As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Cyber 5W
  Windows Registry Analysis
  
  
• Decrypting a Defense
  NYC ShotSpotter Report, Deepfakes, Video ID Decision, Digital Evidence Standards, & More
  
  
• Django Faiola at ‘Appunti di Informatica Forense’
  iOS Booking.com – Hotels & Travel
  
  
• Forensafe
  Investigating Android Google Drive
  
  
• Ian Whiffin at DoubleBlak
  BrowserState.db last_viewed_time? (Again)
  
  
• Memory Forensic
  Memory Mystery Challenge
  

THREAT INTELLIGENCE/HUNTING

• Francis Guibernau at AttackIQ
  Emulating the Sabotage-Focused Russian Adversary Sandworm– Part 2
  
  
• Avertium
  New Ransomware Groups to Watch – RA World and DragonForce
  
  
• CERT-AGID
  • In corso campagne di phishing italiane a tema FedEx
  • Sintesi riepilogativa delle campagne malevole nella settimana del 29 Giugno – 05 Luglio 2024
    
    
• Check Point
  1st July – Threat Intelligence Report
  
  
• Permiso
  Exploiting Cloud Secrets Management Repositories: Adversaries Tactics and Mitigation Strategies
  
  
• Cyble
  Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412
  
  
• Cyfirma
  • Lumma Stealer: Tactics, Impact, and Defense Strategies
  • CYFIRMA INDUSTRY REPORT : AUTOMOTIVE
    
    
• Cyfirma
  Weekly Intelligence Report – 05 July 2024
  
  
• Cyjax
  Weekly Cyber Threat Intelligence Summary
  
  
• Darktrace
  A Busy Agenda: Darktrace’s Detection of Qilin Ransomware-as-a-Service Operator
  
  
• James Coote at Delivr.to
  GWT-Assisted HTML Smuggling
  
  
• Rohit Sadgune at Detect Diagnose Defeat Cyber Threat
  Linux threat hunting using CUT SORT UNIQ DIFF
  
  
• Detect FYI
  • Sysmon: a viable alternative to EDR?
  • Simulating a Akira Ransomware Attack with Atomic Red Team
  • Maximize Your IPS Potential: Enhancing Security with Automated Blocking
    
    
• Panos Koutsovasilis at Elastic
  Tracing Linux: A file integrity monitoring use case
  
  
• Esentire
  Exploring the Infection Chain: ScreenConnect’s Link to AsyncRAT Deployment
  
  
• Flashpoint
  Understanding and Protecting Against Infostealer Malware: A Comprehensive Guide
  
  
• HackTheBox
  AS-REP roasting detection
  
  
• Haircutfish
  TryHackMe Room — Tactical Detection
  
  
• Huntress
  Hackers Are Hiding in Plain Sight: Insights from Our 2024 Cyber Threat Report | Huntress
  
  
• I am Jakoby
  LOLBINS AUTOMATED – a powershell module to make it TOO easy
  
  
• Michael Zuckerman at Infoblox
  DNS Early Detection – Breaking the Coral Raider Kill Chain
  
  
• Tom Philippe at InfoSec Write-ups
  When the Hunter Becomes the Hunted: Using Minifilters to Disable EDRs
  
  
• Intel471
  Assessing the Disruptions of Ransomware Gangs
  
  
• Brian Krebs at Krebs on Security
  The Not-So-Secret Network Access Broker x999xx
  
  
• Ugur Koc and Bert-Jan Pals at Kusto Insights
  Kusto Insights – June Update
  
  
• Lina Lau at Xintra
  Detecting Lateral Movement in Entra ID: Cross Tenant Synchronization
  
  
• Obsidian Security
  Shadow Linking: The Persistence Vector of SaaS Identity Threat
  
  
• Sebastien Meriot and Christophe Bacara at OVHcloud
  The Rise of Packet Rate Attacks: When Core Routers Turn Evil
  
  
• Phylum
  Persistent npm Campaign Shipping Trojanized jQuery
  
  
• Prodaft
  • What Is The Rhadamanthys Stealer?
  • Understanding Prometheus TDS
    
    
• Recorded Future
  Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers
  
  
• Red Alert
  Monthly Threat Actor Group Intelligence Report, May 2024 (KOR)
  
  
• ReliaQuest
  Medusa Attack Analysis
  
  
• Ryan Hicks at Kroll
  CLEARFAKE Update Tricks Victim into Executing Malicious PowerShell Code
  
  
• SANS Internet Storm Center
  • SSH “regreSSHion” Remote Code Execution Vulnerability in OpenSSH., (Mon, Jul 1st)
  • Overlooked Domain Name Resiliency Issues: Registrar Communications, (Fri, Jul 5th)
    
    
• Sekoia
  Exposing FakeBat loader: distribution methods and adversary infrastructure
  
  
• SOCRadar
  Dark Web Profile: Brain Cipher
  
  
• SonicWall
  The Hidden Danger of PDF Files with Embedded QR Codes
  
  
• Taz Wake
  Linux Incident Response – Sticky Bits, SUID and SGID.
  
  
• The One Tracker
  The One Tracker
  
  
• Trend Micro
  • Mekotio Banking Trojan Threatens Financial Systems in Latin America
  • Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective
    
    
• Uptycs
  • Uptycs Quarterly Cyber Threat Bulletin Q2 2024: Key Insights
  • Mallox Ransomware: Linux Variant Decryptor Found | Uptycs
    

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2024-07-08
  
  
• Cyborg Security
  Threat Hunting Workshop 11: Hunting for Command and Control
  
  
• Magnet Forensics
  • Investigate Malware & Ransomware with Speed and Efficiency
  • Malware and CSAM – How do you Prove Malware did not Run?
    
