As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Adam at Hexacorn
  Analysing NSRL data set for fun and because… curious, Part 3
  
  
• Alexander Tasse
  Blue Team Labs — “Employee of the Year”
  
  
• Emi Polito at Amped
  Correct the Perspective of a License Plate
  
  
• Belkasoft
  iOS System Artifacts: Revealing Hidden Clues
  
  
• Oleg Afonin at Elcomsoft
  iOS Forensic Toolkit: Troubleshooting Low-Level Extraction Agent
  
  
• Forensafe
  Investigating Android Accounts
  
  
• Haircutfish
  • Wireshark: Packet Operations — Task 3 Statistics | Protocol Details, Task 4 Packet Filtering |…
  • TryHackMe Wireshark: Packet Operations — Task 6 Advanced Filtering & Task 7 Conclusion
    
    
• Korstiaan Stam at ‘Invictus Incident Response’
  Automated AWS Incident Response — The next episode
  
  
• Jaspreet Singh at Mailxaminer
  Google Takeout Forensics: The Art of Investigation [Explained]
  
  
• Mattia Epifani at Zena Forensics
  iOS Forensics: tool validation based on a known dataset – Preamble
  
  
• MikeCyberSec
  Supercharged SecOps Series— Forensics Triage with Azure and KQL
  
  
• Oxygen Forensics
  Remote Data Extraction from Mobile Devices
  
  
• Ranjith A
  Remote collection of Windows Forensic Artifacts using KAPE and Microsoft Defender for Endpoint.
  

THREAT INTELLIGENCE/HUNTING

• Phill Moore, Zach Stanford, Suyash Tripathi and Yogesh Khatri at CyberCX
  Weaponising VMs to bypass EDR – Akira ransomware
  
  
• Adam Goss
  Cyber Threat Intelligence with MISP: Part 1 — What is MISP?
  
  
• Allan Liska at ‘Ransomware Sommelier’
  You. Are. The. Criminal. Dumbass.
  
  
• Jeremy Fuchs at Avanan
  • Storm-0324 Threat Group Switches Phishing Tactics to Teams
  • Phishing via Adobe
  • Breaking Down PayPal BEC 3.0 Scams
    
    
• Avertium
  Monti Ransomware
  
  
• Black Cell
  Threat Hunting Methodology Whitepaper
  
  
• BushidoToken
  Tracking Adversaries: Akira, another descendent of Conti
  
  
• CERT-AGID
  • Il malware Vidar torna ad insidiare le caselle PEC
  • Sintesi riepilogativa delle campagne malevole nella settimana 09 – 15 Settembre 2023
    
    
• Check Point Research
  • 11th September – Threat Intelligence Report
  • Guarding Against the Unseen: Investigating a Stealthy Remcos Malware Attack on Colombian Firms
    
    
• Richard Bejtlich at Corelight
  How Does the Kill Chain Apply to Network-Derived Evidence? | Corelight
  
  
• CTF导航
  • 第75篇：美国APT供应链打穿伊朗物理隔离的核工厂案例分析（第2篇）
  • 记一次曲折的exchange漏洞利用-ProxyMaybeShell
    
    
• Cyfirma
  Weekly Intelligence Report – 14 Sep 2023
  
  
• Elliptic
  How the Lazarus Group is stepping up crypto hacks and changing its tactics
  
  
• Expel
  • Red team sneakiness: Splunking for AD certificate abuse
  • Wake me up, before you log-log (…or when September ends, whichever comes first)
    
    
• Malcolm Heath at F5 Labs
  Forward and Reverse Shells
  
  
• Anshu Bansal, Rakshit Awasthi, Ashutosh Venkatrao More at Falco
  Blog: Tracing System Calls Using eBPF – Part 1
  
  
• Justin Timothy at GuidePoint Security
  GRIT Ransomware Report: August 2023
  
  
• Hornet Security
  Monthly Threat Report September 2023: Das Ende von Qakbot?
  
