As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• David Spreadborough at Amped
  Remote Acquisition Using a Mobile Device
  
  
• Felix Guyard at ForensicXlab
  🔦 Video Games Forensics : Steam
  
  
• Forensafe
  Investigating Android Yandex Mail
  
  
• Jim Cole at CameraForensics
  The importance of closing the knowledge gap between software and law enforcement
  
  
• Ken Pryor at ‘No Pryor Knowledge’
  Forensics/Malware Courses and Tools
  
  
• Lorena Carthy-Wilmot
  Uses24HourClock: false
  

THREAT INTELLIGENCE/HUNTING

• Adam Goss
  Python Threat Hunting Tools: Part 10 — The Power of Jupyter Notebooks
  
  
• Ofek Itach and Assaf Morag at Aqua
  Threat Alert: Anatomy of Silentbob’s Cloud Attack
  
  
• Avertium
  MOVEit Postmortem
  
  
• Blackberry
  RomCom Threat Actor Suspected of Targeting Ukraine’s NATO Membership Talks at the NATO Summit
  
  
• Brad Duncan at Malware Traffic Analysis
  • 2023-07-03 – 30 days of Formbook: Day 29, Monday 2023-07-03 – GuLoader Formbook “AU22”
  • 2023-07-02 – 30 days of Formbook: Day 28, Sunday 2023-07-02 – “SY18”
  • 2023-07-01 – 30 days of Formbook: Day 27, Saturday 2023-07-01 – “NES8”
  • 2023-07-04 – 30 days of Formbook: Day 30, Tuesday 2023-07-04 – Formbook “MF6W”
  • 2023-07-04 thru 2023-07-07 – AgentTesla to my honeypot email accounts
    
    
• CERT Ukraine
  • Цільова атака з використанням тематики членства України в Організації Північноатлантичного договору (CERT-UA#6940)
  • Цільова кібератака UAC-0057 у відношенні державних органів із застосуванням PicassoLoader/njRAT (CERT-UA#6948)
  • Фішингові атаки групи APT28 (UAC-0028) з метою отримання автентифікаційних даних до публічних поштових сервісів (CERT-UA#6975)
    
    
• CERT-AGID
  • Malware PEC: dopo sLoad è la volta di Vidar
  • Sintesi riepilogativa delle campagne malevole nella settimana del 01 – 07 luglio 2023
    
    
• Check Point
  • June 2023’s Most Wanted Malware: Qbot Most Prevalent Malware in First Half of 2023 and Mobile Trojan SpinOk Makes its Debut
  • 3rd July – Threat Intelligence Report
  • Chinese Threat Actors Targeting Europe in SmugX Campaign
    
    
• Yehuda Gelb at Checkmarx Security
  Stopping Malicious Packages at their Source
  
  
• CISA
  Increased Truebot Activity Infects U.S. and Canada Based Networks
  
  
• Cisco’s Talos
  • The growth of commercial spyware based intelligence providers without legal or ethical supervision
  • Threat Roundup for June 30 to July 7
    
    
• Cyberwarzone
  • Unpacking .JAR Files: A Closer Look at a Stealthy Threat
  • Unmasking AsyncRAT
  • Understanding the Azorult malware
  • Threat Hunting with ASNmap and TLSx
    
    
• Cyble
  • Security Gaps in Green Energy Sector: Unveiling the Hidden Dangers of Public-Facing PV Measuring and Diagnostics Solutions
  • Underground Team Ransomware Demands Nearly $3 Million
  • ARCrypt Ransomware Evolves with Multiple TOR Communication Channels
    
    
• Cyborg Security
  Unmasking CL0P Ransomware: Understanding the Threat Shaking Up Global Security
  
  
• Cyfirma
  Weekly Intelligence Report – 07 July 2023
  
  
• Jörg Abraham at EclecticIQ
  8Base Ransomware Surge; SmugX Targeting European Governments; Russian-Linked DDoS Warning
  
  
• ENISA
  Checking-up on Health: Ransomware Accounts for 54% of Cybersecurity Threats
  
  
• Esentire
  • Persistent Connection Established: Nitrogen Campaign Leverages DLL Side-Loading Technique for C2 Communication
  • Key Learnings from the Newest Verizon DBIR and the Recent Dragos Attack
    
    
• Malcolm Heath at F5 Labs
  Web Shells: Understanding Attackers’ Tools and Techniques
  
  
• Fortinet
  Ransomware Roundup – Rancoz
  
  
• FourCore
  Clop Ransomware: History, Timeline, And Adversary Simulation
  
  
• Huntress
  • Threat Hunting for Business Email Compromise Through User Agents
  • Move It on Over: Reflecting on the MOVEit Exploitation
    
