As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Emi Polito at Amped
  Correct Optical Distortion
  
  
• Amr Ashraf
  Breach Investigation
  
  
• Atola
  How to Choose a Perfect Target Drive
  
  
• Cado Security
  OracleIV – A Dockerised DDoS Botnet
  
  
• DebugPrivilege
  Debug Case Study: Analysis of ProxyShell via IIS Worker Memory Dumps
  
  
• Forensafe
  Investigating Android IMO
  
  
• Mattia Epifani at Zena Forensics
  iOS 15 Image Forensics Analysis and Tools Comparison – Communication and Social Networking Apps
  
  
• Salvation DATA
  An Ultimate Guide on How to Extract Data from OPPO Phone.
  
  
• Harel Segev at Sygnia
  Diving Into the New Windows 11 PCA Artifact
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  Lolbins for connoisseurs… Part 3
  
  
• Adam Goss
  Threat Intelligence with MISP Part 7 — Exporting IOCs
  
  
• Archbishop Sec
  Writing Better Alert Names – How to win hearts of SOC Analysts
  
  
• Assume-breach
  Home Grown Red Team: Hosting Encrypted Stager Shellcode
  
  
• Avast Threat Labs
  Avast Q3/2023 Threat Report
  
  
• Avertium
  Everything You Need to Know About Silent Skimming
  
  
• Bedang Sen
  Embark on a Custom Parser Journey: Unleashing the Power of SOF-ELK®
  
  
• Adam Paulina at Binary Defense
  Running Malware Below the OS – The State of UEFI Firmware Exploitation
  
  
• Justin Seitz at Bullsh*t Hunting
  Off the Cuff: Freak in the Google Sheets
  
  
• CERT Ukraine
  Кібератака UAC-0050 з використанням Remcos RAT, замаскована під “запит СБУ” (CERT-UA#8026)
  
  
• CERT-AGID
  • Campagna di Phishing Agenzia Entrate e Riscossione
  • Le recenti sanzioni finanziarie dell’UE hanno costretto il gruppo Ursnif a cambiare strategia?
  • Sintesi riepilogativa delle campagne malevole nella settimana del 11 – 17 Novembre 2023
    
    
• Check Point
  • 13th November – Threat Intelligence Report
  • GPT vs Malware Analysis: Challenges and Mitigations
  • November Shopping Schemes: Check Point Research Unveiling Cybercriminal Tactics as Luxury Brands Become Pawns in Email Scams
  • Malware Spotlight – Into The Trash: Analyzing Litterdrifter
    
    
• Yehuda Gelb at Checkmarx Security
  Attacker Hidden in Plain Sight for Nearly Six Months, Targeting Python Developers
  
  
• CISA
  • CISA Releases Update to Royal Ransomware Advisory
  • #StopRansomware: Rhysida Ransomware
  • Scattered Spider
    
    
• Cisco’s Talos
  • We all just need to agree that ad blockers are good
  • A deep dive into Phobos ransomware, recently deployed by 8Base group
  • Understanding the Phobos affiliate structure and activity
    
    
• CTF导航
  • 【DFIR报告翻译】从NetSupport持久化到AD域失陷
  • Don’t throw a hissy fit; defend against Medusa
  • ATT&CK到底有什么用？
  • 揭秘APT组织 – 美国国安局NSA的TAO
    
    
• Cyfirma
  Weekly Intelligence Report – 17 Nov 2023
  
  
• Digital Daniela
  Threat Intelligence with MISP!
  
  
• Dragos
  • 3rd Annual DISC 2023 Capture the Flag (CTF) Was Conquered!
  • Dragos Industrial Ransomware Analysis: Q3 2023 
    
    
• Esentire
  • eSentire Threat Intelligence Malware Analysis: SolarMarker: To Jupyter and Back
  • The Notorious ALPHV/BlackCat Ransomware Gang is Attacking Corporations and Public Entities Using Google Ads Laced with Malware, Warns eSentire
    
    
• Brandon Dossantos at Expel
  Suspicious Outlook rules: high-fidelity patterns to watch for
  
  
• Flashpoint
  COURT DOC: Russian and Moldovan National Pleads Guilty to Operating Illegal Botnet Proxy Service that Infected Tens of Thousands of Internet-Connected Devices Around the World
  
