As always, thanks to those who give a little back for their support!
If you haven’t seen, I’ve also been writing my thoughts on some of the articles posted when I can at patreon.com/thisweekin4n6!
FORENSIC ANALYSIS
- 0xdf hacks stuff
HTB Sherlock: Nubilum-1 - Amged Wageh
DriveFS Sleuth — Recovery Made Possible! - Chris Ray at Cyber Triage
DFIR Breakdown: Kerberoasting - Dark Data Discovery
The 10 Common Data Carving Approaches - Forensafe
Investigating Android Waze - Forensic Science International: Digital Investigation
Volume 49 - Haircutfish
TryHackMe Room — Logstash: Data Processing Unit - Kevin Beaumont at DoublePulsar
Recall: Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible. - Juyeon Hyun at Plainbit
Differences between analyzing with AXIOM and manual analysis - Stephan Berger
Today I Learned – Zsh Sessions (even more Timestamps) - Arafat Ashrafi Talha at System Weakness
Protect Yourself from Online Scams: Essential Phishing Email Analysis Techniques.
THREAT INTELLIGENCE/HUNTING
- ⌛☃❀✵Gootloader Details ✵❀☃⌛
Gootloader Switches to New Command and Control Server - Adam Goss
Intrusion Analysis: How to Fully Investigate Cyber Security Attacks - Ryan Barnett, Stiv Kupchik & Maxim Zavodchik at Akamai
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit - Avanan
- Avertium
Qilin Ransomware - Jerry Chen at AWS Security
Accelerate incident response with Amazon Security Lake - Alyssa Snow at Black Hills Information Security
Abusing Active Directory Certificate Services (Part 4) - CERT Ukraine
Тематика голосування в месенджерах – новий спосіб викрадення акаунтів набирає обертів (CERT-UA#9688) - CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 25 – 31 Maggio 2024 - Chainalysis
- Check Point
27th May – Threat Intelligence Report - Cisco’s Talos
- Nathaniel Raymond at Cofense
Threats That Hide in Your Microsoft Office Documents - Cyber 5W
Writing YARA Rules - Cyfirma
Weekly Intelligence Report – 31 May 2024 - Adam Price at CYJAX
- Elastic Security Labs
- Erik Hjelmvik at Netresec
Remote Sniffing from Mikrotik Routers - Esentire
Fake Browser Updates delivering BitRAT and Lumma Stealer - Europol
Largest ever operation against botnets hits dropper malware ecosystem - Flashpoint
- Google Workspace
Introducing audit logs for these API-based actions - Alon Gal at Hudson Rock
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting - Rindert Kramer at Hunt & Hackett
How to Achieve Eternal Persistence Part 2: Outliving the Krbtgt Password Reset - Alex Bilz
Harvesting Passwords From Cisco Configs Posted on Online Community Forums - InfoSec Write-ups
- Nick Chalard at InQuest
Detecting New Threats: The Heuristic Approach with DFI - Intel471
What the Biggest-Ever Botnet Takedown Means - Jouni Mikkola at “Threat hunting with hints of incident response”
Impacket – part 3 - Francesco Iulio at Jumpsec Labs
WASM Smuggling for Initial Access and W.A.L.K. Tool Release - Neil Cohen at Kasada
I purchased a luxury vacation to Aruba for only $151.73 – thanks to credential stuffing – Kasada - Kevin Beaumont at DoublePulsar
Snowflake at centre of world’s largest data breach - Kijo Girardi
Advanced Hunting – API calls insight - Bert-Jan Pals at KQL Query
Audit Defender XDR Activities - Brian Krebs at Krebs on Security
- Lab52
DLL Side Loading through IObit against Colombia - Thabet Awad at ‘Microsoft Security Experts’
Hunting for MFA manipulations in Entra ID tenants using KQL - Doron Karmi, Or Aspir and Roei Sherman at Mitiga
Tactical Guide to Threat Hunting in Snowflake Environments - Recorded Future
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns - Red Alert
- Red Canary
- ReliaQuest
- Rootdevsec
Evading Token Protection For EntraID/M365 (2024 Edition) - SANS Internet Storm Center
- YARA 4.5.1 Release, (Sun, May 26th)
- Files with TXZ extension used as malspam attachments, (Mon, May 27th)
- Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary], (Tue, May 28th)
- Feeding MISP with OSSEC, (Thu, May 30th)
- “K1w1” InfoStealer Uses gofile.io for Exfiltration, (Fri, May 31st)
- Ross Moore at Secjuice
Cyber Threat Intelligence - Securelist
Threat landscape for industrial automation systems, Q1 2024 - Thomas Roccia at SecurityBreak
Time Series Analysis by Leveraging GPT-4o Vision for Threat Intel - Securonix
Securonix Threat Labs Monthly Intelligence Insights – April 2024 - Pedro Tavares at Segurança Informática
