As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Amged Wageh
  DriveFS Sleuth — Revealing The Hidden Intelligence
  
  
• Cado Security
  • The Importance of Depth: Cloud Forensics Beyond Log Analysis 
  • The Cado Platform can now Capture AWS EC2 Systems into E01 Format
    
    
• Elcomsoft
  A Comprehensive Guide to Essential Tools for Elcomsoft iOS Forensic Toolkit
  
  
• Forensafe
  Investigating iOS Venmo
  
  
• Gerardo Santos at Security Art Work
  Clusterización de Amenazas y Threat Hunting
  
  
• Taz Wake
  ExifTool basics for DFIR
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • 1 little known secret of forfiles.exe
  • Bitmap Hunting in SPL
  • 1 little known secret of hdwwiz.exe
  • (Not) Mapping Firefox extension IDs to their names
  • 1 little known secret of fondue.exe
  • Bitmap hunting in SPL, Part 2
    
    
• Adam Goss
  The Cyber Threat Intelligence Lifecycle: A Fundamental Model
  
  
• Stefan Hostetler and Steven Campbell at Arctic Wolf
  Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
  
  
• Avertium
  Avertium’s End of the Year Recap – 2023
  
  
• Martin Zugec at Bitdefender
  2024 Cybersecurity Forecast: Ransomware’s New Tactics and Targets
  
  
• Nigel Douglas at Black Hills Information Security
  Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco
  
  
• Sergiu Gatlan at BleepingComputer
  Russian hackers wiped thousands of systems in KyivStar attack
  
  
• Nikita Rostovtsev, Joshua Penny and Yashraj Solanki at Bridewell
  The Distinctive Rattle of APT SideWinder
  
  
• CERT-AGID
  • SMTP smuggling: facciamo luce su un problema sottovalutato
  • Report riepilogativo sull’andamento delle campagne malevole che hanno interessato l’Italia nel 2023
    
    
• Check Point
  1st January – Threat Intelligence Report
  
  
• ClearSky Cyber Security
  “Homeland Justice” targets Albanian organizations with “No-justice” wiper
  
  
• Jonathan Peters
  Detecting Stealthy ConfuserEx with Yara
  
  
• Cyfirma
  Weekly Intelligence Report – 05 Jan 2024
  
  
• Matthew at Embee Research
  Practical Queries for Identifying Malware Infrastructure With FOFA
  
  
• Erik Hjelmvik at Netresec
  Hunting for Cobalt Strike in PCAP
  
  
• Esentire
  Ducktail and Peeling the Layers of PowerShell
  
  
• Andrew Bentle and Tucker Moran at Expel
  Attackers are expanding access through AWS Cognito
  
  
• Hunt & Hackett
  Turkish espionage campaigns in the Netherlands
  
  
• Jacob Latonis
  100 Days of Yara in 2024
  
  
• Kevin Beaumont at DoublePulsar
  How 50% of telco Orange Spain’s traffic got hijacked — a weak password
  
  
• Kusto Insights
  Kusto Insights – December Update
  
  
• Matt Bromiley
  Bringing Back 100 Days of LC
  
  
• Microsoft Security
  Financially motivated threat actors misusing App Installer
  
  
• Mohammed AlAqeel (AlJawarneh)
  DFIR/DTR Tip: Persistence through custom Outlook form
  
  
• Obsidian Security
  Detecting AiTM Phishing Sites with Fuzzy Hashing
  
  
• OSArmor
  New DLL Search Order Hijacking via System Processes on WinSxS Folder
  
  
• Penetration Testing Lab
  Initial Access – search-ms URI Handler
  
  
• Red Alert
  • Monthly Threat Actor Group Intelligence Report, November 2023 (KOR)
  • Monthly Threat Actor Group Intelligence Report, October 2023 (ENG)
    
    
• S2W Lab
  Detailed Analysis of ‘Operation Japan’ Campaign
  
  
• John Doyle at SANS
  Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 2)
  
  
• SANS Internet Storm Center
  • Pi-Hole Pi4 Docker Deployment, (Sun, Dec 31st)
  • Fingerprinting SSH Identification Strings, (Tue, Jan 2nd)
  • Interesting large and small malspam attachments from 2023, (Wed, Jan 3rd)
  • Netstat, but Better and in PowerShell, (Fri, Jan 5th)
  • Are you sure of your password?, (Sat, Jan 6th)
    
    
• Security Joes
  Hide and Seek in Windows’ Closet: Unmasking the WinSxS Hijacking Hideout
  
  
• Thomas Roccia at SecurityBreak
  #100DaysOfYara Challenge
  
  
• Coline Chavane, Ines de Mentque, and Maxime A. at Sekoia
  Securing Gold: Assessing Cyber Threats on Paris 2024
  
  
• Shinigami
  100DaysOfYara
  
  
• Simone Kraus
  APT28: From Initial Damage to Domain Controller Threats in an Hour (CERT-UA#8399)
  
  
• SOCRadar
  Dark Web Profile: Cactus Ransomware
  
  
• Splunk
  • Hunting M365 Invaders: Blue Team’s Guide to Initial Access Vectors
  • Ghost in the Web Shell: Introducing ShellSweep
    
    
• Sushant Kumar Arya, Daksh Kapur and Rohan Shah at Trellix
  Saints Turned Evil
  
  
• Karthickkumar Kathiresan and Shilpesh Trivedi at Uptycs
  UAC-0050 Remcos RAT: Pipe Method Used for Evasion in Ukraine Attack
  
  
• Raimundo Alcázar at VirusTotal
  Monitoring malware trends with VT Intelligence
  

UPCOMING EVENTS

• Christa Miller at DFRWS
  The Women in Forensic Computing Workshop Returns to DFRWS-EU!
  