  
• Joe Slowik at Huntress
  Spidering Through Identity for Profit and Disruption
  
  
• Intel471
  Bumblebee Loader Resurfaces in New Campaign
  
  
• KELA Cyber Threat Intelligence
  • A Glimpse into August 2023 Vulnerabilities Discussed by Cybercriminals
  • Have a SAFE ride – Cyber Threats in the Automotive Sector
    
    
• Malwarebytes Labs
  • Ransomware review: September 2023
  • PSA: Ongoing Webex malvertising campaign drops BatLoader
    
    
• Mandiant
  Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety
  
  
• Microsoft Security
  • Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
  • Malware distributor Storm-0324 facilitates ransomware access
    
    
• Roman Daszczyszak, Steve Luke, and Ross Weisman at MITRE-Engenuity
  Summiting the Pyramid: Level Up Your Analytics
  
  
• Nextron Systems
  Detecting JanelaRAT with Yara and THOR
  
  
• Givan Kolster at Falcon Force
  Leg ups: helping hand or red team failure?
  
  
• Palo Alto Networks
  Unit 42 Attack Surface Threat Research: Constant Change in Cloud Contributes to 45% of New High/Critical Exposures Per Month
  
  
• Riccardo Ancarani at ‘Red Team Adventures’
  Attacking an EDR – Part 2
  
  
• SANS Internet Storm Center
  • Quickie: Generating a YARA Rule to Detect Obfuscated Strings, (Sun, Sep 10th)
  • DShield and qemu Sitting in a Tree: L-O-G-G-I-N-G, (Thu, Sep 14th)
    
    
• Securelist
  • From Caribbean shores to your devices: analyzing Cuba ransomware
  • Free Download Manager backdoored – a possible supply chain attack on Linux machines
  • Threat landscape for industrial automation systems. Statistics for H1 2023
    
    
• Sekoia
  • The Transportation sector cyber threat overview
  • Sekoia.io mid-2023 Ransomware Threat Landscape
    
    
• Yossi Rachman at Semperis
  Using Purple Knight to Detect the Okta Super Admin Attack
  
  
• SentinelOne
  • macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks 
  • Sep 2023 Cybercrime Update | New Ransomware Threats and the Rising Menace of Telegram 
  • Ready, Set, Turla | Everything You Need to Know Before the MITRE ATT&CK® 2023 Evaluations
    
    
• Simone Kraus
  Summiting the Pyramid — A new Dimension of “Cyber Analytics Engineering”
  
  
• Snyk
  How to avoid web cache poisoning attacks
  
  
• Yağmur Ernalbant at SOCRadar
  Overview of TIBER-EU From Threat Intelligence Perspective
  
  
• Sophos
  Check out @SophosXOps post
  
  
• Ryan Fetterman at Splunk
  Threat Hunting for Dictionary-DGA with PEAK
  
  
• Symantec Enterprise
  • Redfly: Espionage Actors Continue to Target Critical Infrastructure
  • 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack
    
    
• Adam Burgher at WeLiveSecurity
  Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2023-09-18
  
  
• Cellebrite
  What/Why a CTF?
  
  
• Christa Miller at DFRWS
  Call for Papers Is Open for DFRWS-EU 2024!
  
  
• Magnet Forensics
  • Building Cyber Resiliency – Forensic Investigation of Cyber Threats in Manufacturing
  • Using OUTRIDER’s New Features to Create Your Own Triage Workflows
    
    
• SANS
  • SANS Threat Analysis Rundown (STAR) | Live Stream
  • Threat Actor Tool Analysis at Enterprise Scale | Host: Ryan Chapman | September 19, 2023
  • SANS Cyber Defense Initiative® 2023 in Washington, DC
    

PRESENTATIONS/PODCASTS

• 0day in {REA_TEAM}
  Unveiling Qakbot: Exploring one of the Most Active Threat Actors
  
  
• Ali Hadi
  • Installing Sysmon and Elastic Agents (Security Onion)
  • Security Onion 2.4 Standalone Setup
    