  
• Fortinet
  • Ransomware Roundup – NoEscape
  • Investigating the New Rhysida Ransomware
  • OT Risk Management: Proactive OT Threat Detection and Malware Prevention
    
    
• Tom Forbes at GitGuardian
  Uncovering thousands of unique secrets in PyPI packages
  
  
• Clement Lecigne and Maddie Stone at Google Threat Analysis Group
  Zimbra 0-day used to target international government organizations
  
  
• GuidePoint Security
  GRIT Ransomware Report: October 2023
  
  
• Joshua Penny
  HostingHunter Series: CHANG WAY TECHNOLOGIES CO. LIMITED
  
  
• Kevin Beaumont at DoublePulsar
  LockBit ransomware group assemble strike team to breach banks, law firms and governments.
  
  
• Kroll
  • CVE-2023-47246: SysAid On-Prem Software Zero-Day Vulnerability Exploited by CL0P Ransomware Group
  • Q3 2023 Threat Landscape Report: Social Engineering Takes Center Stage
    
    
• Malwarebytes
  • Credit card skimming on the rise for the holiday shopping season
  • Ransomware review: November 2023
    
    
• Muhammad Muneer, Chris Madge, and Arjun Bhardwaj at Mandiant
  Insider Threat: Hunting and Detecting
  
  
• Monty Security
  Hunting Sandworm Team’s TTPs
  
  
• Nick Van Gilder
  Okta for Red Teamers — Perimeter Edition
  
  
• Palo Alto Networks
  • In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
  • Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific
    
    
• Proofpoint
  TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities 
  
  
• Resecurity
  Ransomware Attacks against the Energy Sector on the rise – Nuclear and Oil & Gas are Major Targets in 2024
  
  
• Roota
  Open-Source Language for Collective Cyber Defense
  
  
• Salim Salimov
  Test Your Detection With Atomic Red Team And Sysmon Or Kibana/elk
  
  
• SANS Internet Storm Center
  • Noticing command and control channels by reviewing DNS protocols, (Mon, Nov 13th)
  • Redline Dropped Through MSIX Package, (Wed, Nov 15th)
  • Beyond -n: Optimizing tcpdump performance, (Thu, Nov 16th)
  • Phishing page with trivial anti-analysis features, (Fri, Nov 17th)
  • Quasar RAT Delivered Through Updated SharpLoader, (Sat, Nov 18th)
    
    
• Securelist
  Advanced threat predictions for 2024
  
  
• MacKenzie Milligan at Security Intelligence
  The evolution of ransomware: Lessons for the future
  
  
• Den Iuzvyk, Tim Peck, and Oleg Kolesnikov at Securonix
  Securonix Threat Labs Security Advisory: New SEO#LURKER Attack Campaign: Threat Actors Use SEO Poisoning and Fake Google Ads to Lure Victims Into Installing Malware
  
  
• Sekoia
  Game Over: gaming community at risk with information stealers
  
  
• SentinelOne
  • C3RB3R Ransomware | Ongoing Exploitation of CVE-2023-22518 Targets Unpatched Confluence Servers 
  • Elephant Hunting | Inside an Indian Hack-For-Hire Group
  • Nov 2023 Cybercrime Update | LLMs, Ransomware and Destructive Wipers Proliferate in Recent Attacks
    
    
• Simone Kraus
  Top Cy-X Threat Actors 2023 in Germany
  
  
• SOCRadar
  A Brief Look at SOCRadar’s Saudi Arabia Threat Landscape Report
  
  
• Jared Atkinson at SpecterOps
  On Detection: Tactical to Functional – Part 11: Functional Composition
  
  
• Tamara Chacon at Splunk
  Stat! 3 Must-Have Data Filtering Techniques
  
  
• Nigel Douglas at Sysdig
  Why Traditional EDRs Fail at Server D&R in the Cloud
  
  
• System Weakness
  • Understanding DLL hijacking – What it is and how it’s used in hacking
  • Strings and Shields: YARA in Cybersecurity
    
    
• Taz Wake
  • Linux Incident Response – using ss for network analysis
  • Understanding NetFlow: An Introductory Guide for Incident Responders
  • More details on the ss command in Linux
  • Linux Incident Response – File Deletion in EXT4
  • Reflective Code Injection Attacks – An Overview for Incident Responders
  • Understanding the Virtual Address Space in Windows
    
