As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Emi Polito at Amped
  Integrate Multiple Frames to Improve Visibility
  
  
• Andrew Skatoff at ‘DFIR TNT’
  RMM – Level.io: Forensic Artifacts and Evidence
  
  
• Belkasoft
  iOS WhatsApp Forensics with Belkasoft X
  
  
• Patterson Cake at Black Hills Information Security
  Wrangling the M365 UAL with SOF-ELK and CSV Data (Part 3 of 3)
  
  
• Brian Maloney
  What’s New in OneDriveExplorer
  
  
• DCSO CyTec
  Microsoft Edge Forensics: Screenshot History
  
  
• Forensafe
  Investigating Android Contacts
  
  
• Manuel Guerra at GLIDER.es
  Vishing: Asterisk bajo la lupa forense. Parte 1
  
  
• Marcelle
  TryHackMe Walkthrough: Snapped Phish-ing Line
  
  
• Salvation DATA
  A Complete Guide for Database Analysis : 5 Steps
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  Lolbins for connoisseurs… Part 2
  
  
• Connor Faulkner & Stijn Tilborghs at Akamai
  DGA Families with Dynamic Seeds: Unexpected Behavior in DNS Traffic
  
  
• Anton Chuvakin
  Detection Engineering is Painful — and It Shouldn’t Be (Part 1)
  
  
• Avertium
  New Ransomware Strains – CryptNet, Mallox, and Xollam
  
  
• BI Zone
  BI.ZONE: threat actors use leaked source code to attack Russian companies
  
  
• Jake Ouellette at Blumira
  Notable Increase in Password Spraying Activity Against Cisco ASA SSL VPNs
  
  
• CERT Ukraine
  Кібератака APT28: msedge як завантажувач, TOR та сервіси mockbin.org/website.hook як центр управління (CERT-UA#7469)
  
  
• CERT-AGID
  • Campagna ScreenConnect per il controllo remoto
  • Sintesi riepilogativa delle campagne malevole nella settimana 02 – 08 Settembre 2023
    
    
• Check Point
  • Addressing the Rising Threat of Web DDoS Tsunami Attacks in 2023
  • Phishing via Google Looker Studio
    
    
• CISA
  Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
  
  
• Cisco
  Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
  
  
• Chetan Raghuprasad at Cisco’s Talos
  Cybercriminals target graphic designers with GPU miners
  
  
• Keith J. Jones at Corelight
  Detecting Gozi Banking Malware
  
  
• Cyber Threat Intelligence Training Center
  • Charting a New Course for Military Cyber Threat Intelligence through Structured Standards and Protocols
  • Potential New EvilNum Campaign
    
    
• Cyborg Security
  Threat Intelligence: The Pulsing Heart of Behavioral Threat Hunting
  
  
• Cyfirma
  Weekly Intelligence Report – 08 Sep 2023
  
  
• Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado at Trellix
  QakBot’s Endgame: The Final Move Before the Takedown
  
  
• Tim Helming at DomainTools
  Introducing the DomainTools “Recipe Book” Project
  
  
• Elliptic
  Why a comprehensive investigative strategy is crucial to avoid sanctions exposure
  
  
• Gi7w0rm
  Uncovering DDGroup — A long-time threat actor
  
  
• Clement Lecigne and Maddie Stone at Google Threat Analysis Group
  Active North Korean campaign targeting security researchers
  
  
• Anton Ushakov at Group-IB
  W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365 – report
  
  
• Huaibo Zhao at Splunk
  Deep learning in security: text-based phishing email detection with BERT model
  
  
• Harlan Carvey at Huntress
  Evolution of USB-Borne Malware, Raspberry Robin
  
  
• Intel471
  More Alleged TrickBot and Conti Gang Members Sanctioned, Charged
  
  
• Jacob Baines at VulnCheck
  Exposing RocketMQ CVE-2023-33246 Payloads
  
  
• KELA Cyber Threat Intelligence
  GDPR Gambit: The new favorite of Ransomware and Extortion Actors?
  
  
• Anish Bogati, Sergio Lozano Álvarez, and Edy Almer at Logpoint
  Webinar: Defending Against 8base
  
  
• Pieter Arntz at Malwarebytes Labs
  A history of ransomware: How did it get this far?
  
