security Standards Requirement
  
  
• Avertium
  MFA Breaches & MFA Fatigue
  
  
• Belkasoft
  [On-demand Сourse] Remote Acquisition with Belkasoft
  
  
• Cassie Doemel at AboutDFIR
  AboutDFIR Site Content Update 11/6/22
  
  
• Cellebrite
  2022 Industry Trends Survey
  
  
• Forensic Focus
  • MSAB’s James Eichbaum Takes Us Behind the Scenes of Digital Forensic Tool Training
  • How to Identify Social Media Images and Analyze Them with Amped Authenticate
  • Reveal by Grayshift Now Generally Available
  • Register for Webinar: Tips and Tricks: Data Collection for Cloud Workplace Applications
  • Greater Manchester Police Completes Digital Investigations 9.5 Hours Faster With Magnet AUTOMATE
    
    
• Haircutfish
  TryHackMe Junior Security Analyst Intro
  
  
• Kristian Lars Larsen at Data Narro
  The Challenges of EMOJIs in E-Discovery
  
  
• Martin Boller at InfoSec Worrier
  Live Remote Packet Analysis
  
  
• Salvation DATA
  Write a Forensic Report Step by Step [Examples Inside]
  
  
• The Security Noob
  Learn Computer Forensics – Second Edition by William Oettinger for Packt REVIEW
  
  
• John Patzakis at X1
  10 Unique and Compelling Features of X1 Social Discovery
  

SOFTWARE UPDATES

• Apache Tika
  Release 2.6.0 – 11/3/2022
  
  
• Belkasoft
  Belkasoft R 1.2 is released
  
  
• BlueTeamOps
  AllthingsTimesketch
  
  
• Brian Maloney
  OneDriveExplorer v2022.11.08
  
  
• Costas K
  • MFTBrowser.exe (x64)
  • PrefetchBrowser
  • Clippy
  • WindowsTimeline parser (x64)
    
    
• CyberChef
  v9.49.0
  
  
• Daniel Avilla
  AvillaForensics
  
  
• Didier Stevens
  • Update: pdf-parser.py Version 0.7.7
  • Update: oledump.py Version 0.0.71
    
    
• Doug Burks at Security Onion
  Security Onion 2.3.182 Now Available!
  
  
• ExifTool
  ExifTool 12.50 (production release)
  
  
• Griffeye
  Release of Analyze 22.2
  
  
• Metaspike
  Forensic Email Intelligence v1.8.8348
  
  
• MSAB
  XRY 10.3.1 Released today
  
  
• Ryan Benson at dfir.blog
  Unfurl v2022.11: Social Media Edition
  
  
• Thiago Canozzo Lahr – Unix-like Artifacts Collector
  uac-2.4.0-rc1
  
  
• Velociraptor
  Release 0.6.7 RC3
  
  
• Yamato Security
  Hayabusa v1.8.0 🦅
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!