    
• Team Cymru
  Threat Modeling and Real-Time Intelligence – Part 2
  
  
• Third Eye intelligence
  Navigating the Evolving Cyber Threat Landscape: Insights from ACSC’s 2021-2023 Reports
  
  
• Shilpesh Trivedi and Nisarga C M at Uptycs
  WinRAR CVE-2023-38831 Vulnerability: Malware Exploits & APT Attacks
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2023-11-20
  
  
• Gerald Auger at Simply Cyber
  Build Your Own Cyber Ranges with Forge Tool!
  
  
• Magnet Forensics
  Keeping Up With the Changing Cybersecurity Landscape using Magnet IGNITE and YARA Rules
  

PRESENTATIONS/PODCASTS

• Adversary Universe Podcast
  Urgent Care Required: The State of Healthcare Cybersecurity
  
  
• Alexis Brignoni
  Digital Forensic Now – Episode 6
  
  
• Black Hills Information Security
  • BHIS – Talkin’ Bout [infosec] News 2023-11-13
  • Talkin’ About Infosec News – 11/13/2023
  • Unpacking the Packet: Demystifying the Internet Protocol
    
    
• Breaking Badness
  173. How To Eat Fried Sandworms
  
  
• Cellebrite
  Cellebrite Industry Trends Survey 2024
  
  
• Cloud Security Podcast by Google
  EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities
  
  
• CyberDefenders
  OceanLotus: MemProcFS Malware Extraction and Analysis
  
  
• Cyberwox
  Certified Cyber Defender (CCD) Course Review & Syllabus Overview
  
  
• Detection: Challenging Paradigms
  Episode 35: Luke Jennings
  
  
• Digital Forensic Survival Podcast
  DFSP # 404 – Certutil Attacks
  
  
• Hardly Adequate
  Hardly a Week 46 13 November, 2023
  
  
• InfoSec_Bret
  • SA – SOC235 EventID: 197 (Atlassian Confluence Broken Access Control 0-Day CVE-2023-22515)
  • Lets Talk about Black Friday Sales (but mostly Lets Defend)!
    
    
• Insane Forensics
  Living off the Land: How to Hunt for and Respond to Industrial Cybersecurity Incidents using LolBins
  
  
• John Hammond
  The MOVEit Hack In Retrospect
  
  
• LASCON
  • Baruch Mettler – Easy-bake IR – Automated incident response using the power of APIs
  • Tony UV – PASTA Threat Modeling & Leveraging IR, Threat Intelligence as Means for Tactical Pen Test
  • Andy Lewis – 3cx: lessons learned
    
    
• Magnet Forensics
  • Getting Started With Your Magnet REVIEW Early Access Free Trial
  • Ep. 11 // Peering into Permissions – Taking a Look at iOS/Android Permissions for Insights to 3rd Party Apps
    
    
• Microsoft Threat Intelligence Podcast
  Punching Miscreants with Jack Mott
  
  
• MSAB
  • How to use the improved Area of Interest feature in XAMN Pro?
  • Forensic Fix Episode 10 – Jim Metcalfe
    
    
• Richard Davis at 13Cubed
  An Important Change to ShellBags – Windows 11 2023 Update!
  
  
• Sandfly Security
  Evasive Linux Malware Detection Video Presentation (BPFDoor)
  
  
• SANS
  A Visual Summary of SANS HackFest Summit 2023
  
  
• SANS Cloud Security
  Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes
  
  
• Securizame
  Una caña con Lawwait – Episodio 29 – Javier Rubio Alamillo
  

MALWARE

• Any.Run
  Upload Additional Files into Active Tasks in ANY.RUN
  
  
• ASEC
  • 2023 Sep – Threat Trend Report on APT Groups
  • 2023 Sep – Threat Trend Report on Ransomware Statistics and Major Issues
  • 2023 Sep – Threat Trend Report on Kimsuky Group
  • 2023 Sep – Deep Web and Dark Web Threat Trend Report
  • LNK Files Distributed Through Breached Legitimate Websites (Detected by EDR)
  • Ddostf DDoS Bot Malware Attacking MySQL Servers
  • Warning Against Distribution of Malware Impersonating a Public Organization (LNK)
    