    
• InfoSec Write-ups
  • Ransomware’s Sinister Dance with Volume Shadow Files
  • Key Factors to Investigate in Ransomware Attacks
  • Hackthebox Fawn Writeup, Traffic and Log Analysis, Python Automatic Exploit, Hardening and…
  • Malware Hunting 101: A Beginner’s Guide to Analysis and Reverse Engineering
  • CyberTalents — Malware Reverse Engineering (RE): Find the Pass for Beginners
    
    
• Intel471
  Detecting Credential Theft to Prevent Data Breaches
  
  
• Intrusion Truth
  One man and his lasers
  
  
• Jeffrey Appel
  AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)
  
  
• Kostas
  Public Opinion Survey Results: You’re Pwned
  
  
• Lares Labs
  • Introducing Slinky Cat – Living off the AD Land
  • Offensive Sysadmin Suite, aka Adversary Kit
    
    
• Microsoft Security
  The five-day job: A BlackByte ransomware intrusion case study
  
  
• Elizabeth Davies at PhishLabs
  The Royal & BlackCat Ransomware: What you Need to Know
  
  
• Proofpoint
  Welcome to New York: Exploring TA453’s Foray into LNKs and Mac Malware
  
  
• Vinay Kumar at Quick Heal
  White Snake Menace: The Growing Threat of Information Stealers in the Cybercrime Landscape
  
  
• Red Alert
  Monthly Threat Actor Group Intelligence Report, May 2023 (KOR)
  
  
• Megan Roddie at SANS
  Ransomware in the Cloud
  
  
• SANS Internet Storm Center
  • Controlling network access to ICS systems, (Mon, Jul 3rd)
  • Analysis Method for Custom Encoding, (Wed, Jul 5th)
  • DSSuite (Didier’s Toolbox) Docker Image Update, (Fri, Jul 7th)
    
    
• Izzmier Izzuddin Zulkepli at Security Investigation
  How To Check Malicious Phishing Links
  
  
• SentinelOne
  • Neo_Net | The Kingpin of Spanish eCrime
  • BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection
    
    
• SOCRadar
  • APT Profile: FIN7
  • APT Profile: Turla
  • Ransomware Chronicles: Unveiling the Monthly Trends in 2023
    
    
• Puja Mahendru at Sophos
  The State of Ransomware in Retail 2023
  
  
• Rianna MacLeod at Sucuri
  What is php.ini? Where It’s Located, How to Edit & Common Directives
  
  
• Threatmon
  June’s Cyber Battleground: Decoding Ransomware and APT Attacks in Europe
  
  
• WeLiveSecurity
  • Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs
  • What’s up with Emotet?
    

UPCOMING EVENTS

• Cellebrite
  Uncovering Hidden Data: How to Collect the Mobile Data your Investigation is Missing
  
  
• IntaForensics
  New Webinar: Drone Analysis in Digital Forensic Investigations
  
  
• Magnet Forensics
  Investigate Security Incidents Faster with Magnet Forensics DFIR Solutions
  
  
• SANS Cyber Defense
  Strategies of a World-Class SOC | Host: John Hubbard | July 18, 2023
  

PRESENTATIONS/PODCASTS

• Anuj Soni
  Analyzing a Malicious Service EXE
  
  
• Archan Choudhury at BlackPerl
  BLUE TEAM Master Course Pack | Limited time Deal | 80% Off
  
  
• BlueMonkey 4n6
  DFIR EDC pack – my EveryDay Carry pack for my DFIR work and travel kit
  
  
• Chris Stanko at Data Rescue Labs Inc.
  Unlocking a Password-Locked iPhone | Forensic Investigation
  
  
• Cloud Security Podcast
  AWS Incident Response – Automate Containment
  
  
• Cloud Security Podcast by Google
  EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
  
  
• cloudyforensics
  AWS Forensics & Incident Response
  
  
• D-Virus
  Incident Response in GCP
  
  
• Digital Forensic Survival Podcast
  DFSP # 385 – Network Share Access
  
  
• John Hammond
  • How Hackers Write Malware & Evade Antivirus (Nim)
  • How to Trick Hackers & Web Crawlers with Spidertrap
    
    
• John Hubbard at ‘The Blueprint podcast’
  Strategy 9: Communicate Clearly, Collaborate Often, Share Generously
  
  
• Karsten Hahn at Malware Analysis For Hedgehogs
  Malware Analysis – Unpacking Ageostealer built with Electron Framework
  
  
• Magnet Forensics
  • An Introduction to the MITRE ATT&CK Framework
  • Magnet Forensics Solutions for Public Safety: Amplifying your Digital Investigations at Every Step
    
    
• MSAB
  How to extract multiple phones simultaneously with XRY?
  

