As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Abhiram Kumar
  Deep Dive Into Windows Diagnostic Data & Telemetry (EventTranscript.db) – PART 2
  
  
• Ahmed Kamal Elmagraby
  Windows Registry Analysis Cheat Sheet
  
  
• David Spreadborough at Amped
  CCTV Acquisition Series Summary
  
  
• Andrew Skatoff at Andrew Skatoff at ‘DFIR TNT’
  RMM – Action1: Client Side Evidence
  
  
• Cado Security
  • Why is CIRA all the Hype for Cloud Incident Response?
  • Analyzing AWS Nitro Instances with Cado
    
    
• Bret at Cyber Gladius
  LetsDefend’s DFIR Challenge: Remote Code Execution
  
  
• Joseph Moronwi at Digital Investigator
  Linux DFIR Analysis: Attacker Kali Linux Case By Dr. Ali Hadi
  
  
• Felix Guyard at ForensicXlab
  📘 Volatility3 : Remote analysis on cloud object-storage.
  
  
• Forensafe
  Investigating Android Skype
  
  
• Francisco Dominguez at DiabloHorn
  Lateral movement: A conceptual overview
  
  
• Lorena Carthy-Wilmot
  TOOL: Hexordia IO+S Toolkit v1.0.0
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • Writing better Yara rules in 2023…
  • Lolbins for connoisseurs…
    
    
• Alex Teixeira
  How to make the best out of Splunk & your Threat Intel Platform
  
  
• Andrew Malec
  Mounting UFS VMDK from NetScaler/Citrix ADC
  
  
• Kushalveer Singh Bachchas at AT&T Cybersecurity
  Volatility Workbench: Empowering memory forensics investigations
  
  
• Avertium
  Understanding Ransomware-as-a-Service (RaaS) – A Guide
  
  
• Jonny Johnson at Binary Defense
  Demystifying DLL Hijacking Understanding the Intricate World of Dynamic Link Library Attacks
  
  
• Bitdefender
  • CTI and Its Frameworks: Unpacking the Diamond Model
  • Bitdefender Threat Debrief | August 2023
    
    
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 19 – 25 Agosto 2023
  
  
• Check Point Research
  • 21st August – Threat Intelligence Report
  • 2023 Mid-Year Cyber Security Report: Report Reveals 48 Ransomware Groups Have Breached Over 2,200 Victims
  • Tunnel Warfare: Exposing DNS Tunneling Campaigns using Generative Models – CoinLoader Case Study
    
    
• Chintan Shah at Trellix
  The Tale of Two Exploits – Breaking Down CVE-2023-36884 and the Infection Chain
  
  
• Cisco’s Talos
  • Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
  • Lazarus Group’s infrastructure reuse leads to discovery of new malware
    
    
• Cluster25
  The Fraud Gala: Exploring a Recent BEC Campaign
  
  
• Nicolas Zilio, Ken Balint, and Marco Ortisi at CrowdStrike
  Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874
  
  
• Cyber Threat Intelligence Training Center
  So You Want To Set-up an ISAC
  
  
• Elli Shlomo at Cyberdom
  Detecting Ransomware with Defender for Cloud Apps
  
  
• Cybereason
  THREAT ANALYSIS: Assemble LockBit 3.0
  
  
• Cyfirma
  Weekly Intelligence Report – 25 Aug 2023
  
  
• DomainTools
  • Discord Malware and TOWINAP ("The Only Way Is Nuke and Pave")
  • Hunting Subdomains at DEF CON 31
    
    
• Aleksander W. Jarosz at EclecticIQ
  Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat
  
  
• Drew Schmitt and Jason Baker at GuidePoint Security
  The Value of Engaging a Threat Actor: Leveraging Strategic Communications for Ransomware Response
  
  
• HP Wolf Security
  HP Wolf Security Threat Insights Report Q2 2023
  
  
• Kaido Järvemets
  Identity Incident Response: Building a Proactive Defense with MDI
  
  
• Kostas
  Threat Hunting Metrics: The Good, The Bad and The Ugly
  
  
• Anish Bogati at Logpoint
  Defending Against 8base: Uncovering Their Arsenal and Crafting Responses
  
