As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- 0xdf hacks stuff
HTB Sherlock: Campfire-1 - Any.Run
- AT&T Cybersecurity
- Dr. Giannis Tziakouris and Nadhem Al-Fardan at Cisco
Digital Forensics for Investigating the Metaverse - Cyber Social Hub
Embracing AI For A Safer Future: Revolutionising Law Enforcement With Advanced Technology - Dhiren Bhardwaj at Digital Forensic Forest
Crucial System Files That Can Be Leveraged by Threat Actors(Unexplored LOLBIN) - Forensafe
Investigating iOS IMO - Joshua Hickman at ‘The Binary Hick’
The Green Look Back. Android’s On-Device Location History - Magnet Forensics
Computer artifacts: Exploring metadata, log files, registry data, and more - Memory Forensic
Volatility Foundation’s Memory Samples
THREAT INTELLIGENCE/HUNTING
- ⌛☃❀✵Gootloader Details ✵❀☃⌛
Gootloader’s New Hideout Revealed: The Malware Hunt in WordPress’ Shadows - Adam Goss
Essential Threat Intelligence Collection Sources You Need to Know - Bruce Sussman at Blackberry
7 Key Findings: BlackBerry Threat Researchers Analyze Millions of Cyberattacks - Brad Duncan at Malware Traffic Analysis
- CERT-AGID
- Check Point
24th June – Threat Intelligence Report - Yehuda Gelb at Checkmarx Security
Alert: CDN Service “polyfill.io” - Nick Biasini at Cisco’s Talos
Snowflake isn’t an outlier, it’s the canary in the coal mine - Cleafy
Medusa Reborn: A New Compact Variant Discovered - Cody Craig and Mert Surmeli at Mitiga
Investigator’s Guide to SaaS Incident Response: Part One—Okta Log Fields - Bei Wang, Hari Holla, Keyauri Kendrick, and Kamil Imtiaz at CrowdStrike
Seeing the Unseen: Preventing Breaches by Spotting Malicious Browser Extensions - Niels Groenveld at Cyber Threat Intelligence Training Center
- Cyble
UAC-0184 Abuses Python in DLL Sideloading for XWORM Distribution - Cyfirma
- CYFIRMA INDUSTRY REPORT : ENERGY & UTILITIES
- Tracking Ransomware May 2024
- THE CHANGING : CYBER THREAT LANDSCAPE ASIA-PACIFIC (APAC) REGION — Volume 2
- CYFIRMA INDUSTRY REPORT : HEALTHCARE
- CYFIRMA INDUSTRY REPORT : MANUFACTURING
- Digital Warfare: Pakistan-Based Terrorist Organizations Utilize Digital Platforms in J&K for Psy…
- APT PROFILE — FANCY BEAR
- Cyfirma
Weekly Intelligence Report – 28 June 2024 - Cyjax
Weekly Cyber Threat Intelligence Summary - Darktrace
Medusa Ransomware: Looking Cyber Threats in the Eye with Darktrace - Dragos
Under the Borealis: OT Cyber Threat Intelligence Tailored for Nordic Countries - Flashpoint
COURT DOC: Four Members of Notorious Cybercrime Group ‘FIN9’ Charged for Roles in Attacking U.S. Companies - Daniel Kapellmann Zafra, Alden Wahlstrom, James Sadowski, Josh Palatucci, Davyn Baumann, and Jose Nazario at Google Cloud Threat Intelligence
Global Revival of Hacktivism Requires Increased Vigilance from Defenders - Zak ButlerThreat Analysis Group at Google Threat Analysis Group
Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024 - Harfanglab
Supposed Grasshopper: Operators Impersonate Israeli Government And Private Companies To Deploy Open-source Malware - Zawadi Done and Mattijs Dijkstra at Hunt & Hackett
Incident Response data acquisition, but then scalable & fast - Koen Van Impe
Using Threatview.io as example to add MISP feeds - Michalis Michalos
Keeping an eye on WSL through Microsoft Defender for Endpoint - Natto Thoughts
Who Has the Best Scanning Tools in China? - Ryan Wisniewski and Rajeev Raghunarayan at Obsidian Security
Dissecting Real World Help Desk Social Engineering Attacks - Gijs Hollestelle at Falcon Force
FalconFriday — Detecting MMC abuse using “GrimResource” with MDE — 0xFF24 - Outpost24
- Phylum
A Note About Polyfill - Emma Burdett at Rapid7
Takeaways From The Take Command Summit: Unprecedented Threat Landscape - Recorded Future
Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation - Laura Brosnan and Alex Berninger at Red Canary
Scarlet Goldfinch: Taking flight with NetSupport Manager - Resecurity
Cybercriminals Are Targeting Digital Identity of Singapore Citizens - Sandfly Security
Detecting Linux Stealth Rootkits with Directory Link Errors - SANS
The Importance of Cyber Threat Intelligence: Insights from Recent Nobelium Attacks - SANS Internet Storm Center
- Sansec
Polyfill supply chain attack hits 100K+ sites - SentinelOne
- SOCRadar
- Ax Sharma at Sonatype
Polyfill.io supply chain attack hits 100,000+ websites — all you need to know - Puja Mahendru at Sophos
The State of Ransomware in Financial Services 2024 - Mattias Wåhlén at Truesec
Iran uses Hacktivism as Cover for Destructive Cyber Attacks - Arthur Erzberger at Trustwave SpiderLabs
Atlas Oil: The Consequences of a Ransomware Attack - Vira Shynkaruk at UnderDefense
Ransomware: Still a Threat in 2024? - Kenneth Kinion at Valdin
Using Favicon Hashes to Expand Threat Knowledge - Jiří Kropáč at WeLiveSecurity
