As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• ADF Solutions
  How to Scan a Mobile Device with Mobile Device Investigator
  
  
• Belkasoft
  How to Analyze KnowledgeC.db with Belkasoft X
  
  
• Cloudbrothers
  Other Entra ID / Azure AD SignIn errors
  
  
• Forensafe
  Investigating Android Aqua Mail
  
  
• Justin De Luna at ‘The DFIR Spot’
  A LNK To The Past: Utilizing LNK Files For Your Investigations
  
  
• Lorena Carthy-Wilmot
  Vipps App — Forensics
  
  
• Lucid Truth Technologies
  Forensic analysts can be wrong about the USB Drives attached to a computer in evidence.
  
  
• Jaspreet Singh at Mailxaminer
  How to Trace Email Sender IP Address in Outlook
  

THREAT INTELLIGENCE/HUNTING

• Akamai
  Ransomware on the Move: Evolving Exploitation Techniques and the Active Pursuit of Zero-Days
  
  
• Anton Chuvakin
  Google Cybersecurity Action Team Threat Horizons Report #7 Is Out!
  
  
• Michael Katchinskiy and Assaf Morag at Aqua
  Kubernetes Exposed: One Yaml away from Disaster
  
  
• Assetnote
  Finding and Exploiting Citrix NetScaler Buffer Overflow (CVE-2023-3519) (Part 3)
  
  
• Jeremy Fuchs at Avanan
  Phishing via AWS
  
  
• Avast Threat Labs
  Avast Q2/2023 Threat Report
  
  
• Avertium
  Unraveling Scattered Spider: A Stealthy and Persistent Threat Actor Targeting Telecom Networks
  
  
• BI.Zone
  White Snake spotted in emails: the stealer was disguised as official state requirements
  
  
• Patterson Cake at Black Hills Information Security
  Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3)
  
  
• Brad Duncan at Malware Traffic Analysis
  2023-08-03 – .msix file –> IcedID (Bokbot) –> BackConnect and Keyhole VNC
  
  
• Himaja Motheram at Censys
  MikroTik RouterOS CVE-2023-30799: On the Dangers of Public Admin Interfaces
  
  
• CERT Ukraine
  • Як бути відповідальним та втримати кіберфронт
  • “Змініть пароль до Roundcube”: чергова фішингова атака з використанням атрибутів CERT-UA та символіки ДЦКЗ Держспецзв’язку (CERT-UA#7223)
    
    
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 05 – 11 Agosto 2023
  
  
• Check Point
  • 7th August – Threat Intelligence Report
  • US Hospitals Under Increasing Threat of Ransomware
  • July 2023’s Most Wanted Malware: Remote Access Trojan (RAT) Remcos Climbs to Third Place while Mobile Malware Anubis Returns to Top Spot
  • The Rhysida Ransomware: Activity Analysis and Ties to Vice Society
    
    
• Cisco’s Talos
  • Code leaks are causing an influx of new ransomware actors
  • New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
  • What Cisco Talos knows about the Rhysida ransomware
  • Reflecting on supply chain attacks halfway through 2023
    
    
• Cyborg Security
  Behind Enemy Lines: Unraveling the Mystery of TA505’s FlawedGrace RAT
  
  
• Cyfirma
  Weekly Intelligence Report – 11 Aug 2023
  
  
• EclecticIQ
  Norwegian Cyberattack, Virustotal Data Leak and AI powered BEC
  
  
• Przemyslaw Klys at Evotec
  Report Active Directory Accounts that are Synchronized with Azure AD
  
  
• Yuzuka Akasaka at Flare
  Threat Spotlight: Stealer Logs & Corporate Access
  
  
• Fortinet
  • Key Findings from the 1H 2023 FortiGuard Labs Threat Report
  • Attackers Distribute Malware via Freeze.rs And SYK Crypter
    
    
• Patrick Schläpfer at HP Wolf Security
  Do You Speak Multiple Languages? Malware Does.
  
  
• Arik Atar, Itay Binder, Adam Sell, and Liel Strauch at Human Security
  Anatomy of an Account Takeover Attack: Capra
  
  
• Huntress
  • How Security-Centric Procedures and Training Helped Huntress Catch a $100,000 BEC Scam
  • Identity: The Third Phase of Security Operations
  • Investigating New INC Ransom Group Activity
    
    
• Huseyin Rencber
  MacOS Threat Hunting
  
  
• Intel471
  Open Source Release of Intel 471 Intelligence Requirements Framework
  
  
• Shusei Tomonaga at JPCERT/CC
  YAMA-Yet Another Memory Analyzer for malware detection
  
  
• Dhanalakshmi at K7 Labs
  Alert: Banking Users in Dire Straits
  
  
• Kevin Beaumont at DoublePulsar
  UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability
  
  
• Lab539
  Inside Akira Ransomware Negotiations
  
  
• Malwarebytes Labs
  Ransomware review: August 2023
  
  
• Ray Canzanese at Netskope
  Netskope Threat Labs Stats for July 2023
  
  
• Nik Alleyne at ‘Security Nik’
  Understanding and Decrypting TLS based communication – HTTP over TLS (HTTPS)
  
