As always, thanks to those who give a little back for their support!
If you haven’t seen, I’ve also been writing my thoughts on some of the articles posted weekly at patreon.com/thisweekin4n6!
FORENSIC ANALYSIS
- Deagler’s 4n6 Blog
Hexordia Weekly CTF Challenge 2024 – Week 2 Writeup - DS4N6
- [BLOG] Cybersecurity & ChatGPT – Multi-part Blog Post Series, by Mario Pérez
- [BLOG] Cybersecurity & ChatGPT – Part 1 – A Gentle Introduction, by Mario Pérez
- [BLOG] Cybersecurity & ChatGPT – Part 2 – Generative AI for Blue Teams, by Mario Pérez
- [BLOG] Cybersecurity & ChatGPT – Part 3 – Generative AI for Red Teams, by Mario Pérez
- Forensafe
Investigating Android Zoom - HackTheBox
Decoding Windows event logs: A definitive guide for incident responders - Ryan Robinson and Nicole Fishbein at Intezer
Memory Analysis 101: Understanding Memory Threats and Forensic Tools - Justin De Luna at ‘The DFIR Spot’
Linux Forensics – Collecting a Triage Image Using The UAC Tool - Magnet Forensics
Exploring the Significance of Jump Lists in Digital Forensic Examinations - Salvation DATA
7 Steps to extract data from iPhone by changing iTunes storage path - SANS
- Taz Wake
Linux IR – Key forensic artifacts for incident responders
THREAT INTELLIGENCE/HUNTING
- Adam at Hexacorn
A license (metadata) to kill (for)… - Adam Goss
Analysis of Competing Hypotheses: How to Find Plausible Answers - Alex Teixeira
What makes up a solid SIEM query? - Francis Guibernau and Ayelen Torello at at AttackIQ
Response to CISA Advisory (AA24-109A): #StopRansomware: Akira Ransomware - Christine Barry at Barracuda
HelloGookie. HelloKitty. Hello, LockBit - Lawrence Abrams at BleepingComputer
Malware dev lures child exploiters into honeytrap to extort them - CERT Ukraine
Викрадення акаунту WhatsApp під виглядом голосування за електронні петиції (CERT-UA#9565) - CERT-AGID
- Check Point
22nd April – Threat Intelligence Report - Cisco’s Talos
- CrowdStrike
CVE-2024-3400: What You Need to Know About the Critical PAN-OS Zero-Day - Cyberdom
Microsoft 365 Cloud investigation via Unified Audit Log – Facts and Tips | CFIR Series - Cyble
- Cyfirma
Weekly Intelligence Report – 26 Apr 2024 - Darktrace
Balada Injector: Darktrace’s Investigation into the Malware Exploiting WordPress Vulnerabilities - Abdulrahman H. Alamri at Dragos
Dragos Industrial Ransomware Analysis: Q1 2024 - EclecticIQ
Introducing EclecticIQ Threat Scout - Flashpoint
The Israel-Iran Conflict Through an Intelligence Lens - Shunichi Imano and Fred Gutierrez at Fortinet
Ransomware Roundup – KageNoHitobito and DoNex - Fox-IT
Sifting through the spines: identifying (potential) Cactus ransomware victims - Google Cloud Threat Intelligence
M-Trends 2024: Our View from the Frontlines - Harfanglab
MUDDYWATER CAMPAIGN ABUSING ATERA AGENTS - Zawadi Done and Borys Avdieiev at Hunt & Hackett
Hunting for a Sliver in a haystack - Huntress
- Intel471
A Briefing on SIM Hijacking - Kijo Girardi
Cloud-Based Identity to Exfiltration Attack (Part2) - Ross Bevington at Microsoft Sentinel Blog
Examining the Deception infrastructure in place behind code.microsoft.com - Microsoft’s ‘Security, Compliance, and Identity’ Blog
Investigating Industrial Control Systems using Microsoft’s ICSpector open-source framework - MITRE ATT&CK
ATT&CK v15 Brings the Action - Leandro Fróes at Netskope
Netskope Threat Labs Stats for March 2024 - Arnau Ortega at Falcon Force
Arbitrary 1-click Azure tenant takeover via MS application - Grace Chi at Pulsedive
Sharing, Compared Part 2: Where Do We Share? - Red Alert
- ReliaQuest
Cyber Threats Linked to Iran-Israel Conflict - SANS Internet Storm Center
- It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years, (Mon, Apr 22nd)
- Struts “devmode”: Still a problem ten years later?, (Tue, Apr 23rd)
- API Rug Pull – The NIST NVD Database and API (Part 4 of 3), (Wed, Apr 24th)
- Does it matter if iptables isn’t running on my honeypot?, (Thu, Apr 25th)
- Securelist
- Securonix
- Sekoia
Unplugging PlugX: Sinkholing the PlugX USB worm botnet - Jim Walter at SentinelOne
Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit - SOCRadar
- Madeleine Tauber and Tamara Chacon at Splunk
How To Start Threat Hunting: The Beginner’s Guide - Stephan Berger
Today I Learned – Device Discovery - Miguel Hernández at Sysdig
Meet the Research behind our Threat Research Team - System Weakness
- Sean Wilson at Unpacme
Zombieware: Malware That Never Dies… - Siddartha Malladi at Uptycs
Beware of Fake PoC Repositories & Malicious Code on GitHub - VMRay
