As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Abhiram Kumar
Deep Dive Into Windows Diagnostic Data & Telemetry (EventTranscript.db) – PART 1 - David Spreadborough at Amped
Viewing CCTV after Acquisition - Bhargav Rathod at DFRWS
DFRWS 2023 Challenge - Forensafe
Investigating Android Skype - Harlan Carvey at Huntress
Gone Phishing: An Analysis of a Targeted User Attack - Joshua Hickman at ‘The Binary Hick’
Android & AirTags (Part II) - Justin De Luna at ‘The DFIR Spot’
Sysmon – When Visibility is Key - Marcelle Lee
TryHackMe Walkthrough: h4cked - Monica Harris at Cellebrite
- Megan Roddie at SANS
Hope for the Best, Prepare for the Worst: How to prepare for cloud DFIR - Andrew Case at Volatility Labs
Memory Forensics R&D Illustrated: Recovering Raw Sockets on Windows 10+
THREAT INTELLIGENCE/HUNTING
- Yarin Ozery at Akamai
Akamai Develops Real-Time Detections for DNS Exfiltration - Arris Huijgen at Bitsadmin
- Jacob Marabelli at AT&T Cybersecurity
Stories from the SOC – Unveiling the stealthy tactics of Aukill malware - Andrew Costis and Francis Guibernau at AttackIQ
Emulating the Iranian State-Sponsored Adversary APT35 - Binary Defense
The Client/Server Relationship — A Match Made In Heaven - Blackberry
Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America - Lawrence Abrams at BleepingComputer
Microsoft: BlackCat’s Sphynx ransomware embeds Impacket, RemCom - BushidoToken
Tracking Adversaries: Scattered Spider, the BlackCat affiliate - CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 12 – 18 Agosto 2023 - Check Point Research
14th August – Threat Intelligence Report - Elaine Dzuba and Juliette Cash at Cloudflare
Introducing Cloudflare’s 2023 phishing threats report - Cyborg Security
Rhysida Ransomware Revealed - Cyfirma
Weekly Intelligence Report – 18 Aug 2023 - Cyjax
CYJAX White Paper – Cloud Threat Landscape Report: Synopsis - Joe St Sauver at DomainTools
Using Farsight DNSDB Flexible Search to Find Matching Rdata in TXT Records - Aleksander W. Jarosz at EclecticIQ
Black Bersek Malware, Large Language Model Adaption For Offensive Cyber Capabilities - Esentire
StealC Delivered via Deceptive Google Sheets - Flashpoint
- Fortinet
- Fox-IT
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign - GuidePoint Security
GRIT Ransomware Report: July 2023 - Infoblox
Suspicious DGA Domains, Discovered in DNS, Turn up in Malware Campaigns - InQuest
Top Malware Delivery Tactics to Watch Out for in 2023 - Jos Clephas at Nerium
Tracking An Adversary In Real-Time Using Velociraptor – Part II - Katya Kandratovich
Windows Event Logs: Haybusa,Chainsaw - KELA Cyber Threat Intelligence
Telegram Clouds of Logs – the fastest gateway to your network - Kevin Beaumont at DoublePulsar
Starfield themed malware blasts off - Lumen
No rest for the wicked: HiatusRAT takes little time off in a return to action - Mandiant
- Malla Reddy Donapati, Subhash Popuri, and Nutan Vishwakarma at Microsoft Security Response Center
Azure Serial Console Attack and Defense – Part 1 - MITRE-Engenuity
- Nasreddine Bencherchali
LOLBINed — Abusing Sysinternals BgInfo - Jan Michael at Netskope
Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile - Noel Anthony Llimos at Cyberint
Raccoon Stealer Announce Return After Hiatus - Brad Duncan at Palo Alto Networks
Crossing the Line: Unit 42 Wireshark Quiz for RedLine Stealer - Phelix Oluoch at Trellix
Scattered Spider: The Modus Operandi - Sharon Shirit at Radware
A Look Inside the Attacker’s Toolkit: DNS DDoS Attacks - Rapid7
Rapid7’s Mid-Year Threat Review - Recorded Future
- Red Alert
Monthly Threat Actor Group Intelligence Report, June 2023 (KOR) - Katie Nickels at Red Canary
Adversaries compromise email accounts at educational institutions in back-to-school campaign - Kyle Schwaeble and James Tytler at S-RM Insights
Cyber Intelligence Briefing: 18 August 2023 - S2W Lab
- Sandfly Security
Active vs. Dormant Attacks on Linux: Don’t Neglect Either! - SANS Internet Storm Center
- Security Intelligence
- SentinelOne
- SOCRadar
Dark Web Profile: Bjorka - Splunk
Using Splunk Stream for Hunting: Finding Islands in the Stream (of Data) - Sysdig
- System Weakness
- Trend Micro
5 Types of Cyber Crime Groups - Vectra AI
Does Decryption Help You Find Advanced Attacks? by Oliver Tavakoli
UPCOMING EVENTS
- Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2023-08-21 - Cyacomb Forensics
Cyacomb Examiner 2.8 with Mobile Device Triage Webinar - Carlos Canto at Rapid7
Join us for VeloCON 2023: Digging Deeper Together! - SANS
In Hot Pursuit: Tracking Ransomware Actors | Ryan Chapman | Aug 22, 2023
PRESENTATIONS/PODCASTS
- Anuj Soni
How I Debug DLL Malware (Emotet) - Black Hills Information Security
Talkin’ About Infosec News – 8/7/2023 - Breaking Badness
Voices from Infosec – Allan Liska Returns! - Cellebrite