  
• Zaid Imam at Radware
  Unmasking the Bot Threat: Exploring Bad Bot Analyzer Tool, Part 2
  
  
• Caroline Fenstermacher at ReliaQuest
  5 macOS Infostealers Making Waves Right Now
  
  
• Kyle Schwaeble and James Tytler at S-RM Insights
  Cyber Intelligence Briefing: 8 September 2023
  
  
• Sandfly Security
  Defending Security Infrastructure Against Wild Weasels
  
  
• Megan Roddie at SANS
  Evolution of Cloud Tactics, Techniques, and Procedures
  
  
• SANS Internet Storm Center
  • Analysis of a Defective Phishing PDF, (Sun, Sep 3rd)
  • Creating a YARA Rule to Detect Obfuscated Strings, (Mon, Sep 4th)
  • 
Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store, (Thu, Sep 7th)
    
    
• Luis Fueris at Security Art Work
  Raspberry Robin: caso real de análisis forense
  
  
• Claire Zaboeva  Melissa Frydrych, and Golo Mühr at Security Intelligence
  New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware
  
  
• Security Joes
  New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services
  
  
• Securonix
  Securonix Threat Labs Monthly Intelligence Insights – August 2023
  
  
• Sekoia
  My Tea’s not cold. An overview of China’s cyber threat
  
  
• Simone Kraus
  Critical Energy Infrastructure Facility Attack In Ukraine
  
  
• Truesec
  • DarkGate Loader Malware Delivered via Microsoft Teams
  • Using Kill Chain Analysis in Ransomware Attacks
    
    
• Pritam Salunkhe at Uptycs
  Advanced Detection of Lateral Movement in Modern Networks: Uptycs XDR
  
  
• Scott Shafer at Varonis
  The Benefits of Threat and Data Breach Reports
  
  
• Amitai Cohen at Wiz
  Storm-0558 [Update]: Takeaways from Microsoft’s recent report
  
  
• Monique Becenti at Zimperium
  2023 Global Mobile Threat Report: Key Insights on the State of Mobile Security
  

UPCOMING EVENTS

• ADF Solutions
  2024 Best UK Law Enforcement Conferences
  
  
• DFRWS
  • DFRWS APAC Welcomes 3 Keynote Speakers to Its 2023 Conference
  • 6 Workshops Announced for DFRWS-APAC 2023
    
    
• Dragos
  • Get Ready for Dragos Industrial Security Conference (DISC) 2023
  • Bridging the IT and OT Gap for Effective Incident Response
    
    
• Magnet Forensics
  Using AWS Config to Compliment IR Investigations
  
  
• Nick Harbour at Mandiant
  Celebrating a Decade of Reverse Engineering Fun — Announcing the 10th Annual Flare-On Challenge
  

PRESENTATIONS/PODCASTS

• Alexis Brignoni
  Digital Foreniscs Now Podcast – Episode 1
  
  
• Anuj Soni
  Analyzing the FBI’s Qakbot Takedown Code
  
  
• Black Hat
  Behind the Scenes: How Criminal Enterprises Pre-infect Millions of Mobile Devices
  
  
• Cellebrite
  Pathfinder Tutorials I Investigative Workflows I Global Search
  
  
• Cyacomb
  Mobile Device Triage in Cyacomb Examiner Plus
  
  
• Digital Forensic Survival Podcast
  DFSP # 394 – Functional Documentation
  
  
• Huntress
  • Episode 3: Trust the Process
  • ThreatOps Stories: Rogue ScreenConnect
    
    
• InfoSec_Bret
  DFIR Challenge – WinRAR 0-Day
  
  
• John Hammond
  Learn Active Directory Kerberoasting
  
  
• Magnet Forensics
  Internal Investigations – Get the Evidence You Need to Safeguard Your Business
  
  
• MSAB
  • How to use the Report Builder in XAMN Pro?
  • How to Create Selective Extractions in XRY?
    
    
• OALabs
  Reverse Engineering With Unicorn Emulation
  
  
• Paraben Corporation
  Parabens E3 Forensic Platform Demonstration
  
  
• Richard Davis at 13Cubed
  Investigating Windows Memory Is Here!
  
