So I can’t count and started the year on Week 1 instead of Week 0. This is the last summary post of the year, and hopefully I find a bit of time to write a year summary later on.

As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Ahmed Belhadjadji
  PoisonedCredentials Challenge Walkthrough
  
  
• Oleg Afonin at Elcomsoft
  A Comprehensive Instruction Manual on Installing the Extraction Agent
  
  
• Forensafe
  Investigating Android Instagram
  
  
• Lionel Notari
  iOS Unified Logs – Making a call
  
  
• Mattia Epifani at Zena Forensics
  Has the user ever used the XYZ application? aka traces of application execution on mobile devices
  
  
• Salvation DATA
  • Mastering MDF Files: Your Ultimate Guide to SQL Server Databases
  • A Complete Guide for RAID1 Array Data Recovery
    
    
• Sarah Hayes at Hexordia
  Android: Unlock and Rooting
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • 2 less known secrets of Windows command command-driven line tools…
  • 1 little known secret of regsvr32.exe
  • 1 little known secret of regsvr32.exe, take two
  • 1 little known secret of runonce.exe (32-bit)
  • 1 little known secret of regsvr32.exe, take three
  • 1 little known secret of fsquirt.exe
  • 1 little known secret of ieUnatt.exe on win11
    
    
• Ahmed Belhadjadji
  Network Threat Hunting Example (Zeek + ngrep VS Wireshark)
  
  
• Ankit Bishnoi
  Find Malware using Process Explorer Tool
  
  
• Francis Guibernau at AttackIQ
  Response to CISA Advisory (AA23-353A): #StopRansomware: ALPHV BlackCat
  
  
• Bitdefender
  Bitdefender Threat Debrief | December 2023
  
  
• Brad Duncan at Malware Traffic Analysis
  2023-12-29 – GootLoader infection
  
  
• CERT Ukraine
  APT28: від первинного ураження до створення загроз для контролеру домену за годину (CERT-UA#8399)
  
  
• Check Point
  25th December – Threat Intelligence Report
  
  
• Yehuda Gelb at Checkmarx Security
  JetBrains TeamCity Compromised: North Korea and Russia Target High-Value Supply Chain Links
  
  
• Cyfirma
  Weekly Intelligence Report – 29 Dec 2023
  
  
• Shunichi Imano and Fred Gutierrez at Fortinet
  Ransomware Roundup – 8base
  
  
• Matt Kiely at Huntress
  Combating Emerging Microsoft 365 Tradecraft: Initial Access
  
  
• Kevin Beaumont at DoublePulsar
  Cyber Toufan goes Oprah mode, with free Linux system wipes of over 100 organisations
  
  
• Lab52
  Ransomware’s Christmas Carol
  
  
• Nischal Khadgi at Logpoint
  Uncovering Rhysida and their activities
  
  
• Matt Edmondson at Digital Forensics Tips
  Introducing FaviconLocator: The Eazy Button to Searching by Favicon
  
  
• Microsoft Security Response Center
  Microsoft addresses App Installer abuse
  
  
• Living Of The SHIMS – Built-In SHIM DB Hijacking
  Living Of The SHIMS – Built-In SHIM DB Hijacking
  
  
• Samantha Stallings and Brad Duncan at Palo Alto Networks
  From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence
  
  
• Resecurity
  New Version of Medusa Stealer Released in Dark Web
  
  
• RussianPanda
  • Pure Logs Stealer Fails to Impress
  • MetaStealer Part 2, Google Cookie Refresher Madness and Stealer Drama
    
    
• SANS Internet Storm Center
  Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary], (Wed, Dec 27th)
  
  
• Boris Larin at Securelist
  Operation Triangulation: The last (hardware) mystery
  
  
• SentinelOne
  • LABSCon Replay | Intellexa and Cytrox: From Fixer-Upper to Intel Agency Grade Spyware
  • LABScon Replay | Spectre Strikes Again: Introducing the Firmware Edition
    