    
• MSAB
  XAMN Pro – “Turn the dials to 10 – Part 3”
  
  
• SANS
  Understanding Ransomware Threats to ESXi: Essential Insights
  

PRESENTATIONS/PODCASTS

• AhmedS Kasmani
  • Malware Evasion 101: Detecting Debugger and Analysis Software
  • Malware 101: Writing your first Exe and Dll in C
    
    
• Belkasoft
  Belkasoft Mobile Passcode Brute-Force Module (Turkish language)
  
  
• Breaking Badness
  Breaking Badness Cybersecurity Podcast – 189. Malware the Wild Things Are
  
  
• Cellebrite
  • Tip Tuesdays: PA 7 and PA 10 – A Side-by-Side Comparison
  • UpLIFT Episode 2 – Combatting ICAC through Community Education
    
    
• Cloud Security Podcast by Google
  EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response
  
  
• Cyber from the Frontlines
  E14 Hunting BlackSuit TTPs
  
  
• FIRST
  Episode 45: Carson Zimmerman, Ardalyst, FIRSTCON24 Speaker
  
  
• Hardly Adequate
  • Hardly a Week 27 July 1, 2024
  • Catching up with Tom
    
    
• Huntress
  How to talk to your clients about Incident Response plans | Community Fireside Chat
  
  
• InfoSec_Bret
  Challenge – PHP-CGI (CVE-2024-4577)
  
  
• Jai Minton
  MALWARE on a BLOCKCHAIN! | Malware Analysis of ClearFake hosed on hacked WordPress sites
  
  
• Magnet Forensics
  Mobile Forensics Images – Getting the Right Data
  
  
• Microsoft Security Insights Show
  Microsoft Security Insights Show Episode 216 – Just Us
  
  
• MSAB
  XAMN Pro Miniseries Part 9 – Working with tags
  
  
• MyDFIR
  • Cybersecurity SOAR EDR Project | Part 3
  • Cybersecurity SOAR EDR Project | Part 4
    
    
• Paraben Corporation
  E3 Google Authenticator for Cloud Data
  
  
• SANS
  • Detection and Response | The 8 Domains of the Cloud Security Maturity Model | Part 6
  • Cyber Wars: The Legal Force Awakens
  • SANS Ransomware Summit 2024
  • Get to Know Sean Thomas
    
    
• Security Conversations
  Ep3: Dave Aitel joins debate on nation-state hacking responsibilities
  

MALWARE

• ASEC
  • Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)
  • Linux Defense Evasion Techniques Detected by AhnLab EDR (2)
  • Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)
  • Kimsuky Group’s New Backdoor Appears (HappyDoor)
    
    
• Baris Dincer
  • Malicious Document Analysis II
  • Malicious Document Analysis: Emotet Case III
    
    
• Ricardo Pineda, Jr. and Arvin Bandong at G Data Security
  Turla: A Master’s Art of Evasion
  
  
• Arunkumar at K7 Labs
  Kematian Stealer forked from PowerShell Token Grabber
  
  
• Riley Porter and Mark Lim at Palo Alto Networks
  Dissecting GootLoader With Node.js
  
  
• Alex Delamotte at SentinelOne
  CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts
  
  
• Ben Martin at Sucuri
  New Variation of WordFence Evasion Malware
  
  
• System Weakness
  • Blocking Malicious IP’s using Suricata
  • Analyzing Malware with FlareVM and REMnux: A Step-by-Step Guide
    
    
• Zhassulan Zhussupov
  Malware development trick 42: Stealing data via legit Discord Bot API. Simple C example.
  
  
• ZScaler
  A Brief History of SmokeLoader, Part 2
  

MISCELLANEOUS

• John Reeman at Cyooda Security
  Creating an Effective Cyber Security Incident Response Plan
  
  
• Elan at DFIR Diva
  • Detego Digital Forensics and Cyber Crime Investigations Course Giveaway
  • Free & Affordable Training News Monthly: June – July, 2024
    
    
• Forensic Focus
  • GMDSOFT Tech Letter – Android Camera Log Analysis
  • Digital Forensics Round-Up, July 03 2024
  • Introducing The Oxygen Forensics Scholarship Program
    
    
• Nextron Systems
  Cybersecurity is Not Just an IT Security Issue
  
  
• Salvation DATA
  • How to Recover Deleted Text Messages in Phone Forensics?
  • Effective Forensic Data Analysis for Financial Crime Detection
  • How to Retrieve Call Logs and Contacts in Cell Phone Forensics?
    
    
• Security Onion
  • Security Onion Documentation printed book now updated for Security Onion 2.4.80!
  • Security Onion and RegreSSHion CVE-2024-6387
    

SOFTWARE UPDATES

• CCL Solutions
  Shiny new Chrome tool now available
  
  
• Datadog Security Labs
  GuardDog v1.11.2
  
  
• Didier Stevens
  Update: hash.py Version 0.0.13
  
  
• Digital Sleuth
  winfor-salt v2024.10.12
  
  
• Federico Lagrasta
  PersistenceSniper v1.16.1
  
  
• Ninoseki
  Azuma v0.4.2
  
  
• OpenCTI
  6.2.1
  
  
• WithSecure Labs
  Chainsaw v2.9.1-2
  
  
• Xways
  X-Ways Forensics 21.2 Beta 6
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!