As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- David Spreadborough at Amped
Navigating a CCTV Device and Reviewing Video - BlackMamba
BlackEnergy Memory Forensic Ananlysis - Forensafe
Investigating Adobe Acrobat Reader - Haircutfish
TryHackMe Wireshark: The Basics — Task 1 Introduction & Task 2 Tool Overview - Ian D
Boggle-bytes in a Basic Data Partition Entry - Markus Tuominen and Mehmet Mert Surmeli at WithSecure
Unleashing the Power of Shimcache with Chainsaw - N00b_H@ck3r
CyberDefenders: AzurePot - Phalgun Kulkarni and Julia Paluch at Aon
Windows Search Index: The Forensic Artifact You’ve Been Searching For - Plainbit
- AXIOM Cyber를 이용한 Windows 원격 수집
- AXIOM Cyber를 이용한 AWS 원격 수집
- AXIOM Cyber를 이용한 Azure 원격 수집
- MAGNET AXIOM 소개
- Euler Finance Flash Loan Attack
- Euler Finance Flash Loan Attack 스마트 컨트랙트 상세 분석
- AXIOM Cyber를 이용한 Linux 원격 수집
- 플래시 론(Flash Loan)
- 코인조인(CoinJoin)
- 필 체인(Peel Chain)
- AXIOM Cyber 소개
- MAGNET AXIOM 소개
- Sysmon 활용 가이드: 이벤트 구성 항목
- Sysmon 활용 가이드: 개념 및 설치 방법
- Justin Vaicaro at TrustedSec
Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 3 – Network Analysis and Tooling)
THREAT INTELLIGENCE/HUNTING
- John Lukach at 4n6ir
Amazon Linux Triage Updates - Alex Teixeira
RATs Race: Detecting remote access tools beyond pattern-based indicators - Alican Kiraz
Destroy the Ransomware Threat: Part 1.1 — Detection and Prevention - Ankith Bharadwaj
Procedural Detections to Uncover PsExec Style Lateral Movement - Anomali
Anomali Cyber Watch: Two Supply-Chain Attacks Chained Together, Decoy Dog Stealthy DNS Communication, EvilExtractor Exfiltrates to FTP Server - Arctic Wolf
Why Ransomware and Business Email Compromise Remain Top Attack Types - Atomic Matryoshka
Threat Groups Series: Dark Caracal - Bitdefender
- Himaja Motheram at Censys
CVE-2017-6742 Actively Exploited SNMP Vulnerability on Cisco Routers - CERT Ukraine
Кібератака групи APT28: розповсюдження електронних листів з “інструкціями” щодо “оновлення операційної системи” (CERT-UA#6562) - CERT-AGID
- Check Point
- Yehuda Gelb at Checkmarx Security
New revelation of the 3CX attack reveals a cascade of supply chain attacks - Cisco’s Talos
- Nathaniel Raymond at Cofense
Open-Source Gh0st RAT Still Haunting Inboxes 15 Years After Release - Coveware
Big Game Hunting is back despite decreasing Ransom Payment Amounts - CTF导航
Phishing Analysis with Voyant Tools - Cyble
- Cyborg Security
Threat Hunting Workshop 4: Hunting for Defense Evasion - Cyfirma
Weekly Intelligence Report – 28 Apr 2023 - Darktrace
Gozi-ISFB:Darktrace’s Detection of the Malware with a Thousand Faces - Martin McCloskey and Dayspring Johnson at Datadog Security Labs
An Adventure in Google Cloud threat detection - Dragos
Improving Long Tail Analysis Using Neighborhood Keeper - EclecticIQ
3CX Incident Attributed to North Korea; New LockBit MacOS Sample - Shunichi Imano, Fred Gutierrez, and James Slaughter at Fortinet
Ransomware Roundup – UNIZA Ransomware - GreyNoise
- Guardio
“Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer… - Zach Hanley at Horizon3
PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise - Stuart Ashenbrenner at Huntress
Endpoint Security In a macOS World - Infoblox
Dog Hunt: Finding Decoy Dog Toolkit via Anomalous DNS Traffic - Kaustubh Jagtap at Safebreach
Hacker’s Playbook Threat Coverage Roundup: April 25, 2023 - Kijo
SecurityResearcher-Note - Amy L. Robertson at MITRE ATT&CK
ATT&CK v13 Enters the Room: Pseudocode, Swifter Search, and Mobile Data Sources - Cecilia Hu, Fang Liu, Shehroze Farooqi, Stella Zhu, Daiping Liu, Jodie Ma, Jingwei Fan and Tao Yan at Palo Alto Networks