  
• RickCenOT
  Breakdown "PWN’ing a home router over UART and finding hardcoded credentials"
  
  
• SANS Cloud Security
  Cloud Threat Detection: Work the Network
  
  
• Sofia Marin
  Red Team and Incident Response Series Part 1: Token Manipulation and Spear Phishing  |TokenTacticsV2
  

MALWARE

• Adam at Hexacorn
  The secret of 961c151d2e87f2686a955a9be24d316f1362bf21
  
  
• ASEC
  • Tracking Fileless Malware Distributed Through Spam Mails
  • RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release
  • Phishing Script File Breaching User Information via Telegram Being Distributed
    
    
• Yehuda Gelb at Checkmarx Security
  A Deep Dive into 70 Layers of Obfuscated Info-Stealer Malware
  
  
• CISA
  • MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors
  • MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
    
    
• Dr Josh Stroschein
  Analyzing Stack-Based Structures in IDA Pro – Part 2
  
  
• Esentire
  • The Case of LummaC2 v4.0
  • Fake Browser Updates Distribute LummaC Stealer, Amadey and PrivateLoader Malware
    
    
• Igor Skochinsky at Hex Rays
  Igor’s Tip of the Week #156: Command-line options for firmware loading
  
  
• Sudeep at K7 Labs
  RomCom RAT: Not Your Typical Love Story
  
  
• muha2xmad
  A deep dive into DCRAT/DarkCrystalRAT malware
  
  
• OALABS Research
  Go Stack Strings
  
  
• Phylum
  Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers
  
  
• Igor Golovin at Securelist
  Evil Telegram doppelganger attacks Chinese users
  
  
• Fernando Ortega at Zimperium
  Over 3,000 Android Malware Samples Using Multiple Techniques to Bypass Detection
  
  
• Nikolaos Pantazopoulos at ZScaler
  Technical Analysis of HijackLoader
  
  
• ACELab
  Contest for the Greatest Data Recovery Case
  

MISCELLANEOUS

• ADF Solutions
  How to Review Mobile Forensics Evidence
  
  
• Alex Teixeira
  My Top 5 Splunk dashboarding tips nobody talks about, but you will!
  
  
• Fabian Mendoza at AboutDFIR
  AboutDFIR Site Content Update – 09/08/2023
  
  
• Craig Ball at ‘Ball in your Court’
  Being the Better Expert Witness
  
  
• Brendan Mccreesh
  My GIAC Certified Forensic Analyst Certification [GCFA]
  
  
• Forensic Focus
  • How To Conduct Mobile Setup With Mobile Device Investigator
  • New Feature Update – MD-LIVE ‘Chat Scanner’
  • Melissa Kimbrell, Trainer And Technical Support Specialist, Amped Software
  • Podcast #61 Recap: Digital Image Authenticity And Integrity With Amped Authenticate
  • Timothy Wedge, Associate Professor In Cyber-Forensics, Defiance College
  • Digital Forensics Round-Up, September 07 2023
  • GMDSOFT Updates: New Features Of MD-RED, MD-LIVE, MD-VIDEO AI, And MD-DRONE
    
    
• Matt Lehman at GreyNoise
  Fast-Tracking Innovation: GreyNoise Labs Experimental CLI
  
  
• Magnet Forensics
  • 2023 Magnet Forensics Scholarship Program: Apply Today!
  • GrayKey Supports iOS 16.6
    
    
• Ed Cabrera at Trend Micro
  TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms
  

SOFTWARE UPDATES

• Alexander Tasse
  EnrichIP v2.0
  
  
• Arsenal Recon
  Arsenal Image Mounter Changelog v3.10.262
  
  
• Berla
  iVe Software v4.4 Release
  
  
• Brian Maloney
  OneDriveExplorer v2023.09.07
  
  
• Crowdstrike
  Falconpy Version 1.3.1
  
  
• Didier Stevens
  Update: zipdump.py Version 0.0.28
  
  
• Digital Sleuth
  WIN-FOR v8.2.0
  
  
• dnSpyEx
  v6.4.1
  
  
• Eric Zimmerman
  ChangeLog
  
  
• Foxton Forensics
  Browser History Examiner — Version History – Version 1.20.0
  
  
• Manabu Niseki
  Mihari v5.4.3
  
  
• Xways
  X-Ways Forensics 21.0 Preview 1
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!