As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Chris Ray at Cyber Triage
DFIR Breakdown: Using Certutil To Download Attack Tools - 0xdf hacks stuff
- Baris Dincer
- Belkasoft
Android System Artifacts: Forensic Analysis of Application Usage - Digital Forensics Myanmar
- Forensafe
Investigating iOS Skype - Jouni Mikkola at “Threat hunting with hints of incident response”
The DFIR thing - Lionel Notari
iOS Unified Logs – Device Orientation - Magnet Forensics
Not all geolocation data is created equal - Husam Shbib at Memory Forensic
THREAT INTELLIGENCE/HUNTING
- Akamai
Analyzing Malicious CrowdStrike Domains: Who Is Affected and What Could Come Next - Anton Chuvakin
- Steven Campbell, Akshay Suthar, Markus Neis, Trevor Daher, Jon Grimm, Stefan Hostetler, and Christopher Prest at Arctic Wolf
Abusing BOINC: FakeUpdates Campaign Bundling Malware with Legitimate Software - AttackIQ
- Ionut Ilascu at BleepingComputer
Fake CrowdStrike fixes target companies with malware, data wipers - Aidan Holland at Censys
Stumbling Upon XehookStealer C2 Instances - CERT Ukraine
- CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 20 – 26 luglio - Check Point
- CISA
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs - Nicole Hoffman at Cisco’s Talos
IR Trends: Ransomware on the rise, while technology becomes most targeted sector - Critical Start
Pulling the Unified Audit Log - Cyber Arms
Russian APT Hackers: A Look Inside Russian CyberWarfare - Jane Ginn at Cyber Threat Intelligence Training Center
Synthesizing Signals: A Technical Overview of Multi-Vector Threat Analysis for the New Cyber Reality - Cybereason
Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies - Cyble
Operation ShadowCat: Targeting Indian Political Observers via a Stealthy RAT - Cyfirma
- Cyjax
Weekly Cyber Threat Intelligence Summary - Daniel Wyleczuk-Stern
Detection as Code: A Maturity Framework - Dark Atlas
Medusa Ransomware Group’s OPSEC Failure: Infiltrating Their Cloud Storage - Dragos
Protect Against the FrostyGoop ICS Malware Threat with OT Cybersecurity Basics - Dzianis Skliar
Info Stealers Exposed: The Silent Threat Stealing Your Data - Flashpoint
- Bablu Kumar at Fortinet
Phishing Campaign Targeting Mobile Users in India Using India Post Lures - Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, and Michael Barnhart at Google Cloud Threat Intelligence
APT45: North Korea’s Digital Military Machine - Joaquim Nogueira at GuidePoint Security
How to Make Adversaries Cry: Part 1 - Hal Pomeranz at ‘Righteous IT’
Hiding Linux Processes with Bind Mounts - Harfanglab
Mid-year Doppelgänger Information Operations In Europe And The Us - Huntress
When Trust Becomes a Trap: How Huntress Foiled a Medical Software Update Hack | Huntress - Intel471
Threat Hunting Case Study: Looking for Volt Typhoon - Brian Krebs at Krebs on Security
- Michalis Michalos
Five reasons to start using Microsoft Defender Threat Intelligence (Basic) - Microsoft Security
Onyx Sleet uses array of malware to gather intelligence for North Korea - Mike at ØSecurity
Examining SMS Phishing - Tyler Schechter at MITRE-Engenuity
Turn Your Threat Model to Supermodel with ATT&CK - NVISO Labs
- Arnau Ortega at Falcon Force
Automating the enumeration of missing reply URLs in Azure multitenant apps - Daniel Frank at Palo Alto Networks
From RA Group to RA World: Evolution of a Ransomware Group - Prodaft
The Growing Threat of Cyber Espionage - Pulsedive
Phishing Kits 101 & V3B Phishing Kit - Red Alert
- Red Canary
Intelligence Insights: July 2024 - ReliaQuest
Introducing: Finance & Insurance Sector Threat Landscape - Resecurity