  
• Magnet Forensics
  Simplifying the Digital Investigation of Apple Devices
  
  
• SANS
  • 2024 Cyber Defense Trends and Predictions
  • 2024 Cloud Security Trends and Predictions
    

PRESENTATIONS/PODCASTS

• AhmedS Kasmani
  Shellcode Loader Analysis and Python3 Scripting in Ghidra
  
  
• Alexis Brignoni
  Digital Forensics Now Podcast – Episode 9
  
  
• ArcPoint Forensics
  • EASILY CREATE LIVE BOOT USB WITH ATRIO
  • EASILY RECOVER DELETED FILES WITH ATRIO
  • HOW TO UPDATE ATRIO
  • EASILY CREATE .DD IMAGE WITH ATRIO
  • CONVERT .DD TO E01 (AND BACK!)
  • EASILY ENCRYPT YOUR DATA
  • 7.5 TB – IMAGE DIRECTLY TO ATRIO!
    
    
• Digital Forensic Survival Podcast
  DFSP # 411 – NTLM Credential Validation
  
  
• Hardly Adequate
  Catching up with Jacob
  
  
• Jai Minton
  This is the most popular HACKING TOOL! Cobalt Strike Stager Analysis
  
  
• John Dwyer
  Analyzing PowerShell Payloads – Episode 11
  
  
• MyDFIR
  CDSA HackTheBox In-Depth Review | Is It worth it?
  
  
• Paraben Corporation
  Forensic Impact Jan 5 2024
  
  
• Richard Davis at 13Cubed
  2024 Investigating Windows Courses
  
  
• SANS
  FOR528: Ransomware & Cyber Extortion Course | SANS
  
  
• The CyberWire
  Diving deep into Phobos ransomware.
  

MALWARE

• 0day in {REA_TEAM}
  [QuickNote] Technical Analysis of recent Pikabot Core Module
  
  
• ASEC
  Internal Reconnaissance in Domain Environments Detected by EDR
  
  
• Fernando Martinez at AT&T Cybersecurity
  AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
  
  
• Dr Josh Stroschein
  Getting Started with Network Simulation and Fakenet-NG
  
  
• Gabby Xiong at Fortinet
  Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices
  
  
• Hex Rays
  Igor’s Tip of the Week #171: Enums as structure members
  
  
• Saikumaravel at K7 Labs
  Qakbot Returns
  
  
• Mark Lim and Zong-Yu Wu at Palo Alto Networks
  Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer
  
  
• Patrick Wardle at Objective-See
  • The Mac Malware of 2023
  • Analyzing DPRK’s SpectralBlur
    
    
• Ax Sharma at Sonatype
  everything’ matters — why the npm package sparked controversy
  
  
• VMRay
  DarkGate: From AutoIT to Shellcode Execution
  

MISCELLANEOUS

• Atola
  2023. Year in Review
  
  
• Atropos4n6
  Roundup of my DFIR 2023
  
  
• Cellebrite
  The Intersection of Tech and Legal Data Collection
  
  
• Derek Eiri
  Reflecting on 2023
  
  
• Elcomsoft
  Low-level extraction of iOS 16.6.1
  
  
• Matt Shannon at F-Response
  What is remote data acquistion?
  
  
• Fabian Mendoza at AboutDFIR
  AboutDFIR Site Content Update – 01/05/2024
  
  
• Forensic Focus
  • Digital Forensics Round-Up, January 04 2024
  • Forensic Focus Digest, January 05 2024
    
    
• Forensic Horizons
  Digital Evidence Is Behind Only a Tiny Fraction of Wrongful Convictions
  
  
• Gi7w0rm
  Gi7w0rm’s personal year review — 2023
  
  
• Hornet Security
  Wie Sie Ransomware-Angriffe verhindern können: Eine leicht verständliche Anleitung
  
  
• Kevin Pagano at Stark 4N6
  Forensics StartMe Updates (1/1/2024)
  
  
• Michael Haag
  Deploy, Test, Monitor: Mastering Microsoft Defender ASR with Atomic Techniques in Splunk
  
  
• Oxygen Forensics
  Predictions for Digital Forensic Investigations in 2024: CEO Lee Reiber
  
  
• Paraben Corporation
  2023 Review 2024 Predictions
  
  
• Talha Riaz
  Digital Forensics on Smart Watches: Tools and Techniques
  

SOFTWARE UPDATES

• Hexordia
  Evanole Community Edition 1.01
  
  
• Arsenal Recon
  Arsenal Image Mounter Changelog v3.11.279
  
  
• Belkasoft
  Belkasoft X v.2.2: Massive iOS and UFDR Import Updates, Log4j Fix, Search Improvements.
  
  
• Canadian Centre for Cyber Security
  Assemblyline 4.4.0.89
  
  
• Costas K
  LNK & Jumplist Browser
  
  
• Crowdstrike
  Falconpy Version 1.4.0
  
  
• Digital Sleuth
  winfor-salt v2024.0.2
  
  
• Manabu Niseki
  Mihari v7.1.5
  
  
• Metaspike
  Forensic Email Collector (FEC) Changelog – 3.89.0.10
  
  
• SigmaHQ
  pySigma v0.11.0
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!