  
• Jérôme Segura at Malwarebytes Labs
  DarkGate reloaded via malvertising and SEO poisoning campaigns
  
  
• Scott Coull and Jayce Nichols at Mandiant
  AI and the Five Phases of the Threat Intelligence Lifecycle
  
  
• May Alsaif
  Threat Hunt with File Metadata
  
  
• MISP
  MISP to Microsoft Sentinel integration with Upload Indicators API
  
  
• Rakesh Krishnan at Netenrich
  Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants
  
  
• Rapid7
  Ransomware-as-a-Service cheat sheet
  
  
• Red Alert
  Monthly Threat Actor Group Intelligence Report, June 2023 (ENG)
  
  
• Red Canary
  • From reaction to resilience: Our reimagined Incident Response & Readiness Guide
  • Intelligence Insights: August 2023
    
    
• ReliaQuest
  The 3 Malware Loaders Behind 80% of Incidents
  
  
• Resecurity
  Cl0p Ups the Ante with Massive MOVEit Transfer Supply-Chain Exploit
  
  
• Rezonate
  Frosty Trails: Threat-Hunting for Identity Threats in Snowflake
  
  
• Miles Arkwright and James Tytler at S-RM Insights
  Cyber Intelligence Briefing: 25 August 2023
  
  
• Safebreach
  Akira Ransomware, 8Base Ransomware, and more: Hacker’s Playbook Threat Coverage Round-up: August 22, 2023
  
  
• SANS Internet Storm Center
  • Quick Malware Triage With Inotify Tools, (Mon, Aug 21st)
  • SystemBC Malware Activity , (Sun, Aug 20th)
  • Have You Ever Heard of the Fernet Encryption Algorithm?, (Tue, Aug 22nd)
  • More Exotic Excel Files Dropping AgentTesla, (Wed, Aug 23rd)
  • Python Malware Using Postgresql for C2 Communications, (Fri, Aug 25th)
  • macOS: Who?s Behind This Network Connection?, (Sat, Aug 26th)
    
    
• Camila Sablotny at Security Intelligence
  Remote access detection in 2023: Unmasking invisible fraud
  
  
• SentinelOne
  • XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
  • Cyber Attacks on Financial Institutions | Why Banks Are Caught in the Crosshairs
  • From Conti to Akira | Decoding the Latest Linux & ESXi Ransomware Families
  • Unweaving A Complex Web of Threats | Understanding Today’s Cyber Attacker Interdependency
    
    
• Seth Hanford
  Writing My First Sigma Rule: Container Residence Discovery
  
  
• SOCRadar
  Raccoon Stealer Resurfaces with New Enhancements
  
  
• Sophos
  • Ransomware actors log on when you log off. Here’s how to stop them.
  • Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
    
    
• Splunk
  • Detecting Lateral Movement Using Splunk User Behavior Analytics
  • Key Threat Hunting Deliverables with PEAK
    
    
• Symantec Enterprise
  Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong
  
  
• System Weakness
  • SOC104 EventID:84 — Malware Detected — letsdefend.io
  • Analyzing and visualizing cyberattacks using Attack Flow
  • SOC142 — Multiple HTTP 500 Response
  • Incident Response Tool — Chainsaw
  • SOC168 EventID:118 — Whoami Command Detected in Request Body — letsdefend.io
  • SOC141 EventID:86 — Phishing URL Detected — letsdefend.io
    
    
• The Sleuth Sheet
  OSINT: Annoying Spam Message Investigation
  
  
• Trend Micro
  6 Ransomware Trends & Evolutions to Watch For
  
  
• Uptycs
  • Q2 2023: Cyber Security Threat Report – Uptycs
  • Uptycs Exposes Alarming Rise in Infostealer Dangers
    

UPCOMING EVENTS

• Peter Sosic at Amped
  Join Us at the Upcoming Digital Forensics Events in 2023
  
  
• Belkasoft
  iOS Forensics with Belkasoft
  
  
• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2023-08-28
  
  
• Magnet Forensics
  • We’re currently accepting submissions for presentations at Magnet Virtual Summit & Magnet User Summit 2024.
  • Ep. 8 // Figuring Out File Explorers – Part 2
    
