As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Adam Messer
Cloud Digital Forensics and Incident Response — EC2 Compromise Leads to S3 Bucket Exfiltration - Baris Dincer
- Belkasoft
Challenges in Digital Forensics: The Case of the Trump Rally Shooter’s Phone - Digital Forensics Myanmar
- Forensafe
Investigating Android AVG Antivirus - Gabe Renfro and Jake Plant at GuidePoint Security
Fraudster’s Fumble: From Phish to Failure - Husam Shbib at Memory Forensic
- Kevin Stokes
Plaso Super Timelines with Docker - Dan Aschwanden and Mikhail Bushkov at Open Source DFIR
GRR with GCS Blobstore and Cloud Pub/Sub Service
THREAT INTELLIGENCE/HUNTING
- Anton Chuvakin
Google Cloud Security Threat Horizons Report #10 Is Out! - Any.Run
What Are the 3 Types of Threat Intelligence Data - Ayelen Torello at AttackIQ
Response to CISA Advisory (AA24-193A): CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth - Avertium
Botnets to Watch – CatDDoS and Zergeca - CERT Ukraine
Цільові кібератаки UAC-0180 у відношенні оборонних підприємств з використанням GLUEEGG / DROPCLUE / ATERA (CERT-UA#10375) - CERT-AGID
- Chainalysis
Introducing Chainalysis Operation Spincaster: An Ecosystem-Wide Initiative To Disrupt and Prevent Billions in Losses to Crypto Scams - Check Point
- Yehuda Gelb at Checkmarx Security
Tip of the Iceberg: Malicious Python Packages Reveal Extensive Cybercriminal Operation Based in… - Allen Marin at Corelight
Understanding the Latest Threat Landscape: Insights from Mandiant M-Trends - Cyble
- Investigating the New Jellyfish Loader
- Hacktivist Groups “People’s Cyber Army” And “HackNeT” Launch Trial DDoS Attacks on French Websites; prior to the Onslaught during Paris Olympics
- New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users
- Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation
- Cyfirma
Threat Actors Actively Exploiting CVE-2024–24919: Underground Forums Share IP Addresses of… - Cyfirma
Weekly Intelligence Report – 19 July 2024 - Cyjax
Weekly Cyber Threat Intelligence Summary - Esentire
The Gatekeeper’s Secrets: DarkGate Malware Analysis - g0njxa
Approaching stealers devs : a brief interview with Poseidon - Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, and Jonathan Lepore at Google Cloud Threat Intelligence
APT41 Has Arisen From the DUST - Konstantin Lazarev at GreyNoise Labs
Command and Control (C2) Servers 101 - HackTheBox
How to apply the MITRE ATT&CK framework to your cybersecurity strategy - Haircutfish
TryHackMe Room — Threat Intelligence for SOC - Human Security
Satori Threat Intelligence Alert: Konfety Spreads ‘Evil Twin’ Apps for Multiple Fraud Schemes - InQuest
USPS Parcel Delivery Themed Smishing Campaign Activity - Intel471
- Yuma Masubuchi, Kota Kino, and Shusei Tomonaga at JPCERT/CC
MirrorFace Attack against Japanese Organisations - Justin Ibarra
Introducing the REx: Rule Explorer Project - Kaido Järvemets
- Brian Krebs at Krebs on Security
- Suneel Sundar at MITRE-Engenuity
Industry Leaders Expand Threat-Informed Defense to AI-Enabled Systems - Brad LaPorte at Morphisec
Mid-year Threat Landscape Roundup: What You Need to Know - Natto Thoughts
Ransom-War Part 4b: Ransomware Diplomacy - Nextron Systems
Antivirus Event Analysis Cheat Sheet v1.13.0 - Yosef Yaakov and Bar Ben-Michael at Palo Alto Networks
Container Breakouts: Escape Techniques in Cloud Environments - AJ Hammond at Praetorian
Unconstrained Delegation in Active Directory - Raj Samani at Rapid7
Defending Against APTs: A Learning Exercise with Kimsuky - Recorded Future
- ReliaQuest
Ransomware and Cyber Extortion in Q2 2024 - SANS
Defending Against SCATTERED SPIDER and The Com with Cybercrime Intelligence - SANS Internet Storm Center
- Security Joes
Security’s Achilles’ Heel: Vulnerable Drivers on the Prowl - SentinelOne
- Simone Kraus
Why CONTI has changed incident response — and why it’s not over - SOCRadar
- Puja Mahendru at Sophos
The State of Ransomware in Critical Infrastructure 2024 - Splunk
- Taz Wake
Linux Security – Forwarding the Journal logs - Trend Micro
- John Dwyer, Kevin Haubris and Eric Gonzalez at TrustedSec
Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks - Trustwave SpiderLabs
Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01
UPCOMING EVENTS
- Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2024-07-22 - Cyber Triage
Fuzzy Malware Matching Methods for DFIR – How to Scope Incidents - Magnet Forensics
PRESENTATIONS/PODCASTS
- AhmedS Kasmani
Malware 101: Injection Basics – Local Shellcode Injection - Breaking Badness
Breaking Badness Cybersecurity Podcast – 190. The Weak Security Default in Our Stars - Clint Marsden at the TLP – Digital Forensics Podcast
Episode 10 – Detecting and Preventing Phishing Attacks - Cloud Security Podcast by Google
EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams - Cyber Social Hub
Are You Using a CSAM Global Database in Your Investigation? - Desi at Hardly Adequate
S02E27 – Hardly a Week 29 - DFIR101
Podcast Visualized: Digital Forensic Survival Podcast (ep002) – Windows Link Files - FIRST
2024 Cyber Threat Intelligence Conference | #FIRSTCTI24 - Huntress
July 2024 Community Fireside Chat: Cyber Insurance Office Hours - InfoSec_Bret
Challenge – Confluence CVE-2023-22527 – Part 2 - John Hammond
- Justin Tolman at AccessData
- LetsDefend
SOC Analyst Interview Questions - Magnet Forensics
- MSAB
XRY Show Summary Page - MyDFIR
Hack The Box SOC Analyst Lab – Unit42 (Sysmon) - Nuix
- Nuix Neo – One platform for all your complex data challenges
- Nuix XLR8/24
- Nuix & ACEDS webinar // Unlocking The Potential of AI In Legal Discovery
- Webinar – Unlocking the power of AI for unstructured data with integrated link analysis
- Nuix & Grant Thornton webinar – Meeting your data challenges with responsible AI solutions
- On demand webinar// Are you ready to tackle the surge in Data Subject Access Requests (DSAR)?