  
• Oleg Skulkin and Andrey Chizhov at BI Zone
  White Snake is weaponized against Russian companies
  
  
• Nir Chako at Pentera
  The LOL Isn’t So Funny When It Bites You in the BAS
  
  
• Jessica Ellis at PhishLabs
  Phishing Sites Impersonating Social Media Jump in Q2
  
  
• Phylum
  Sophisticated, Highly-Targeted Attacks Continue to Plague npm
  
  
• Recorded Future
  RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
  
  
• Kyle Schwaeble and James Tytler at S-RM Insights
  Cyber Intelligence Briefing: 11 August 2023
  
  
• SANS Internet Storm Center
  • Update: Researchers scanning the Internet, (Mon, Aug 7th)
  • Some things never change ? such as SQL Authentication ?encryption?, (Thu, Aug 10th)
  • Show me All Your Windows!, (Fri, Aug 11th)
  • DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary], (Sat, Aug 12th)
    
    
• Securelist
  • Focus on DroxiDat/SystemBC
  • Common TTPs of attacks against industrial organizations
    
    
• SentinelOne
  • Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
  • LOLKEK Unmasked | An In-Depth Analysis of New Samples and Evolving Tactics
    
    
• Sophos
  • Enough attribution to count
  • The State of Ransomware in Healthcare 2023
  • Attacker combines phone, email lures into believable, complex attack chain
    
    
• Garrett Foster at SpecterOps
  Site Takeover via SCCM’s AdminService API
  
  
• Sucuri
  • SiteCheck Remote Website Scanner — Mid-Year 2023 Report
  • From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
    
    
• Enes Adışen at System Weakness
  SOC165 EventID115 — Possible SQL Injection Payload Detected — letsdefend.io
  
  
• Team Cymru
  Visualizing Qakbot Infrastructure Part II: Uncharted Territory
  
  
• ThreatHunterz
  Threat Hunt Mission Plan for Citrix NetScaler CVE-2023-3519
  
  
• Trellix
  • The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power
  • Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT
    
    
• Trend Micro
  • TargetCompany Ransomware Abuses FUD Obfuscator Packers
  • An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector
  • Cybersecurity Threat 1H 2023 Brief with Generative AI
    
    
• Trustwave SpiderLabs
  • WormGPT and FraudGPT – The Rise of Malicious LLMs
  • New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3
    
    
• Vectra AI
  Cloud Threat Detection Capabilities with The DeRF: Bridging the Gap in Current Tools by Kat Traxler
  
  
• Joel Belton at War Room
  Rhysida Ransomware Attack on PMH and Connections to Vice Society Ransomware
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2023-08-14
  
  
• Kroll
  Q2 2023 Cyber Threat Landscape Virtual Briefing
  
  
• Magnet Forensics
  Internal Data Exfiltration – Getting to the bottom of IP Theft
  
  
• PhishLabs
  2023 Domain Impersonation Report – Key Findings
  
  
• SANS
  • Your Cloud Security Journey: Key Trends, Capabilities, & Skills | Host: Frank Kim | August 15, 2023
  • SANS Threat Analysis Rundown (STAR) with Katie Nickels | August 2023
    

PRESENTATIONS/PODCASTS

• Archan Choudhury at BlackPerl
  Cloud Security – AWS EC2 Incident Response – Basic to Advanced Level
  
  
• Black Hills Information Security
  The Active Defender with Dr. Cathy Ullman
  
  
• Breaking Badness
  Voices from Infosec with Tracy Maleeff
  
  
• Digital Forensic Survival Podcast
  DFSP # 390 – SSH Triage
  
  
• Digital Forensics Future (DFF)
  S4:E4 The Dom and Jerry Show, Part II
  
  
• Doug Burks at Security Onion
  Security Onion 2.4 is almost here!
  
  
• Horangi Cyber Security
  Cyber Threats & Evolution (Ask A CISO SE03EP20)
  
  
• Huntress
  • Cyber Hygiene Basics
  • Hacker Trends in Social Engineering
    
    
• InfoSec_Bret
  SA – SOC166-116 – Javascript Code Detected in Requested URL
  
  
• John Hammond
  How to Hack ArgoCD to Cluster Administrator
  
  
• LaurieWired
  Dynamically Analyzing Linux Black Basta Ransomware
  
  
• Magnet Forensics
  • Ep. 7 // Figuring Out File Explorers – Part 1
  • Leveraging AXIOM Cyber to Accelerate Corporate Investigations
  • Establishing Connections: Illuminating Remote Access Artifacts in Windows
  • Magnet2Go: Building a ‘Windows to Go’ Drive to Support Live and Offline Collections
    
    
• MSAB
  How to use the Timeline Filter in XAMN Pro?
  