    
• Binary Ninja
  Analyzing Obfuscated Code With Binary Ninja – a Flare-On Journey
  
  
• Matthew at Embee Research
  • Identifying 16 Malware Servers with Censys and Banner Pivots – RisePro Stealer
  • Identifying Config in .NET Malware With Garbageman
  • Combining Pivot Points to Identify Malware Infrastructure – Redline, Smokeloader and Cobalt Strike
    
    
• Igor Skochinsky at Hex Rays
  Igor’s Tip of the Week #165: Defining floating-point data
  
  
• InfoSec Write-ups
  Opening HTML Files : A gateway to Malware
  
  
• Mandiant
  Flare-On 10 Challenge Solutions
  
  
• OALABS Research
  PikaBot Is Back With a Vengeance
  
  
• Veronica Chierzi at Trend Micro
  A Closer Look at ChatGPT’s Role in Automated Malware Creation
  

MISCELLANEOUS

• Fabian Mendoza at AboutDFIR
  AboutDFIR Site Content Update – 11/17/2023
  
  
• Andreas Sfakianakis at ‘Tilting at windmills’
  FIRST CTI 2023 Recap
  
  
• Arctic Wolf
  The Role of Digital Forensics in Incident Response
  
  
• Belkasoft
  Belkasoft Industry Research 2023
  
  
• Brett Shavers
  “I am neither a digital forensics practitioner nor do I play one on television.”
  
  
• Doug Burks at Security Onion
  • Security Onion 2.4.30 now available including some new features and lots of bug fixes!
  • Security Onion 2.4 Feature o’ the Day – Configure Honeypot Settings
  • Security Onion 2.4 Feature o’ the Day – Configure IDS Rules
  • Security Onion 2.4 Feature o’ the Day – Configure InfluxDB
    
    
• Forensic Focus
  • Enhancing Mobile Investigations: A Focus On Screenshots And Screen Recording
  • The Evolution Of E-Crime: From Hacking To Cyberwarfare
  • GMDSOFT – What’s New In MD-Series (October 2023)
  • Digital Forensics Round-Up, November 16 2023
    
    
• HackTheBox
  Enhance digital forensics and incident response (DFIR) skills with Sherlocks
  
  
• Magnet Forensics
  • 10 Tips to Investigate Insider Fraud With Digital Forensics
  • Experience Magnet REVIEW with our SaaS Early Access Free Trial
    
    
• Terryn at chocolatecoat4n6
  Where does macOS fit into DFIR?
  
  
• Zac Szewczyk
  SANS Recommendations for Defensive Cyber Analysts
  

SOFTWARE UPDATES

• ANSSI
  DFIR-ORC v10.2.3
  
  
• Belkasoft
  Belkasoft X v.2.1: Introducing Car Forensics, Massive iOS and Cloud Update, iOS Agent Acquisition for Wider iOS Version Set, Built-In Tutorials, UFDR Import,Chat Threads, and Other Significant Updates.
  
  
• Datadog Security Labs
  GuardDog v1.5.2
  
  
• Digital Sleuth
  • WIN-FOR v9.0.0
  • v2023.32.1
    
    
• Erik Hjelmvik at Netresec
  CapLoader 1.9.6 Released
  
  
• FalconForce
  Splunk support and quality of life additions
  
  
• Harel Segev
  INDXRipper 20231117
  
  
• Hasherezade
  PE-Bear v0.6.6
  
  
• Jason Ostrom
  Cloud edge
  
  
• JPCERT
  LogonTracer v1.6.1
  
  
• Magnet Forensics
  • Magnet AXIOM Cyber 7.7: Try the New Integration with REVIEW SaaS Free Trial
  • Announcing Magnet AXIOM 7.7
    
    
• Manabu Niseki
  Mihari v6.0.0
  
  
• Microsoft
  Defender Advanced hunting, IPQualityScore TI provider
  
  
• OpenCTI
  5.11.14
  
  
• SigmaHQ
  pySigma v0.10.8
  
  
• Xways
  • X-Ways Forensics 20.6 SR-10
  • X-Ways Forensics 20.7 SR-11
  • X-Ways Forensics 20.8 SR-6
    
    
• Yamato Security
  Hayabusa v2.10.1 🦅
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!