ESET Threat Report H1 2024 - Seongsu Park at ZScaler
Kimsuky deploys TRANSLATEXT to target South Korean academia
UPCOMING EVENTS
- Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2024-07-01 - Cyborg Security
Threat hunting workshop: hunting for command and control - Magnet Forensics
Mobile Forensics Images – Getting the Right Data - Off By One Security
PRESENTATIONS/PODCASTS
- Adversary Universe Podcast
How Adversaries Respond to Law Enforcement Takedowns - Andreas Sfakianakis at ‘Tilting at windmills’
SANS CTI Survey 2024 (report and webcast) - Black Hills Information Security
REKAST – Talkin’ Bout [infosec] News 2024-06-24 #infosecnews #cybersecurity #podcast #podcastclips - Breaking Badness
Breaking Badness Cybersecurity Podcast – Voices From Infosec: Jake Bernardes - BSides
Security BSides Dublin 2024 - Cellebrite
Tip Tuesdays – Triage One - Clint Marsden at the TLP – Digital Forensics Podcast
Episode 7 – Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures - Cyber Social Hub
- Cyberwox
Cybersecurity Engineering Careers: Endpoint, SIEM, Threat Intelligence & Automation | Part 2 - Hardly Adequate
Hardly a Week 26 June 24, 2024 - Huntress
- InfoSec_Bret
Challenge – Compromised ICS Device - Intel471
What Can We Learn from Ransomware Attacks - John Hammond
Stop Scammers from Controlling Your Computer - LaurieWired
Bad Unboxing: Automated Android Unpacking - Magnet Forensics
Mobile Unpacked Ep. 18 // Restoring the Past: Exploring artifacts related to restoring data using different methods on iOS devices - MSAB
XAMN Pro Miniseries Part 8 – Working with Python - Red Canary
Navigating the cloud security landscape
MALWARE
- ASEC
- Baris Dincer
- Blackberry
Threat Analysis Insight: RisePro Information Stealer - Cybereason
I am Goot (Loader) - Dr Josh Stroschein – The Cyber Yeti
Investigating Sections in PE Files and Why They Are Important for Reverse Engineering - Emanuele De Lucia
Unveiling Obfuscated Batch Scripts: From UTF-8 to UTF-16 BOM Conversion - Hassan Faizan at Forcepoint
URL shortener in a Microsoft Word file that leads to Remcos RAT - Cara Lin at Fortinet
MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems - HackTheBox
Dissecting Cuttlefish Malware (Attack Anatomy) - Baran S at K7 Labs
SpyMax – An Android RAT targets Telegram Users - Jérôme Segura at Malwarebytes
‘Poseidon’ Mac stealer distributed via Google ads - Durgesh Sangvikar, Yanhui Jia, Chris Navarrete and Matthew Tennis at Palo Alto Networks
Attackers Exploiting Public Cobalt Strike Profiles - Rapid7
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz - RevEng.AI Blog
Latrodectus Affiliate Resumes Operations Using Brute Ratel C4 Post Operation Endgame - Lucija Valentić at ReversingLabs
Malicious npm package targets AWS users - RussianPanda
The GlorySprout or a Failed Clone of Taurus Stealer - Anderson Leite and Sergey Belov at Securelist
XZ backdoor: Hook analysis - Security Onion
Quick Malware Analysis: DARKGATE pcap from 2024-05-14 - SonicWall
- System Weakness
Analyzing a reverse Shell Correlating IOCs - Ahmed Mohamed Ibrahim , Shubham Singh, and Sunil Bharti at Trend Micro
Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer - Zhassulan Zhussupov
Malware development trick 41: Stealing data via legit VirusTotal API. Simple C example. - بانک اطلاعات تهدیدات بدافزاری پادویش
Backdoor.Win32.Tofsee
MISCELLANEOUS
- Sergiy Pasyuta at Atola
Image Synology NAS RAIDs with TaskForce 2024.6 - Forensic Focus
- Magnet Forensics
Announcing our new qualification: Magnet Qualified Graykey Investigator (MQGI) - Matt Linton
Proving Non-Impact - Michael Coppola
Google: Stop Burning Counterterrorism Operations - Microsoft Security
How to boost your incident response readiness - Salvation DATA
Top 10 Tips for Successful Forensic Investigation in 2024 - Yana Dudar at UnderDefense
Building a Strong SOC Team: Best Practices and Strategies
SOFTWARE UPDATES
- Arsenal Consulting
Arsenal Image Mounter Changelog – v3.11.293 - Atola
TaskForce 2 Changelog – 2024.6 - Brim
v1.8.0 - Canadian Centre for Cyber Security
Assemblyline Release 4.5.0.33 - Compelson
MOBILedit Forensic 9.4 just released! - Cyber Triage
Access More! BitLocker, new File Explorer, and Export All Files (3.11 release) - Digital Sleuth
winfor-salt v2024.10.11 - dnSpyEx
v6.5.1 - MSAB
MSAB is excited to introduce the latest releases of XRY, XAMN, and XEC - Ninoseki
Azuma v0.4.1 - OpenCTI
6.2.0 - Passware
Passware Kit 2024 v3 Now Available - Ryan Benson
Unfurl v2024.06 - Security Onion
Security Onion 2.4.80 now available including improvements to our new Detections interface and much more! - SigmaHQ
pySigma v0.11.8 - Vound
Release upgrades of Intella – June 24th, 2024 - Xways
X-Ways Forensics 21.2 Beta 5
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 