As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Atola Technologies
  Need for Speed: How to Get a Forensic Image Quicker?
  
  
• Clint Marsden at DFIR Insights
  • Exploring Host-Based Digital Forensics with Memory Analysis
  • The role of Incident Response in Cyber Security
  • Introduction to Digital Forensics: Preparing for the Unexpected with Volatility, Wireshark, Hayabusa and FTK Imager
    
    
• Cyber 5W
  Google Drive Forensics
  
  
• Digital Forensics Myanmar
  • Thumbnail Or Thumbcache
  • Apple iPhone Deleted Photo Problem
  • TotalRecall (Recall Feature In Windows 11)
  • Magnet Axiom (AI)
  • eCDFP (Module-6) (Window Forensics) (Part – 1 )
    
    
• Oleg Afonin at Elcomsoft
  • Sideloading Low-Level Extraction Agent with Regular Apple IDs from Windows and Linux
  • Password Breaking A to Z
    
    
• Forensafe
  Investigating iOS Viber
  
  
• Geir Olav Skei
  Where’s my logs at…. UEMS and ZoHo Meeting-edition
  
  
• Hal Pomeranz at ‘Righteous IT’
  Recovering Deleted Files in XFS
  
  
• N00b_H@ck3r
  LetsDefend: Adobe ColdFusion RCE
  

THREAT INTELLIGENCE/HUNTING

• Chris Brenton at Active Countermeasures
  Zeek Log Analysis Using Hacky Scripts
  
  
• Adam at Hexacorn
  High Fidelity detections are Low Fidelity detections, until proven otherwise
  
  
• Francis Guibernau at AttackIQ
  Emulating the Long-Term Extortionist Nefilim Ransomware
  
  
• Australian Cyber Security Centre
  APT40 Advisory
  
  
• Blackberry
  • Akira Ransomware Targets the LATAM Airline Industry
  • Coyote Banking Trojan Targets LATAM with a Focus on Brazilian Financial Institutions
    
    
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 06 – 12 luglio 2024
  
  
• Check Point
  • Exploring Compiled V8 JavaScript Usage in Malware
  • 8th July – Threat Intelligence Report
  • Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112)
  • June 2024’s Most Wanted Malware: RansomHub Takes Top Spot as Most Prevalent Ransomware Group in Wake of LockBit3 Decline
    
    
• CISA
  CISA Releases Advisory Detailing Red Team Activity During Assessment of US FCEB Organization, Highlighting Necessity of Defense-in-Depth
  
  
• Cisco’s Talos
  • How do cryptocurrency drainer phishing scams work?
  • Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling
  • Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
  • Impact of data breaches is fueling scam campaigns
    
    
• Fabian Bader at Cloudbrothers
  Find lateral movement paths using KQL Graph semantics
  
  
• Cofense
  • New Malware Campaign Targeting Spanish Language Victims
  • A “Meta” Facebook Phish
    
    
• Keith J. Jones at Corelight
  Detecting The Agent-Tesla Malware Family | Corelight
  
  
• Cybereason
  Hardening of HardBit
  
  
• Cyble
  • Regional Transport Office themed phishing campaign targets Android users in India
  • NATO’s 75th Anniversary Washington Summit Draws Ire of Hacktivist Groups
    
    
• Cyfirma
  • Kematian-Stealer : A Deep Dive into a New Information Stealer
  • THE CHANGING : CYBER THREAT LANDSCAPE ASIA-PACIFIC (APAC) REGION — Volume 1
  • CYFIRMA INDUSTRY REPORT : HEALTHCARE
    
    
• Cyfirma
  Weekly Intelligence Report – 12 July 2024
  
  
• Cyjax
  Weekly Cyber Threat Intelligence Summary
  
  
• Dragos
  What Manufacturers Need to Know About the OT Cyber Threat Landscape
  
  
• Ryan Slaney at Field Effect
  Field Effect discovers M365 adversary-in-the-middle campaign
  
  
• Bhavin Patel at Foregenix
  Uncovering Stealthy Malware Tactics: Disabling WordFence Scanner
  