Recent Trends in Internet Threats: Common Industries Impersonated in Phishing Attacks, Web Skimmer Analysis and More - Jessica Ellis at PhishLabs
Top Tactics of BEC Attacks in 2023 - Kyle Schwaeble and James Tytler at S-RM Insights
Cyber Intelligence Briefing: 28 April 2023 - SANS Internet Storm Center
- Management of DMARC control for email impersonation of domains in the .co TLD – part 1, (Sun, Apr 23rd)
- Calculating CVSS Scores with ChatGPT, (Tue, Apr 25th)
- Strolling through Cyberspace and Hunting for Phishing Sites, (Wed, Apr 26th)
- Quick IOC Scan With Docker, (Fri, Apr 28th)
- SANS.edu Research Journal: Volume 3 , (Thu, Apr 27th)
- Wireshark 4.0.5 Released, (Sat, Apr 29th)
- Securelist
- Sophos
- Splunk
Detecting Threats with Splunk Security Content – Q4 Roundup - Trend Micro
- Facundo Muñoz at WeLiveSecurity
Evasive Panda APT group delivers malware via updates for popular Chinese software
UPCOMING EVENTS
- Cellebrite
How to Simplify Modern Mobile Data Collection and Review - Cyacomb Forensics
Operational Tips & Tricks Webinar - Cyborg Security
- James Turner, Varun Acharya, Shanna Daly, and Raj Samani
The Complexities of APAC’s Threat Landscape – Part 1 of 2 [APAC] - Kroll
Q1 2023 Threat Landscape Briefing: Ransomware Groups Splinter, Swarm Professional Services Sector (APAC) - Magnet Forensics
PRESENTATIONS/PODCASTS
- Arsenal Consulting
LevelDB Recon v1.0.0.28 – Quick Demo.mov - Cellebrite
- How Cellebrite Guardian Works Submit Evidence for Examination LEGENDADO
- How to Create a New Lab Submission in Cellebrite Guardian – Part 1 LEGENDADO
- How to Create a New Lab Submission In Cellebrite Guardian Part 2 LEGENDADO
- New Cellebrite Guardian Evidence and Workflow Management Redefined LEGENDADO
- How Cellebrite Guardian Works Share Digital Evidence LEGENDADO
- Premium Shorts 2 iOS PTB LEGENDADO
- How Cellebrite Guardian Works Review Digital Evidence LEGENDADO
- Premium Shorts 1 Android PTB LEGENDADO
- How Cellebrite Guardian Works The Examination Phase LEGENDADO
- How Cellebrite Guardian Works Manage Evidence LEGENDADO
- Premium Shorts 3 EaseUse PTB LEGENDADO
- PremiumExperience NEW V2 PTB LEGENDADO
- Hazel Burton at Cisco’s Talos
Video: Everything you need to know about ongoing state-sponsored attacks targeting network infrastructure across the globe - Digital Forensic Survival Podcast
DFSP # 375 – More AI with SUMURI - Jess Garcia at DS4N6
[BLOG] RSA Conference ’23 – “Hunting Stealth Adversaries with Graphs & AI” – Wrap-Up & Community Resources Announced, by Jess Garcia - Gerald Auger at Simply Cyber
Is DFIR entry level in #cybersecurity a thing? #cyber #career - InfoSec_Bret
IR – SOC186-132 – 3CX DLL-Sideloading Attack Detected - John Dwyer
Analyzing PowerShell Payloads EP9 - Karsten Hahn at Malware Analysis For Hedgehogs
Malware Theory – Packer identifiers don”t tell you if a file is packed - Magnet Forensics
- Mossé Cyber Security Institute
- Extracting and analyzing strings from a malware sample
- Decompiling .NET code using ILSpy
- Using Sysmon to analyze a malware sample
- Analyzing malware samples with ProcMon
- Automated malware analysis with Cuckoo Sandbox
- Introduction to Dynamic Analysis
- Using YARA to identify and classify malware samples
- Using file hashes to identify and classify malware samples
- Using PEStudio to analyze malware
- Using the Linux ‘file’ utility to recover file types
- Using Resource Hacker to retrieve a malware’s resources
- Common IOCs to retrieve from malware reverse engineering
- Setting up a lab for Malware Reverse Engineering
- Protocol for safely handling and sharing malware samples
- What is Systematic Approach to Malware Analysis (SAMA)?