UPCOMING EVENTS
- Belkasoft
BelkaDay 2024: Digital Forensics and Cyber Incident Response Conference - Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2024-04-29 - Cyborg Security
Episode 16 - Dragos
Free Webinar – 2023 Year In Review: Lessons Learned From The Frontline - Rapid7
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21
PRESENTATIONS/PODCASTS
- Adversary Universe Podcast
Building a Strong Threat Hunting Program with Andrew Munchbach - Black Hills Information Security
REKAST – Talkin’ Bout [infosec] News 2024-04-22 #infosecnews #cybersecurity #podcast #podcastclips - BlueMonkey 4n6
Using Linux to handle NTFS Alternative Data Streams - Cellebrite
- Cyber Social Hub
- Cyborg Security
- Gerald Auger at Simply Cyber
Your Cyber Threat Intel Work Just Got An Easy Button (Smash IT) - Hardly Adequate
Hardly a Week 16 April 22, 2024 - InfoSec_Bret
Challenge – Phishing Email / Audio Test - John Hammond
- Microsoft Threat Intelligence Podcast
Paul Melson talks ScumBots - MSAB
- MyDFIR
Are SOC Analysts In Demand? - Off By One Security
Security Research and Security Assessments of ICS Devices & Communications - Palo Alto Networks Unit 42
- RickCenOT
Assessing and Protecting Industrial Control Systems [Promo Code] - SANS
About Cyber42 | A SANS Cybersecurity Leadership Simulation Game - Securizame
Una caña con Lawwait – Episodio 39 – Teniente Coronel Juan Antonio Rodriguez Alvarez de Sotomayor - SentinelOne
LABScon23 Replay | Meet the Iranian Company Powering Russia’s Drone War on Ukraine
MALWARE
- 0day in {REA_TEAM}
[QuickNote] Qakbot 5.0 – Decrypt strings and configuration - Any.Run
- ASEC
- Jan Rubín and Milánek at Avast Threat Labs
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - CTF导航
实践调试Ghidra代码和Ghidra脚本 - Dr Josh Stroschein – The Cyber Yeti
MM#02 – Uncover Program Behavior! Build a Sample Program to Investigate w/ Process Explorer | BTS - Elastic Security Labs
Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part One - Esentire
FakeBat Malware Distributing via Fake Browser Updates - Anna Lvova at G Data Security
Sharp-Project: New Stealer Family on the Market - Jay Kurup at Morphisec
Threat Bulletin – New variant of IDAT Loader - Phylum
- SonicWall
Analysis of Native Process CLR Hosting Used by AgentTesla - Gabor Szappanos and Steeve Gaudreault at Sophos
Malware campaign attempts abuse of defender binaries - Cesar Anjos at Sucuri
What is Cookie Hijacking - Scott Nusbaum at TrustedSec
Loading DLLs Reflections - Kaivalya Khursale at ZScaler
Black Hat SEO Leveraged to Distribute Malware
MISCELLANEOUS
- Fabian Mendoza at AboutDFIR
AboutDFIR Site Content Update – 04/26/2024 - Belkasoft
Belkasoft CTF 6: Interview with the Winner - Alyssa Snow at Black Hills Information Security
Deploy an Active Directory Lab Within Minutes - BlueteamerAU
Basic Digital Forensics Process - Cellebrite
A Comprehensive Approach to Data Breach Response and Recovery in the Life Sciences Industry - Craig Ball at ‘Ball in your Court’
Girding for the E-Savvy Opponent (Revisited) - Derek Eiri
Smartphone Forensic Analysis In-Depth, Re: SANS FOR585 OnDemand Experience - Bhargav Rathod at DFRWS
DFRWS USA 2024 Student Travel Grants - Security Onion
New Security Onion Online Training Class – Detection Engineering with Security Onion! - Forensic Focus
- GreyNoise Labs
Decrypting FortiOS 7.0.x - HackTheBox
- Kaido Järvemets
Enhance Your SQL Server Security with the Defender for SQL: Deployment Accelerator Toolkit - Mostafa Farghaly
How to setup ARM android virtual machine on x86 host machine - MSAB
MSAB’s Annual Report 2023 - Oxygen Forensics
Targeted collection from onsite and remote endpoints - Kelly Horsford at Red Canary
Manage your SOC like a product - Salvation DATA
- David Broggy at Trustwave SpiderLabs
EDR – The Multi-Tool of Security Defenses - Bernardo Quintero at VirusTotal
Mastering VirusTotal: Certification Course - Jeremy McBroom
What is Digital Forensics?
SOFTWARE UPDATES
- Acelab
New version of the PC-3000 Mobile PRO 2.7x is available now - Crowdstrike
Falconpy Version 1.4.3 - Datadog Security Labs
GuardDog v1.6.0 - Digital Sleuth
winfor-salt v2024.7.3 - GCHQ
CyberChef v10.18.3 - IsoBuster
IsoBuster 5.4 beta released - MISP
MISP 2.4.190 (and 2.4.191) released with new feed improvement, workflows and a new benchmarking suite. - Phil Harvey
ExifTool 12.84 - SigmaHQ
pySigma v0.11.5 - StrangeBee
TheHive 5.3 is out and buzzing for even more efficiency - Xways
X-Ways Forensics 21.2 Preview 3
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!