  
• SANS Cyber Defense
  Hunting for Suspicious HTTPS and TLS Connections
  

MALWARE

• 0x70RVS
  DarkSide
  
  
• Adam Chester at XPN
  PNG Steganography from First Principles
  
  
• Amr Ashraf
  Mac OS Malware Analysis
  
  
• ASEC
  • Malware Disguised as Normal Installation File of a Korean Development Company – EDR Detection
  • Distribution of Malware Disguised as Coin and Investment-related Content
  • GuLoader Malware Disguised as Tax Invoices and Shipping Statements (Detected by MDS Products)
  • V3 Detects and Blocks Magniber Ransomware Injection (Direct Syscall Detection)
  • Changes Detected in CHM Malware Distribution
    
    
• Fernando Martinez Sidera and Ofer Caspi at AT&T Cybersecurity
  Mac systems turned into proxy exit nodes by AdLoad
  
  
• CISA
  MAR-10454006.r4.v2 SEASPY and WHIRLPOOL Backdoors
  
  
• Doug Metz at Baker Street Forensics
  Capturing malware evidence with detonaRE
  
  
• Hex Rays
  • The Plugin Submission Initiative
  • Building IDA Python on Windows
  • Igor’s Tip of the Week #152: Force-creating functions
    
    
• Igal lytzki at Toxin Labs
  DarkGate – Threat Breakdown Journey
  
  
• Ryan Robinson and Nicole Fishbein at Intezer
  Malware Reverse Engineering – Unraveling the Secrets of Encryption in Malware
  
  
• Priyadharshini Balaji at Security Investigation
  ProcDOT- A Revolutionary Visual Malware Analysis Tool
  
  
• Ayush Anand at Securityinbits
  AsyncRAT config decryption using CyberChef – Recipe 2
  
  
• Devon Griffith at System Weakness
  • Writing a RAT: Remote Access Trojan
  • Polymorphic Process Injection: Malware Forensics Tutorial
    
    
• VMRay
  Understanding BumbleBee: The delivery of Bumblee
  
  
• ZScaler
  • Statc Stealer: Decoding the Elusive Malware Threat
  • JanelaRAT: Repurposed BX Rat Variant Targeting LATAM FinTech
    

MISCELLANEOUS

• Cado Security
  Supercharging Investigations With Cado’s New Timeline 
  
  
• Cellebrite
  Effortless Text and Chat Data Collection: Leveraging Endpoint Inspector and Physical Analyzer
  
  
• Christopher Elce
  How I Supercharge Learning Cybersecurity with Cisco Packet Tracer
  
  
• Devon at AboutDFIR
  • Diving In – An Incident Responder’s Journey – An Excerpt
  • Day 2 – Excerpt from “Diving In” Book by Devon Ackerman
    
    
• Craig Wilson at Digital Detective
  • Celebrating 21 Years of NetAnalysis®
  • Anniversary Sale: 40% Off Digital Forensic Tools
    
    
• Forensic Focus
  • Techno Security And Digital Forensics Conference West
  • Rachael Medhurst, Senior Lecturer In Digital Forensics, University Of South Wales
  • UK Urged To Combat Tech-Facilitated Domestic Abuse
  • Digital Evidence Investigator PRO (DEI PRO) From ADF Solutions
  • Digital Forensics Round-Up, August 10 2023
  • Exclusive Webinar: Detego Global And Teel Technologies Showcase The Capabilities Of Analyse AI+
    
    
• Jeffrey Appel
  Onboard and configure Defender for Endpoint for non-persistent VDI environments
  
  
• Keith McCammon
  Google DFIQ: Open source building blocks for IR playbooks
  
  
• Kevin Pagano at Stark 4N6
  SANS DFIR Summit 2023 Recap
  
  
• Koos Goossens
  Ingest your logs into Azure Data Explorer with Logstash
  
  
• Morten Knudsen
  Collecting DNS events using Azure Monitor Agent
  
  
• Salvation DATA
  10 Useful Digital Forensics Software in 2023
  
  
• SANS DFIR
  Case Leads – August 2023
  
  
• Teri Radichel
  Suricata on pfSense
  

SOFTWARE UPDATES

• Jessica Hyde at Hexordia
  iO+S Tool Release
  
  
• Atola
  Atola TaskForce 2023.4.2 stability update
  
  
• Doug Burks at Security Onion
  Security Onion 2.4 Release Candidate 2 (RC2) Now Available!
  
  
• Drew Alleman
  DataSurgeon 1.2.4
  
  
• Eric Zimmerman
  ChangeLog
  
  
• ExifTool
  ExifTool 12.65
  
  
• Federico Lagrasta
  PersistenceSniper v1.12.1
  
  
• IntelOwl
  v5.1.0
  
  
• Malwoverview
  Malwoverview 5.4.1
  
  
• Manabu Niseki
  Mihari v5.4.1
  
  
• Andy Robbins at SpecterOps
  BloodHound Community Edition: A New Era
  
  
• Xways
  X-Ways Forensics 20.9 SR-2
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!