As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Cyber 5W
- Oleg Afonin at Elcomsoft
When Extraction Meets Analysis: Cellebrite Physical Analyzer - Matt Shannon at F-Response
F-Response and Apple, 2024 Edition - Forensafe
Investigating iOS Calls - Oxygen Forensics
Huawei Forensics: Data Extraction and Encryption - Pending Investigations
Dissect vs SysInternals Case, Part 2 - Salvation DATA
THREAT INTELLIGENCE/HUNTING
- Adam at Hexacorn
2 little secrets of ScriptRunner.exe - Alex Teixeira
Under the Radar: Your Detections are missing logs — every single run - Allan Liska at ‘Ransomware Sommelier’
Ransomware from Turkey and Brazil and… - Josue Gomez and Ofer Caspi at AT&T Cybersecurity
Stories from the SOC: BlackCat on the prowl - Stephen Lincoln and Nick Desler at AttackIQ
SigmAIQ: AttackIQ’s Latest Innovation for Actionable Detections - Brad Duncan at Malware Traffic Analysis
- CERT Ukraine
- CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 06 – 12 Gennaio 2024 - Check Point
- Vanja Svajcer at Cisco’s Talos
New decryptor for Babuk Tortilla ransomware variant released - Cyberdom
Defender for Identity: Hunting for LDAP - Cyfirma
Weekly Intelligence Report – 12 Jan 2024 - Andy Giron at Datadog Security Labs
From IRC to Instant Messaging: The Rise of Malware Communication via Chat Platforms - Detect FYI
- Jennifer Golden at Duo
Understanding & Defending Against Adversary-in-the-Middle (AiTM) Attacks - Eclypsium
Infographic: A History of Network Device Threats and What Lies Ahead - Esentire
- Flashpoint
The Evolution and Rise of Stealer Malware - Jonathan Johnson
Changing Primary Tokens Session ID - Kijo Girardi
MDO File Detonation & Deep Analysis insight - Malwarebytes
- Mandiant
- Neko Papez at Menlo Security
RaaS kits will be a problem in 2024 - Mike Saunders at Red Siege Information Security
You Can’t See Me – Protecting Your Phishing Infrastructure - Mostafa Farghaly
Detect Mortis Locker Ransomware With YARA Rule - Palo Alto Networks
- Penetration Testing Lab
Persistence – Event Log - Plainbit
[Case #6] Tracking Wannacry Ransomware bitcoin addresses - Christiaan Beek at Rapid7
2023 Ransomware Stats: A Look Back To Plan Ahead - Recorded Future
2023 Adversary Infrastructure Report - Red Alert
Monthly Threat Actor Group Intelligence Report, September 2023 (JPN) - Red Canary
- SANS Internet Storm Center
- Thomas Roccia at SecurityBreak
Introducing Yara Toolkit - Securonix
- Simone Kraus
- Nathan D. at SpecterOps
Cypher Queries in BloodHound Enterprise - Stephan Berger
N-IOCs to Rule Them All - Ranjith A
macOS Forensics -Remote collection and Analysis using Microsoft Defender for Endpoint and Aftermath. - Denis Sinegubko at Sucuri
Thousands of Sites with Popup Builder Compromised by Balada Injector - System Weakness
- Chris Conrad at Netscout
Unprecedented Growth in Malicious Botnets Observed - Trend Micro
- Megan Nilsen, Andrew Schwartz and Martin Bos at TrustedSec
Detection Alchemy – The Purple Team Way - Dan Verton at Uptycs
Cybersecurity Landscape 2023: Uptycs Threat Research Year in Review - Wesley Neelen at Zolder B.V.