  
• John Hultquist at Google Cloud Threat Intelligence
  Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO
  
  
• Hudson Rock
  Re-Infected: The Persistent Threat of Infostealers
  
  
• John F
  Charting the IOCs
  
  
• Paul Kimayong at Juniper Networks
  BianLian Ransomware Group: 2024 Activity Analysis
  
  
• Krebs on Security
  • The Stark Truth Behind the Resurgence of Russia’s Fin7
  • Crooks Steal Phone, SMS Records for Nearly All AT&T Customers
    
    
• Lasq MalfindLabs
  Cyber threat intelligence
  
  
• Natto Thoughts
  RansomWar Part 4a: CyberCriminals as “Combat Resource” and Bargaining Chip
  
  
• Aurelien Chalot at Orange Cyberdefense
  Dumping LSA secrets: a story about task decorrelation
  
  
• Phylum
  New Tactics from a Familiar Threat
  
  
• Recorded Future
  OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen
  
  
• Red Alert
  Monthly Threat Actor Group Intelligence Report, May 2024 (ENG)
  
  
• Brian Donohue at Red Canary
  Halting a hospital ransomware attack
  
  
• Resecurity
  Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale
  
  
• SANS Internet Storm Center
  • Kunai: Keep an Eye on your Linux Hosts Activity, (Mon, Jul 8th)
  • Finding Honeypot Data Clusters Using DBSCAN: Part 1, (Wed, Jul 10th)
  • Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots, (Thu, Jul 11th)
  • 16-bit Hash Collisions in .xls Spreadsheets, (Sat, Jul 13th)
  • Attacks against the “Nette” PHP framework CVE-2020-15227, (Fri, Jul 12th)
    
    
• Sansec
  CosmicSting attacks have started hitting major stores
  
  
• Securelist
  • CloudSorcerer – A new APT targeting Russian government entities
  • Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK
  • When spear phishing met mass phishing
    
    
• Den Iuzvyk and Tim Peck at Securonix
  The Ghost In The Machine: Tracking Stealthy Fileless Malware In The Windows Registry
  
  
• Silent Push
  FIN7: Silent Push unearths the largest group of FIN7 domains ever discovered. 4000+ IOFA domains and IPs found. Louvre, Meta, and Reuters targeted in massive global phishing and malware campaigns.
  
  
• Puja Mahendru at Sophos
  The State of Ransomware in Education 2024
  
  
• Splunk
  • Woken by Ransomware, Are We Hypnotized by Tunnel Vision?
  • Introducing ShellSweepPlus: Open-Source Web Shell Detection
    
    
• Stephan Berger
  • Today I Learned – kernel.modules_disabled
  • Tainted Kernels
    
    
• Symantec Enterprise
  Ransomware: Activity Levels Remain High Despite Disruption
  
  
• Miguel Hernández at Sysdig
  CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools
  
  
• Taz Wake
  Linux IR – Creating evidence of execution in Linux
  
  
• Trend Micro
  • An In-Depth Look at Crypto-Crime in 2023 Part 1
  • An In-Depth Look at Crypto-Crime in 2023 Part 2
    
    
• David Broggy at Trustwave SpiderLabs
  The Underdog of Cybersecurity: Uncovering Hidden Value in Threat Intelligence
  
  
• Valdin
  Poseidon Analysis – Quick and Intuitive Workflows with Validin
  

UPCOMING EVENTS

• Richard Boddington at Belkasoft
  Webinar: From the Field: Belkasoft X User’s Guide to Effective Forensics
  
  
• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2024-07-15
  
  
• Magnet Forensics
  Cyber Unpacked Ep. 2 // Uncovering the unseen: Mastering mobile data for internal investigations and eDiscovery
  

PRESENTATIONS/PODCASTS

• Adversary Universe Podcast
  Talking OT Security with Fernando Madureira, Global CISO of Cosan
  