    
• SOCRadar
  • Threat Actor Profile: AridViper
  • Dark Web Profile: Haghjoyan
    
    
• Raimundo Alcázar at VirusTotal
  Hunting for malicious domains with VT Intelligence
  

PRESENTATIONS/PODCASTS

• AhmedS Kasmani
  Ghidra UI Updates for Malware Analysis and Introduction to python3 scripting in Ghidra
  
  
• ArcPoint Forensics
  • ATRIO – WHAT IS IT?
  • INSTANT REPORTS – SAFE, RAPID USB DRIVE INFO WITH ATRIO
  • TRIAGE MULTIPLE E01/DD IMAGES AUTOMATICALLY WITH ATRIO
  • QUICKLY EXTRACT FILES AND RECOVER DELETED DATA WITH ATRIO
    
    
• Breaking Badness
  2024 Infosec Predictions
  
  
• Cellebrite
  Streamline digital forensics workflows with Cellebrite Guardian
  
  
• Digital Forensic Survival Podcast
  DFSP # 410 – Linux Temp Directories
  
  
• Hardly Adequate
  Hardly a Year 2023 – Year in Review
  
  
• InfoSec_Bret
  IR -SOC207-158 – Anomalous File OPS
  
  
• Karsten Hahn at Malware Analysis For Hedgehogs
  Malware Analysis – 3 ways to deobfuscate JScript and JavaScript malware
  
  
• LaurieWired
  Exploring Info.plist: Essential Knowledge for iOS Reverse Engineering
  

MALWARE

• Any.Run
  • What is the difference between malware and viruses? 
  • Malware Trends Report: Q4, 2023
    
    
• ASEC
  • Analysis of Attacks That Install Scanners on Linux SSH Servers
  • Trend Analysis on Kimsuky Group’s Attacks Using AppleSeed
    
    
• Dr Josh Stroschein
  Patching Binaries with IDA Pro (free)!
  
  
• Igor Skochinsky at Hex Rays
  Igor’s Tip of the Week #170: Instantiating structures
  
  
• Gaurav Yadav at K7 Labs
  Mallox Evading AMSI
  
  
• MalwareTech
  • An Introduction to Bypassing User Mode EDR Hooks
  • Silly EDR Bypasses and Where To Find Them
    
    
• PetiKVX
  • Neshta Ransomware family
  • Christmas Ransomware
    
    
• Security Research Labs
  Black Basta Buster
  
  
• Vlad Pasca at Security Scorecard
  A detailed analysis of the Menorah malware used by APT34
  
  
• Zhassulan Zhussupov
  Malware and cryptography 23: encrypt/decrypt file via TEA. Simple C/C++ example.
  

MISCELLANEOUS

• Fabian Mendoza at AboutDFIR
  AboutDFIR Site Content Update – 12/29/2023
  
  
• Belkasoft
  Belkasoft 2023 Recap
  
  
• Elan at DFIR Diva
  Free & Affordable Training News Monthly: Dec 2023 – Jan 2024
  
  
• Forensic Focus
  • Atola Technology – 20 Years Of Digital Forensics Hardware Expertise
  • Digital Forensics Round-Up, December 28 2023
    

SOFTWARE UPDATES

• Abdullah
  Incident Response Linux
  
  
• Berla
  iVe Software v4.6 Release
  
  
• Costas K
  LNK & Jumplist Browser
  
  
• Cristian Souza
  forensictools
  
  
• Crowdstrike
  Falconpy Version 1.3.5
  
  
• Eilay Yosfan
  ForensicMiner v1.4
  
  
• Elcomsoft
  Elcomsoft iOS Forensic Toolkit 8.51: improved compatibility and enhanced functionality
  
  
• ExifTool
  ExifTool 12.72
  
  
• IntelOwl
  v5.2.2
  
  
• Metaspike
  Forensic Email Intelligence – 2.1.14.12
  
  
• Open Source DFIR
  Plaso 20231224 released
  
  
• OpenCTI
  5.12.15
  
  
• Rapid7
  Velociraptor 0.7.1 Release: Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!