    
• Black Hat
  Deception at Scale: How Malware Abuses Trust
  
  
• Black Hills Information Security
  • Log File Analysis – Gleaning Insights From Log Files | Ethan & Derek
  • Talkin’ About Infosec News – 9/11/2023
  • Atomic Red Team: Testing your EDR | John Strand | BHIS Nuggets
    
    
• Breaking Badness
  166. I’m W3LL Aware of BEC Attacks
  
  
• Cellebrite
  • Password File Upload to PA Ultra
  • CTF – Loading Cases
  • CTF-Datasets Released
  • CTF- Getting PA Ultra and Licensing Explained
  • CTF- Installing PA Ultra
    
    
• Cyber Social Hub
  • DFIR Investigative Mindset with Brett Shavers
  • Digital Forensics & Incident Response at Techno Security Conference
    
    
• DEFCON
  DEF CON 31
  
  
• Desi at Hardly Adequate
  Hardly Adequate CTF Walkthrough by Desi and Leo
  
  
• Digital Forensic Survival Podcast
  DFSP # 395 – Lateral Movement and Admin Logons
  
  
• Dr Josh Stroschein
  • 05 – Converting to Hexadecimal
  • 06 – Program Segments and Debugging with GDB
  • 07 – Signed and Unsigned Integers
    
    
• Dr. Meisam Eslahi at ‘Nothing Cyber’
  Cyber Threat Hunt 101: Part 3 – Threat Hunt vs. Detection – A Deep Dive!
  
  
• Huntress
  • What Is Defense Evasion?
  • Different Types of Threat Hunts
    
    
• John Hammond
  • Classify Malware with YARA
  • The Mysterious "Office Hotkey"..
    
    
• LetsDefend
  Cybersecurity Quiz Event #1
  
  
• Magnet Forensics
  Using AWS Config to Compliment IR Investigations
  
  
• MSAB
  How to use the Persons feature in XAMN Pro?
  
  
• Paraben Corporation
  • Parabens E3 Forensic Platform Demonstration Hindi
  • Parabens E3 Forensic Platform Demonstration Arabic
  • E3 Forensic Platform Demonstration Spanish
  • Android Activity Timeline Shows Valuable User vs System Actions
  • Parabens E3 Forensic Platform Demonstration German
  • Parabens E3 Forensic Platform Demonstration French
    
    
• Red Canary
  A proactive approach to threat hunting in enterprise security
  
  
• Security Weekly
  Detection Difficulty – Why are we still missing attackers? – Chris Sanders – ESW #331
  
  
• Sofia Marin
  Red Team and Incident Response Series Part 2: Persistence from stolen session in Azure Cloud.
  
  
• The Cyber Mentor
  Getting Started with Command Injection
  
  
• The Digital Forensics Files Podcast
  Cole Popkin, Digital Forensics Analyst
  
  
• Rapid7
  VeloCon 2023
  

MALWARE

• Any.Run
  ChatGPT-powered Malware Analysis: Review Sandbox Results with AI 
  
  
• ASEC
  • Threat Trend Report on Ransomware – July 2023
  • Threat Trend Report on APT Groups – July 2023
  • Deep Web and Dark Web Threat Trend Report – July 2023
  • Threat Trend Report on Kimsuky Group – July 2023
  • BlueShell Used in APT Attacks Against Korean and Thai Targets
  • Downloader Disguised With Contents on Violation of Intellectual Property Rights (Detected by MDS)
    
    
• Doug Burks at Security Onion
  Quick Malware Analysis: FORMBOOK from possible MODILOADER pcap from 2023-06-16
  
  
• Fortinet
  • OriginBotnet Spreads via Malicious Word Document
  • New MidgeDropper Variant
    
    
• Joshua Kamp and Alberto Segura at Fox-IT
  From ERMAC to Hook: Investigating the technical differences between two Android malware variants
  