  
• AhmedS Kasmani
  Malware 101: Injection Basics – Dll Injection
  
  
• Alexis Brignoni
  Digital Forensics Now Podcast – Episode 20
  
  
• Black Hills Information Security
  • REKAST – Talkin’ Bout [infosec] News 2024-07-01 #infosecnews #cybersecurity #podcast #podcastclips
  • REKAST – Talkin’ Bout [infosec] News 2024-07-08 #infosecnews #cybersecurity #podcast #podcastclips
    
    
• BlueMonkey 4n6
  Advanced usage of the linux cd command – change directory tutorial
  
  
• Cellebrite
  Tip Tuesday: Cellebrite Design Partner
  
  
• Clint Marsden at the TLP
  • Episode 8 – Hidden digital forensic logging for Cybersecurity on Any Budget: Practical Strategies for Enhanced Detection and Prevention Using Sysmon, Blocking Data Exfil with group policy and printer forensics
  • Episode 9 -Unmasking APT40 (Leviathan): Tactics, Challenges, and Defense Strategies
    
    
• Cyber Social Hub
  Detecting and Dealing with Deepfakes and Synthetic Media
  
  
• Jane Ginn at Cyber Threat Intelligence Training Center
  Sandworm: Shadows in the Code
  
  
• DFIR101
  Podcast Visualized: DFSP (ep001) – Premier Episode
  
  
• Hardly Adequate
  Hardly a Week 28 July 8, 2023
  
  
• Huntress
  • Backup and Recovery: A Look into the Future by Examining the Past | Product Lab
  • Identity Crisis: Combating M365 Account Takeover at Scale
    
    
• InfoSec_Bret
  Challenge – Confluence CVE-2023-22527 – Part 1
  
  
• Karsten Hahn at Malware Analysis For Hedgehogs
  IDA vs Binary Ninja vs Ghidra after 1.5 years using them
  
  
• Magnet Forensics
  • Optimize your agency’s budget with grant support
  • Investigate Malware & Ransomware with Speed and Efficiency
  • Malware and CSAM – How do you Prove Malware did not Run?
    
    
• Malspace
  PIVOTcon
  
  
• Microsoft Security Insights Show
  Microsoft Security Insights Show Episode 217 – Heike Ritter
  
  
• MSAB
  MSAB Monday XAMN Pro Part 10 – Reporting
  
  
• MyDFIR
  • Cybersecurity SOAR EDR Project | Part 5
  • Cybersecurity SOC Analyst: Hands-On Training (10 Sites)
    
    
• Paraben Corporation
  E3 Forensic Platform Overview Final
  
  
• Security Conversations
  Ep4: The AT&T mega-breach, iPhone mercenary spyware, Microsoft zero-days
  
  
• Threat Forest
  DFIR & docker containers part 1
  

MALWARE

• Any.Run
  • A Guide to Common Encryption Algorithms in Modern Malware
  • Malware Trends Report: Q2, 2024 
    
    
• ASEC
  Distribution of AsyncRAT Disguised as Ebook
  
  
• Avast Threat Labs
  Decrypted: DoNex Ransomware and its Predecessors
  
  
• Baris Dincer
  Malicious Document Analysis: Emotet Case IV
  
  
• Cryptax
  Untangling Android/TangleBot
  
  
• Dr Josh Stroschein at The Cyber Yeti
  DEFCON32 Workshop Prep – Dissecting and Defeating Ransomware’s Evasion Tactics
  
  
• Emanuele De Lucia
  Unveiling AzzaSec Ransomware: Technical insights into the group’s locker.
  