Using honeytokens to detect (AiTM) phishing attacks on your Microsoft 365 tenant
UPCOMING EVENTS
- Arctic Wolf
2024 Arctic Wolf Labs Threat Report - Cado Security
CTF Challenge: Captured by Cado - Censys
Threat Intelligence with Censys Search and ChatGPT - Cyborg Security
Threat hunting workshop: hunting for privelege escalation - Christa Miller at DFRWS
Register Now to Join DFRWS-EU in Zaragoza in March! - Magnet Forensics
PRESENTATIONS/PODCASTS
- ArcPoint Forensics
- Black Hat
CodeQL: Also a Powerful Binary Analysis Engine - Black Hills Information Security
- Breaking Badness
176. A Tale of OAuth2 Cities - Hazel Burton at Cisco’s Talos
Video series discussing the major threat actor trends from 2023 - Cybereason
- Digital Forensic Survival Podcast
DFSP # 412 – Conhost Forensics - Dump-Guy Trickster
ConfuserEx2 – Full Deobfuscation Guide - Gerald Auger at Simply Cyber
Build a Powerful Home SIEM Lab Without Hassle! (Step by Step Guide) - Huntress
- Insane Forensics
Exploring and Detecting Historical Cybersecurity Incidents: Ukraine 2015 - Intel471
Cybercrime Exposed Podcast: The Xbox One Hack - Jai Minton
I went looking for malware and found a SNAKE that STEALS YOUR PASSWORDS. Snake Keylogger Analysis - Magnet Forensics
Simplifying the Digital Investigation of Apple Devices - MSAB
MSAB Monday – RAM Review in XAMN Pro - SANS Cyber Defense
2024 Cyber Defense Trends and Predictions
MALWARE
- 0day in {REA_TEAM}
[QuickNote] Technical Analysis of recent Pikabot Core Module - Any.Run
- ASEC
Account Credentials Theft in Domain Environments Detected by EDR - Avast Threat Labs
Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police - Dr Josh Stroschein
What is a web shell? Exploring a popular web shells capabilities for malware analysis! - Forcepoint
Details of a new, novel advanced malware attack using Microsoft Office - Nikhil “Kaido” Hegde
INC Linux Ransomware – Sandboxing with ELFEN and Analysis - OALABS Research
Introduction To VM Protection – VMZeus - PetiKVX
Hydracrypt Ransomware - ReversingLabs
2023 Updates in Review: Malware Analysis and Threat Hunting - Ayush Anand at Securityinbits
Deobfuscate PowerShell using subtract – CyberChef Recipe 0x4 - SentinelOne
- Matthew Meltzer, Robert Jan Mora, Sean Koessel, Steven Adair, and Thomas Lancaster at Volexity
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN - Brett Stone-Gross at ZScaler
DreamBus Unleashes Metabase Mayhem With New Exploit Module
MISCELLANEOUS
- Atola
Top Digital Forensic Conferences in 2024 - Fabian Mendoza at AboutDFIR
AboutDFIR Site Content Update – 01/12/2024 - Brett Shavers
DAIR: Digital Analysis/Incident Response? - Cado Security
- Cellebrite
Understanding the Challenges in Legal Data Collection and Management - Emina Doherty and Anastasia Shek at Arsenal Recon
Publicly-Accessible Disk Images Grid for DFIR - Forensic Focus
- Jeffrey Appel
How to protect Microsoft Teams with Microsoft 365 Defender - Luke Bradley
Digital Forensics: A Cornerstone in Business Restructuring and Insolvency Success - Magnet Forensics
- MISP
- Dr. Brian Carrier at Sleuth Kit Labs
Launch of Sleuth Kit Labs
SOFTWARE UPDATES
- ADF Solutions
ADF Launches Chromebook Investigation Capabilities - Breakpoint Forensics
Bulk Forensic Image Processor - Costas K
LNK & Jumplist Browser - Datadog Security Labs
GuardDog v1.5.3 - Digital Sleuth
winfor-salt v2024.0.3 - dnSpyEx
v.6.5.0-rc1 - ExifTool
ExifTool 12.73 - Federico Lagrasta
PersistenceSniper v1.15.0 - Hasherezade
PE-Bear v0.6.7 - IntelOwl
v5.2.3 - Manabu Niseki
Mihari v7.1.3 - Martin Willing
Collect-MemoryDump-v1.0 - MasterParser
MasterParser-v2.0 - Metaspike
Forensic Email Collector (FEC) Changelog – 3.89.0.12 - MISP
MISP 2.4.183 released with new ECS log feature, improvements and bugs fixed - Passmark Software
OSForensics – V11.0 Build 1000 10th January 2024 - StrangeBee
Security Upgrade: Release of TheHive Versions 5.2.9 and 5.1.10 - Three Planet Software
Apple Cloud Notes Parser v0.15.3
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 