    
• Mandiant
  AI & Cybersecurity: Leveraging AI to Create Outcome-oriented Security Teams
  
  
• MOBILedit
  Upcoming Free Webinars
  
  
• Monica Harris at Cellebrite
  Inside SANS Holiday Hack Challenge 2023 | Host: Ed Skoudis | August 29, 2023
  
  
• SANS
  Inside SANS Holiday Hack Challenge 2023 | Host: Ed Skoudis | August 29, 2023
  

PRESENTATIONS/PODCASTS

• Alexis Brignoni
  • MFE 0 – iLEAPP – Installed Apps – Application State & Grouplistings
  • Digital Forensics Now Podcast – Episode 0
    
    
• Black Hills Information Security
  Talkin’ About Infosec News – 8/14/2023
  
  
• BlueMonkey 4n6
  Loadable Kernel Modules – basic introduction and tutorial of module commands.
  
  
• Brakeing Down Security Podcast
  Megan Roddie – co-author of "Practical Threat Detecion Engineering"
  
  
• Breaking Badness
  164. In Da NightClub Malware
  
  
• Cellebrite
  Pathfinder  Investigative Workflows I Dashboard
  
  
• Chris Sienko at the Cyber Work podcast
  ICS security, Blue Team Con and security work in the Air Force Reserve | Guest Lesley Carhart
  
  
• cloudyforensics
  ECS Forensics and Incident Response
  
  
• Digital Forensic Survival Podcast
  DFSP # 392 – Simulation Training
  
  
• Gerald Auger at Simply Cyber
  • How Do You Simulate Live Fire Cyber Attacks? (CEO Debbie Gordon Speaks!)
  • How You Can Find Your Data Leaks Before Adversaries Do! (Foretrace with Nick Ascoli)
    
    
• Huntress
  • What is the Threat Hunting Process?
  • Formulating an Intelligence-Driven Threat Hunting Methodology
    
    
• InfoSec_Bret
  SA – SOC147-94 – SSH Scan Activity
  
  
• John Hammond
  How Does Malware Know It’s Being Monitored?
  
  
• Justin Tolman at AccessData
  • Exporting Web Browser URL Data From FTK
  • Forensic Automation with FTK Connect
    
    
• Magnet Forensics
  Internal Data Exfiltration – Getting to the bottom of IP Theft
  
  
• MSAB
  How to Use the Import Function in XAMN Pro?
  
  
• Paraben Corporation
  Cloud Acquisition of Microsoft Teams Business
  
  
• RickCenOT
  PWN’ing a home router over UART and finding hardcoded credentials
  
  
• SANS
  • A Visual Summary of SANS Security Awareness: Managing Human Risk Summit 2023
  • Hands-On Workshop: Docker Crash Course How to Containerize Your Favorite Security Tools
  • Cloud Threat Detection Logs That Matter Most
    

MALWARE

• Andrew Malec
  Identifying UPX packed ELF, decompressing, fixing, and analysing Linux malware
  
  
• Any.Run
  XWorm: Technical Analysis of a New Malware Version 
  
  
• ASEC
  • Analysis of APT Attack Cases Targeting Web Services of Korean Corporations
  • Analysis of MS-SQL Server Proxyjacking Cases
    
    
• Omar Santos at Cisco
  Akira Ransomware Targeting VPNs without Multi-Factor Authentication
  
  
• Dany at Digitella
  Examining a Malicious File with Oledump.py and Olevba.py
  
  
• Doug Burks at Security Onion
  Quick Malware Analysis: 2023-07-11 Loader-based Formbook Infection
  
  
• Hex Rays
  • Plugin focus: Generating signatures for Nim and other non-C programming languages
  • Igor’s Tip of the Week #154: Synchronized views
    
    
• Nick Chalard at InQuest
  Adversary On The Defense: ANTIBOT.PW
  
  
• Gaurav Yadav at K7 Labs
  Crypto Stealing : Clip Bankers on the go
  
  
• Muhammad Hasan Ali at muha2xmad
  Technical analysis of WarZoneRAT malware
  
  
• Siddharth Sharma at Palo Alto Networks
  Why LaZagne Makes D-Bus API Vigilance Crucial
  