- MSAB
- RickCenOT
I pwn your ICS communication processor in 68 sec and then traverse into your Level 0 serial device - The Defender’s Advantage Podcast
Threat Trends: M-Trends 2023
MALWARE
- 0x70RVS
$tealer - ASEC
- Bernardo.Quintero at VirusTotal
Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI - Dr Josh Stroschein
OneNote Malware Trends – Password Protected Documents - Eclypsium
MSI Incident Part 2: Binary Analysis - Erik Hjelmvik at Netresec
EvilExtractor Network Forensics - Hex Rays
- Hussein Adel
Intoduction C# ‘OOP’ - Andrey Polkovnychenko and Malware Research at JFrog
New .NET Malware “WhiteSnake” Targets Python Developers, Uses Tor for C&C Communication - Mellvin S at K7 Labs
Mustang Panda – PE Injection through Opera Mail - Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, and Justin Albrecht at Lookout
BoudSpy: Android Spyware Tied to Iranian Police Targets Minorities | Lookout - Malwarebytes Labs
- Muhammad Umair at Mandiant
Magniber Ransomware Wants to Infect Only the Right People - Dexter Shin at McAfee Labs
HiddenAds Spread via Android Gaming Apps on Google Play - Mohamed Adel
Aurora Stealer Builder - Gustavo Palazolo at Netskope
FedEx Phishing Campaign Abusing TrustedForm and PAAY - OALABS Research
in2al5dp3in4er Loader - Palo Alto Networks
Chinese Alloy Taurus Updates PingPull Malware - Lucija Valentić at ReversingLabs
Package names repurposed to push malware on PyPI - Uptycs
RTM Locker Ransomware as a Service (RaaS) Now on Linux – Uptycs - Zhassulan Zhussupov
Malware development trick – part 27: WinAPI LoadLibrary implementation. Simple C++ example.
MISCELLANEOUS
- Kevin Ripa at SANS
The game of CLUE - Adam Goss
Free vs Paid Cybersecurity Training - ADF Solutions
Why is Digital Forensic Training Important? - Avertium
Can Someone With No Programming Experience Write Ransomware Using ChatGPT? - Belkasoft
- Noel McMenamin
Time for action - CQURE Academy
10 things you should know about Incident Response and Forensics in 2023 - Forensic Focus
- Cracking The Code Of iOS Messages: A Guide To Storage And Analysis Techniques For Forensic Examiners
- Tackling Time In Digital Investigations – Succeeding When Seconds Matter
- ADF Solutions To Showcase Digital Forensic Tools At National Cyber Crime Conference
- How To Use The Validation Tool In Amped FIVE
- UPCOMING WEBINAR – Unique Exploits And Solutions In XRY & XRY Pro
- Digital Forensics Round-Up, April 27 2023
- Christa Miller at Forensic Horizons
April 2023: The Way Things Have Always, and Never, Been Done - David Finger at Fortinet
Fortinet Survey Reveals a Disconnect Between Ransomware Preparedness and Prevention - GIAC
Sorting Through the Noise: GIAC’s New Path to the GSE - Howard Oakley at ‘The Eclectic Light Company’
APFS hard links, symlinks, aliases and clone files: a summary - Darren Spruell at InQuest
Shifting Left in Cybersecurity: Balancing Detection and Prevention – Part 1 - Mitsutaka Hori at JPCERT/CC
ICS Security Conference 2023 - Kevin Pagano at Stark 4N6
Magnet User Summit 2023 Recap - MISP
How to push to a TAXII server from MISP - MSAB
Interim report Q1, January – March 2023 - Grace Chi at Pulsedive
3 (+1) Pulsedive Utilities For Every Security Analyst - Cordell BaanHofman at Red Canary
Microsoft recognizes Katie Nickels for her impact on the security community - SANS
Cybersecurity Jobs: Security Architect & Engineer (Japanese) - SUMURI
- Teri Radichel
SANS GIAC GSE and GSP— Changes April 2023
SOFTWARE UPDATES
- Amped
Amped Replay Update 28733: Improved Annotations, Support for Subtitles and much more! - Atola
Meet the new TaskForce 2023.4 performance update - Crowdstrike
Falconpy Version 1.2.15 - Didier Stevens
Update: zipdump.py Version 0.0.25 - Doug Burks at Security Onion
- Drew Alleman
DataSurgeon 1.1.2 - ExifTool
ExifTool 12.61 - Federico Lagrasta
PersistenceSniper v1.10.0 - Foxton Forensics
Browser History Examiner — Version History – Version 1.18.2 - Jiří Vinopal
sc2pe - k1nd0ne
VolWeb 1.2.0-beta - Invictus Incident Response’
Welcome Microsoft Extractor Suite - OpenCTI
5.7.3 - Passmark Software
OSForensics – V10.0 Build 1010 26th April 2023 - Securizame
Wintriage: Publicada la versión 09042023 / Released version 09042023 - Three Planet Software
Apple Cloud Notes Parser v0.11 - X1
X1 Introduces Cutting-Edge Instagram Support with X1 Social Discovery Version 7 - Xways
X-Ways Forensics 20.8 Release
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 