  
• Fareed Fauzi
  PEB Walk and API hashing for Malware Analysis – Part 1
  
  
• Mayur Sewani at Forcepoint
  ShadowRoot Ransomware Targeting Turkish Businesses
  
  
• Kota Kino at JPCERT/CC
  Attack Activities by Kimsuky Targeting Japanese Organizations
  
  
• Malware Musings
  Tofsee (part 2): The First Unpacking Loop
  
  
• Jérôme Segura at Malwarebytes
  Fake Microsoft Teams for Mac delivers Atomic Stealer
  
  
• Yashvi Shah and Vignesh Dhatchanamoorthy at McAfee Labs
  ClickFix Deception: A Social Engineering Tactic to Deploy Malware
  
  
• OALABS Research
  • Zharkbot In A RUST Shell
  • Emulating Themida
    
    
• Vishwa Thothathri, Yijie Sui, Anmol Maurya, Uday Pratap Singh and Brad Duncan at Palo Alto Networks
  DarkGate: Dancing the Samba With Alluring Excel Files
  
  
• Karlo Zanki at ReversingLabs
  Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs
  
  
• Mike Blinkman at System Weakness
  Dynamic Malware Analysis Techniques for Cybersecurity
  
  
• Yin Hong Chang and Sudeep Singh at ZScaler
  • DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1
  • MoonWalk: A deep dive into the updated arsenal of APT41 | Part 2
    

MISCELLANEOUS

• Sergiy Pasyuta at Atola
  E01 vs AFF4: Which image format is faster?
  
  
• Kushalveer Singh Bachchas at AT&T Cybersecurity
  Digital Forensics in the Age of Cryptocurrency: Investigating Blockchain and Crypto Crimes
  
  
• Sebastian Kandler at Detect FYI
  • EDR — Your weakest link in protecting against a Ransomware Attack?
  • Breach and Attack Simulations – Product Comparison
    
    
• Forensic Focus
  • Maximizing e-Discovery Efficiency: A Forensic Consultant’s Take On The Benefits Of Ballistic Imager
  • Digital Forensics Round-Up, July 10 2024
  • SOC Automation: More Secure For Less Cost
  • Forensic Focus Digest, July 12 2024
    
    
• Magnet Forensics
  Meet the Magnet Forensics Training Team: Luke Clarke
  
  
• Matt Shannon at F-Response
  You never forget your first time. Using F-Response before it was F-Response
  
  
• Nik Earnest at OpenText
  Series intro – The rise of the threat hunter
  
  
• Salvation DATA
  • Key Examination Steps for a Forensic Investigator
  • Essential Skills for Forensic Analysts in 2024
    
    
• Mike Elgan at Security Intelligence
  A decade of global cyberattacks, and where they left us
  
  
• Doug Burks at Security Onion
  Celebrating 10 Years of Security Onion Solutions and Announcing Security Onion Pro!
  
  
• System Weakness
  • Wireshark for Beginners: A Comprehensive Tutorial with Best Use Cases
  • Understanding External Inbound Traffic Monitoring: Safeguarding Your Digital Perimeter
    

SOFTWARE UPDATES

• Atola
  TaskForce 2 Changelog – 2024.6.1
  
  
• Alexis Brignoni
  • iLEAPP v1.19.4
  • ALEAPP v3.2.3
    
    
• Amped
  Amped FIVE Update 34212: New and Improved Batch Convert DVR, New Supported Video Formats, Updates to Advanced File Info, Frame Size, Link Filters, and Much More
  
  
• Cellebrite
  Unveiling Inseyets UFED Version 10.2: Elevating Digital Forensics
  
  
• Digital Sleuth
  winfor-salt v2024.10.16
  
  
• Elcomsoft
  iOS Forensic Toolkit 8.60 enhances agent-based low-level extraction in Linux and Windows editions
  
  
• Francesco de Lorenzi
  WhatsApp Forensic Exporter
  
  
• Magnet Forensics
  Magnet Griffeye 24.3: Video Signature Matching uncovers evidence in extensive video footage
  
  
• Alexandre Borges
  Malwoverview 6.0.0
  
  
• Manabu Niseki
  Mihari v7.6.2
  
  
• Metaspike
  Forensic Email Intelligence 2.2 Release Notes
  
  
• OpenCTI
  6.2.4
  
  
• Phil Harvey
  ExifTool 12.89
  
  
• SigmaHQ
  pySigma v0.11.9
  
  
• Ulf Frisk
  MemProcFS Version 5.10
  
  
• WithSecure Labs
  Chainsaw v2.9.2
  
  
• Xways
  X-Ways Forensics 21.2
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!