MALWARE

• 0day in {REA_TEAM}
  [QuickNote] Examining Formbook Campaign via Phishing Emails
  
  
• Any.Run
  Malware Analysis News: June 2023 
  
  
• Arch Cloud Labs
  Debugging with gdb – Fixing a NULL Pointer Dereference in dhcpcd
  
  
• ASEC
  • Crysis Threat Actor Installing Venus Ransomware Through RDP
  • Deep Web & Dark Web Threat Trend Report – May 2023
  • Threat Trend Report on Ransomware – May 2023
  • Distribution of NetSupport Malware Using Email
  • Threat Trend Report on APT Groups – May 2023
  • Kimsuky Threat Group Exploting Chrome Remote Desktop
  • CVE Trend Report – May 2023
  • Threat Trend Report on Kimsuky – May 2023
    
    
• c3rb3ru5d3d53c
  [67] LiveStream – Reversing The DUMBEST HACK I’ve Ever Seen (Redline Stealer Part 10)
  
  
• Cryptax
  Eyes on Android/S.O.V.A botnet sample
  
  
• Gi7w0rm
  CloudEyE — From .lnk to Shellcode
  
  
• Igor Skochinsky at Hex Rays
  Igor’s Tip of the Week #147: Fixing “stack frame is too big”
  
  
• InfoSec Write-ups
  • Demystifying PyInstaller — A Journey into Decompiling Python Executables
  • Exploring 10 Notorious Types of Malware
    
    
• OALABS Research
  • Triage Malware Delivery Chain
  • Status Recorder
    
    
• Paolo
  Malware configuration extraction from memory
  
  
• Lucija Valentić at ReversingLabs
  Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
  
  
• RussianPanda
  Unleashing the Viper : A Technical Analysis of WhiteSnake Steale
  
  
• Ieriz Nicolle Gonzalez, Katherine Casona, Sarah Pearl Camiling at Trend Micro
  Tailing Big Head Ransomware’s Variants, Tactics, and Impact
  
  
• White Knight Labs
  • Developing Winsock Communication in Malware
  • Mockingjay Memory Allocation Primitive
    
    
• Avigayil Mechtinger at Wiz
  Linux rootkits explained – Part 1: Dynamic linker hijacking
  
  
• Zhassulan Zhussupov
  Malware development trick – part 34: Find PID via WTSEnumerateProcesses. Simple C++ example.
  
  
• Niraj Shivtarkar and Preet Kamal at ZScaler
  The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
  

MISCELLANEOUS

• Mark Stone at AT&T Cybersecurity
  What is the difference between incident response & threat hunting?
  
  
• Belkasoft
  Case Study: Belkasoft X Helps to Define CSAM Recidivism Immediately
  
  
• Cado Security
  Cado Security now offers Free Licenses for Training Providers
  
  
• Forensic Focus
  • Digital Forensics Round-Up, July 06 2023
  • GMDSOFT Meet-up Day India 2023
    
    
• Christa Miller at Forensic Horizons
  June 2023: Juries, Judgments, and Credibility
  
  
• Kevin Pagano at Stark 4N6
  Forensics StartMe Updates (7/1/2023)
  
  
• Ryan Nicholson at SANS
  Major Updates to SANS #1 Cloud Security Training Course
  
  
• SANS
  Cybersecurity Jobs: ICS/OT Security Assessment Consultant (Japanese)
  

SOFTWARE UPDATES

• Andrew Rathbun
  SigHunter V0.3 – Initial Public Release
  
  
• Arsenal Recon
  Arsenal Image Mounter v3.10.257
  
  
• Brian Maloney
  OneDrive Explorer v2023.07.05
  
  
• Canadian Centre for Cyber Security
  • Assemblyline v4.4.0.stable33
  • v4.4.1.dev134
    
    
• Datadog Security Labs
  GuardDog v1.2.1
  
  
• Digital Sleuth
  WIN-FOR v8.0.0
  
  
• Eric Zimmerman
  ChangeLog (check GitHub releases)
  
  
• Ninoseki
  Azuma v0.2.1
  
  
• Securizame
  Publicamos Wintriage v.03072023! / Released Wintriage v.03072023!
  
  
• StrangeBee
  TheHive 5.2: “Reporting” for duty!
  
  
• Three Planet Software
  Apple Cloud Notes Parser v0.13.0
  
  
• Ulf Frisk
  MemProcFS Version 5.7
  
  
• WithSecure Labs
  Chainsaw v2.7.1
  
  
• Xways
  • X-Ways Forensics 20.8 SR-3
  • X-Ways Forensics 20.9 Beta 4
    

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!