  
• Mohitrajai
  Malware Analysis Report: Clop Ransomware — 1
  
  
• Jan Michael Alcantara at Netskope
  New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
  
  
• Phrozen
  Phrozen
  
  
• Ole Villadsen, Golo Mühr, and Kat Metrick at Security Intelligence
  Email campaigns leverage updated DBatLoader to deliver RATs, stealers
  
  
• Ax Sharma at Sonatype
  New npm PoC packages target PayPal Zettle, Airbnb developers
  
  
• Ben Martin at Sucuri
  Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
  
  
• Raymond Chen at The Old New Thing
  Any sufficiently advanced uninstaller is indistinguishable from malware
  
  
• Hitomi Kimura, Ryan Soliven, Ricardo Valdez III, Nusrath Iqra, and Ryan Maglaque at Trend Micro
  RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
  
  
• Sudeep Singh at ZScaler
  A peek into APT36’s updated arsenal
  

MISCELLANEOUS

• Fabian Mendoza at AboutDFIR
  AboutDFIR Site Content Update – 09/15/2023
  
  
• ADF Solutions
  How to Conduct Mobile Setup with Mobile Device Investigator
  
  
• Blake Sawyer at Amped
  Introducing Floating Licenses
  
  
• Jack Zalesskiy at Any.Run
  How to Hire the Right Malware Analyst for Your Team: Our Experience 
  
  
• Jonathan Tanner at Barracuda
  Malware 101: Implants as an infection method
  
  
• Monica Harris at Cellebrite
  Key Takeaways and Highlights from ILTACON 2023
  
  
• Forensic Focus
  • Atola Makes Byte-Level Analysis Easier In Insight Forensic 5.4 
  • How To Preview Evidence On A Mobile Device
  • Benjamin Findlay, Senior Lecturer In Computer And Digital Forensics,  Teesside University
  • Binalyze Secures $19 Million In Series A Funding
  • A Brief History Of Time … Stamps
  • Digital Forensics Round-Up, September 14 2023
  • Empowering Justice: Detego Global’s Inaugural Grant Winners Announced
  • Forensic Focus Digest, September 15 2023
    
    
• Julia Gately and Lexie Van Den Heuvel
  New to Cyber: Preston McNair
  
  
• Lenny Zeltser
  A Report Template for Incident Response
  
  
• LockBoxx
  CCDC Visability and Blocking Tips
  
  
• MISP
  MISP, research topics
  
  
• Revo4n6
  Magnet Forensics – The Digital Forensics Trifecta
  
  
• Salvation DATA
  12 eDiscovery Tools for Forensic Solutions in 2023
  
  
• SANS
  • FOR509 – Always Evolving
  • Building Strong Foundations: Exploring IaC for Cloud IAM
    

SOFTWARE UPDATES

• Amped
  Amped Replay Update 30373: Undo/Redo, Annotate Improvements and Much More!
  
  
• Atola
  Insight Forensic 5.4 – the new Disk Editor for easier byte-level analysis
  
  
• Brian Maloney
  OneDriveExplorer v2023.09.13
  
  
• Crowdstrike
  Falconpy Version 1.3.2
  
  
• Eric Zimmerman
  ChangeLog
  
  
• Foxton Forensics
  Browser History Examiner — Version History – Version 1.20.1
  
  
• Magnet Forensics
  • Magnet AXIOM Cyber 7.5 is now Available
  • Magnet AXIOM 7.5 – Continuing to Improve Mobile Investigations With Magnet AXIOM and GrayKey
    
    
• MISP
  MISP 2.4.176 released with various improvements and bugs fixed.
  
  
• OpenCTI
  5.10.2
  
  
• Oxygen Forensics
  Oxygen Forensic® Detective v.16 Updates
  
  
• P. Abhiram Kumar
  EventTranscriptParser v2.0
  
  
• PuffyCid
  Artemis 0.4.0 – Released!
  
  
• Rizin Organization
  cutter v2.3.2
  
  
• Google
  Timesketch 20230913
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!