- Chris Sienko at the Cyber Work podcast
Digital forensics careers: Facts versus fiction | Cyber Work Live - Cloudyforensics
- Cyber Secrets
CSI Linux 2023 2 Booting adding ISOs to Grub and Troubleshooting Logins - Cyborg Security
Episode 10 - Digital Forensic Survival Podcast
DFSP # 391 – Investigation Lifecycle - Gerald Auger at Simply Cyber
How Hyperautomating Microsoft is a SOC Analyst GAME CHANGER! 💥 - Huntress
What Even Makes Something Malware? - InfoSec_Bret
SA – SOC165-115 – Possible SQL Injection Payload Detected - Justin Tolman at AccessData
FTK Over The Air (Video Only) – Analyzing Door Bell Camera Footage - Karsten Hahn at Malware Analysis For Hedgehogs
Malware Analysis – Agniane Stealer, Native Stub to .NET Unpacking - LaurieWired
Android Banker Deep Dive (Part 6) - LetsDefend
Upskill yourself as cybersecurity expert – Learner story - Linkcabin
Threat Intelligence Frameworks – Breaking the chains - Magnet Forensics
AXIOM Cyber Signed Agent Deployment with Jamf Pro - Mostafa Yahia
DFIR (Windows Forensics) Course: Analyzing the SAM Hive - MSAB
How to use the Conversation View in XAMN Pro? - SANS
- NICE Workforce for Cyber Security: Recruiting, Developing, and Planning Your Cybersecurity Workforce
- FEATURE SEGMENT: Your Cloud Security Journey: Key Trends, Capabilities, & Skills
- SANS Ransomware Summit 2023
- A Visual Summary of SANS Cloud Security Exchange 2023
- Hands-On Workshop: Building Better Detections – Azure Edition
MALWARE
- ASEC
- Ofer Caspi at AT&T Cybersecurity
ProxyNation: The dark nexus between proxy apps and malware - Ayush Anand
Dive into the RedLine Stealer Infection Chain - CISA
MAR-10459736.r1.v1 WHIRLPOOL Backdoor - Mohamed Adel at d01a
Understanding Syscalls: Direct, Indirect, and Cobalt Strike Implementation - DCSO CyTec
Hostile Code: Dealing with stack strings in IDAPython - Ron Ben Yizhak at Deep Instinct
#NoFilter – Abusing Windows Filtering Platform for Privilege Escalation - Igor Skochinsky at Hex Rays
Igor’s Tip of the Week #153: Copying pseudocode to disassembly - OALABS Research
LimeRAT - Quick Heal
- S2W Lab
Detailed Analysis of Chinese Game Macro Market Targeted Diablo4 - Nathaniel Morales and Joshua Paul Ignacio at Trend Micro
Monti Ransomware Unleashes a New Encryptor for Linux - Uptycs
Mitigating Remote Access Trojan Infection Risk: Telegram/Qwixx RAT - VMRay
Understanding BumbleBee: The malicious behavior of BumbleBee - Zhassulan Zhussupov
Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example.
MISCELLANEOUS
- Adam Goss
How to Build the Ultimate Enterprise-Ready Incident Response Playbook - ADF Solutions
- Jack Zalesskiy at Any.Run
What is an Incident Response Plan: 6 Example Templates and Definition - Belkasoft
Unlocking iOS Devices with Brute-Force - Ben Heater
Upgrading Wazuh Components - Bhargav Rathod at DFRWS
DFRWS-APAC Teams With GovWare on Room Rates, Conference Access - Devon Ackerman at AboutDFIR
- Forensic Focus
- Lawrence Snyder, Associate Professor of Mathematical and Digital Sciences, Bloomsburg University
- Magnet Forensics Partners With Jamf To Simplify Digital Investigations Of Apple Endpoints
- Detego Global Announces Webinar Demonstrating Latest DFIR Capabilities For Faster Case Resolution
- Automated Compromise Assessment With DRONE
- How To Acquire Evidence On A Mobile Device With Mobile Device Investigator
- Detego Global’s Media Acquisition Tool Named Finalist in Prestigious 2023 SC Awards
- Digital Forensics Round-Up, August 17 2023
- Forensic Focus Digest, August 18 2023
- Jeffrey Appel
How to troubleshoot Live Response in Defender for Endpoint - Magnet Forensics
- Automatically Import and Process Mobile Images in Magnet AXIOM from a GrayKey/VeraKey
- Magnet Forensics Partners With Jamf to Simplify Digital Investigations of Apple Endpoints
- How to Remotely Acquire from Mac Endpoints Using AXIOM Cyber’s Signed Agent and Jamf Pro
- GrayKey Supported Mobile Devices
- Four Benefits of Combining Magnet IGNITE and AXIOM Cyber
- Microsoft Security
How the Microsoft Incident Response team helps customers remediate threats - PhishLabs
The Use of Natural Language Processing for Identifying and Mitigating Threats - Teri Radichel
SOFTWARE UPDATES
- Acelab
ACE Lab has successfully added the support of Spreadtrum/Unisoc platform to PC-3000 Mobile PRO! - Crowdstrike
Falconpy Version 1.3.0 - Doug Burks at Security Onion
Security Onion 2.4 Has Reached General Availability (GA)! - Magnet Forensics
- Manabu Niseki
Mihari v5.4.2 - Metaspike
Forensic Email Intelligence v2.1.10.6 - MobilEdit
MOBILedit Forensic 9.2: Breaking Samsung Security, Exploring Dive Computers - Rizin Organization
cutter v2.3.1 - Serviço de Perícias em Informática
IPED Minor Release - SigmaHQ
pySigma v0.10.2 - WithSecure Labs
Chainsaw v2.7.3
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 