  
• PhishLabs
  Original Research from Fortra Reveals Pervasiveness, Types of Look-Alike Domains Targeting Brands
  
  
• Phylum
  • Rust Malware Staged on Crates.io
  • NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration
    
    
• Sansec
  Malware Persistence via Telegram and GitHub
  
  
• Eduardo Ovalle and Francesco Figurelli at Securelist
  Lockbit leak, research opportunities on tools leaked from TAs
  
  
• Jindrich Karasek and Jaromir Horejsi at Trend Micro
  Profile Stealers Spread via LLM-themed Facebook Ads
  
  
• Mallikarjun Piddannavar at ZScaler
  Agniane Stealer: Dark Web’s Crypto Threat
  

MISCELLANEOUS

• ADF Solutions
  How to Screenshot Mobile Evidence
  
  
• Belkasoft
  • Belkasoft Industry Survey 2023
  • How to create hashset databases with Belkasoft X
    
    
• Patterson Cake at Black Hills Information Security
  Wrangling the M365 UAL with SOF-ELK on EC2 (Part 2 of 3)
  
  
• Ariel Watson at Cellebrite
  Cellebrite Supercharges Corporate Investigative Capabilities with New SaaS Offering
  
  
• Delivr.to
  Tuning 365 Defender’s Anti-Malware Controls
  
  
• Oleg Afonin at Elcomsoft
  What to Do When Password Recovery Attacks Stall
  
  
• Forensic Focus
  • Binalyze Customer Q&A – Bryan Barnhart, Infiltration Labs
  • How To Scan A Mobile Device With Mobile Device Investigator
  • Oxygen Corporate Explorer Introduces Remote Device Collector
  • Digital Forensics Round-Up, August 24 2023
    
    
• Kaido Järvemets
  Visualizing Mindmaps with Markmap in Visual Studio Code
  
  
• Magnet Forensics
  Griffeye Joins Magnet Forensics
  
  
• Dan Wire, Neil Karan, Jennifer S. Burnside, Jill C. Tyson, Matthew Ford, Marmara El Masri, and Howard Israel at Mandiant
  SEC Cybersecurity Disclosure Regulations: 7 Essential Steps to Prepare Your Whole Organization for a Cyber Incident
  
  
• Maxim Suhanov
  CVE-2023-4273: a vulnerability in the Linux exFAT driver
  
  
• Timur Engin at Microsoft’s ‘Security, Compliance, and Identity’ Blog
  Configure Just-in-Time Access to M365 Defender
  
  
• MISP
  MISP now supports Signal Metadata Format Specification SigMF
  
  
• MSAB
  MSAB offers computer forensics through Detego, find product sheet here
  
  
• Konstantinos Pantazis at NVISO Labs
  A Beginner’s Guide to Adversary Emulation with Caldera
  
  
• Jason Downey at Red Siege Information Security
  Housecat to Hashcat
  
  
• Salvation DATA
  The Power of Cyber Forensics in Solving Crimes
  

SOFTWARE UPDATES

• Autopsy
  Autopsy 4.21.0
  
  
• Mandiant
  Capa v6.1.0
  
  
• Datadog Security Labs
  GuardDog v1.3.0
  
  
• Digital Sleuth
  WIN-FOR v8.1.0
  
  
• Doug Burks at Security Onion
  Security Onion 2.4.10 Hotfix 20230821 Now Available!
  
  
• Hasherezade
  tiny_tracer 2.7.1
  
  
• Metaspike
  Forensic Email Intelligence 2.1.11 Release Notes
  
  
• MISP
  MISP 2.4.175 released with various bugs fixed, improvements and security fixes.
  
  
• MSAB
  Now out – XRY 10.6.1 Release: Support for iOS 17 beta, wider device range, and multiple app enhancements
  
  
• OpenCTI
  Version 5.10.0
  
  
• Ulf Frisk
  MemProcFS Version 5.8
  
  
• Xways
  X-Ways Forensics 20.9 SR-3
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!