Os malware stealers mais populares de 2024 - SOCRadar
- Puja Mahendru at Sophos
The State of Ransomware in Manufacturing and Production 2024 - SpecterOps
To Infinity and Beyond! - Sysdig
DDoS-as-a-Service: The Rebirth Botnet - John Scott-Railton, Bill Marczak, Bahr Abdul Razzak, Ksenia Ermoshina, Siena Anstis, and Ron Deibert at The Citizen Lab
By Whose Authority? Pegasus targeting of Russian & Belarusian-speaking opposition activists and independent media in Europe - Sunil Bharti at Trend Micro
Decoding Water Sigbin’s Latest Obfuscation Tricks - Joseliyo Sánchez at VirusTotal
Tracking Threat Actors Using Images and Artifacts
UPCOMING EVENTS
- Huntress
Smuggler’s Gambit: Uncovering HTML Smuggling Adversary - Magnet Forensics
- SANS
Unraveling the Mysteries of Digital Forensics: A Blog on the “Secret Life of Devices” Workshop Series
PRESENTATIONS/PODCASTS
- Adversary Universe Podcast
Unpacking China India Cyber Tensions - AhmedS Kasmani
Latrodectus – Malware Analysis Part 1 - Belkasoft
BelkaDay 2024 Recap: Insightful Presentations from Digital Forensic Experts - Black Hills Information Security
REKAST – Talkin’ Bout [infosec] News 2024-05-20 #infosecnews #cybersecurity #podcast #podcastclips - Clint Marsden at the TLP – Digital Forensics Podcast
- Cloud Security Podcast by Google
EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework - CyberDefenders
CyberDefenders CCD | The Certified CyberDefender Certification from CyberDefenders - Clint Marsden at DFIR Insights
- FIRST
- Hacker Valley Blue
Zero Trust Tactics Preventing Breaches with Ivan Fonseca & Nick Cottrell - Huntress
The Product Lab: M365 Capabilities & Automated Response - InfoSec_Bret
Challenge – Discord Forensics - Intel471
MITRE ATT&CK Looks at Cybercrime Techniques - John Hammond
Capture The Flag! NahamCon 2024 CTF Warmups - Magnet Forensics
- MSAB
- MyDFIR
- Paraben Corporation
iOS Demonstration video - Red Canary
How cloud architects and detections engineers can work together - SANS
A Visual Summary of SANS Ransomware Summit 2024 - SANS Cloud Security
MALWARE
- Any.Run
- ASEC
- Alexey Bukhteyev at Check Point
Static Unpacking for the Widespread NSIS-based Malicious Packer Family - Fareed Fauzi
Determine and understand hashing algorithms for Malware Analysis - Harfanglab
Allasenha: Allakore Variant Leverages Azure Cloud C2 To Steal Banking Details In Latin America - Jamf
Phishing for credentials: iOS pop-up deception through sideloaded apps - Kandji
- Lumen
The Pumpkin Eclipse - McAfee Labs
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud - Mohamed Adel
- Phylum
Sophisticated RAT Targeting Gulp Projects on npm - ptwistedworld
- Andy74 at Secjuice
- Ax Sharma at Sonatype
PyPI crypto-stealer targets Windows users, revives malware campaign - Sucuri
From Privacy to Exfiltration: Telegram’s Role in Website Malware - Suraj Yadav
Basic Binary Analysis in Linux - ThreatFabric
LightSpy: Implant for macOS - ZScaler
MISCELLANEOUS
- Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
Legal Data Intelligence – Initial Thoughts - Elan at DFIR Diva
- Oleg Afonin at Elcomsoft
- Forensic Focus
- Matt Linton at Google Online Security Blog
On Fire Drills and Phishing Tests - Kaido Järvemets
- Kim Bradley at Hexordia
National Cyber Crime Conference Recap - Magnet Forensics
Meet the recipients of the 2023 Magnet Forensics Scholarship Award! - Morten Knudsen
Entra Private Access/GSA – Automatic Network Detection - Salvation DATA
- Lance Spitzner at SANS
What is Your Definition of Insider Threat? - Jonathan Reed at Security Intelligence
Important details about CIRCIA ransomware reporting
SOFTWARE UPDATES
- Amped
Amped Replay Update 33908: Motion Detection, Resizable Panels, Improved Audio Support and Much More! - Canadian Centre for Cyber Security
Assemblyline Release 4.5.0.28 - Crowdstrike
VirtualGHOST - Datadog Security Labs
GuardDog v1.8.2 - Digital Sleuth
winfor-salt v2024.10.3 - Erik Hjelmvik at Netresec
NetworkMiner 2.9 Released - Hex Rays
IDA 8.4 Service Pack 2 released - Mazars Tech
AD_Miner v1.3.0 - OpenCTI
6.1.8 - Passware
Passware Kit Mobile 2024 v2 Now Available - Volatility Foundation
Volatility 3 2.7.0 - Security Onion
Security Onion 2.4.70 now available including our new Detections interface and much more! - Thiago Canozzo Lahr
uac-2.9.0 - Xways
- YARA
YARA v4.5.1
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!