- Webinar//eDiscovery Automation: How Technology is Revolutionizing Legal Challenges
- Palo Alto Networks Unit 42
Vishing Villains and Voter Vigilance - Richard Davis at 13Cubed
Mounting Linux Disk Images in Windows - Sandfly Security
- SANS
How to Attract, Hire and Retain Mid-Level Cybersecurity Roles - Security Conversations
Ep5: CrowdStrike’s faulty update shuts down global networks - Threat Forest
News from Threat Forest: Akira, Phishing kit and AutoIT information stealer
MALWARE
- ASEC
- CyberArmor
White Snake: Latest Campaign With Multi-Stage Malware Dropper - Dark Atlas
Kimsuky APT: The TrollAgent Stealer Analysis - Ivan Kosarev at Deep Instinct
Deep Dive: Exposing Stealthy New BlackSuit Ransomware - Dr Josh Stroschein – The Cyber Yeti
How to Find Digital Certificates in the PE File Format - Fareed Fauzi
Dive into PEB Walk in Malware Analysis - Google Cloud Threat Intelligence
Scaling Up Malware Analysis with Gemini 1.5 Flash - James Barnett at Infoblox
RDGAs: The Next Chapter in Domain Generation Algorithms - Nicole Fishbein at Intezer
How to Analyze Malicious MSI Installer Files - Nithin Chenthur Prabhu
Malware Development, Analysis and DFIR Series – Part IV - Ovi Liber
- Lee Wei Yeong at Palo Alto Networks
Beware of BadPack: One Weird Trick Being Used Against Android Devices - Patrick Wardle at Objective-See
This Meeting Should Have Been an Email - Phylum
Fake AWS Packages Ship Command and Control Malware In JPEG Files - Richard Christopher
Bitter [IR/Malware Analysis] - Sekoia
MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign - Liran Tal at Snyk
Suspicious Maintainer Unveils Threads of npm Supply Chain Attack - SonicWall
Volcano Demon Group Targets Idealease Inc. Using LukaLocker Ransomware - Matt Morrow at Sucuri
Attackers Abuse Swap File to Steal Credit Cards - Tony Lambert
Decompiling a JPHP Loader with binwalk and cfr - Romain Dumont at WeLiveSecurity
HotPage: Story of a signed, vulnerable, ad-injecting driver - Zhassulan Zhussupov
MISCELLANEOUS
- Cellebrite
Cellebrite Industry Trends Survey 2024: Is Your Business Prepared? - Cyberdom
Microsoft Defender Delayed Updates - Forensic Focus
- Google Cloud Threat Intelligence
AI-Powered Learning: Your NIST NICE Prompt Library (Built with Google Gemini) - Matt C. A. Smith
Endpoint detection and response (EDR) – setting the record straight - MISP
Maltego Integration with MISP - Stephan Jou at OpenText
A study of threat hunters - Oxygen Forensics
- Prodaft
What Is the Difference Between the Deep Web and the Dark Web? - Salvation DATA
- SANS
- How to Become a SOC Analyst
- Master Cloud Threat Detection with Cutting-Edge Techniques
- How SOAR Transforms Security Operations: A Real-World Case Study
- Lessons Learned on the Impact of Training on Hiring Success: A Mastercard Use Case
- Strategies for Training and Hiring in the US Government: A Black Rainbow Case Study
- Jennifer Gregory at Security Intelligence
Cybersecurity crisis communication: What to do
SOFTWARE UPDATES
- Airbus Cybersecurity
IRIS-Web v2.4.9 - Apache
Release 3.0.0-BETA2 – 07/09/2024 - Brian Maloney
OneDriveExplorer v2024.07.19 - Brim
v1.17.0 - Cellebrite
Breaking Down Barriers: Native Linux Support in Cellebrite Endpoint Inspector 2.2 - Datadog Security Labs
GuardDog v2.0.0 - Didier Stevens
- Digital Sleuth
winfor-salt v2024.12.1 - Google
Timesketch 20240717 - Magnet Forensics
- Martin Korman
Regipy release 4.3.0 - OpenCTI
6.2.6 - Sandfly Security
Sandfly 5.1 – Introducing SSH Security Zones - Sigma
Release r2024-07-17 - Xways
X-Ways Forensics 21.2 SR-1
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 