CVE-2024-4879 and CVE-2024-5217 (ServiceNow RCE) Exploitation in a Global Reconnaissance Campaign - SANS Internet Storm Center
- CrowdStrike: The Monday After, (Mon, Jul 22nd)
- New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273), (Tue, Jul 23rd)
- “Mouse Logger” Malicious Python Script, (Wed, Jul 24th)
- XWorm Hidden With Process Hollowing, (Thu, Jul 25th)
- ExelaStealer Delivered “From Russia With Love”, (Fri, Jul 26th)
- Create Your Own BSOD: NotMyFault, (Sat, Jul 27th)
- Itzik Chimino at Security Intelligence
Unveiling the latest banking trojan threats in LATAM - Sekoia
- Silent Push
Silent Push Threat Feeds: IOFA Feeds, Bulk Data Feeds and Custom Feeds - SOCRadar
Dark Web Profile: Eldorado Ransomware - Forrest Kasler at SpecterOps
Deep Sea Phishing Pt. 1 - Symantec Enterprise
Daggerfly: Espionage Group Makes Major Update to Toolset - ThreatBreach
Understanding AWS Logging Capabilities [ AWS Threat Detection Part – 2 ] - Avigayil Mechtinger, Gili Tikochinski, and Dor Laska at Wiz
SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining
UPCOMING EVENTS
- Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2024-07-29 - Magnet Forensics
PRESENTATIONS/PODCASTS
- AhmedS Kasmani
Malware 101: Injection Basics – Remote Shellcode Injection - Black Hills Information Security
REKAST – Talkin’ Bout [infosec] News 2024-07-15 #infosecnews #cybersecurity #podcast #podcastclips - Cellebrite
Cloud Data: The Missing Piece in Your Investigations - Cyber Social Hub
- Cyberwox
- Desi at Hardly Adequate
S02E28 – Hardly a Week 30 - InfoSec_Bret
Challenge – Linux Disk Forensics - John Hammond
- Justin Tolman at AccessData
- Magnet Forensics
Dancing between eDisco and DFIR - Microsoft Security Insights Show
Microsoft Security Insights Show Episode 219 – The Definitive Guide to KQL - MSAB
MSAB Monday Speech To Text - MyDFIR
Why Is Becoming a SOC Analyst So Difficult? - Off By One Security
Understanding Microarchitecture - SANS Cloud Security
HANDS-ON WORKSHOP: Transitioning to Containerization: Aviata Chapter 3 - Security Conversations
Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel? - System Weakness
TryHackMe | Windows Incident Surface | WriteUp - The Defender’s Advantage Podcast
What Iranian Threat Actors Have Been Up To This Year - Threat Forest
MALWARE
- Amr Ashraf
CrowdStrike abuse campaign - Mohamed Talaat at Any.Run
Brute Ratel C4 Badger Used to Load Latrodectus - ASEC
LummaC2 Malware Abusing the Game Platform ‘Steam’ - Yehuda Gelb at Checkmarx Security
Malicious Python Package Targets macOS Developers to Access their GCP Accounts - Cofense
Malware Exploit Bypasses SEGs Leaving Organizations at Risk - Crowdstrike
- Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website
- Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure
- Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure
- Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer
- Digital Daniela
TryHackMe Malbuster Challenge - Dr Josh Stroschein – The Cyber Yeti
👿 Malware Mondays Episode 06 – Analyzing Malicious Network Traffic with Suricata - Esentire
Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT - Lovely Antonio, Louis Sorita, Jr. and Ricardo Pineda, Jr. at G Data Security
SocGholish: Fake update puts visitors at risk - Alison Rusk at INKY
Fresh Phish: Cross Site Scripting Leveraged In This New Prize Scam - K7 Labs
- Lab52
RansomHub Ransomware – New Infection Chains Unveiled - David Weston at Microsoft
Windows Security best practices for integrating and managing security tools - Cyber5w
CyberGate Technical Analysis - Riley Porter, Micah Yates and Mark Lim at Palo Alto Networks
Accelerating Analysis When It Matters - Pending Investigations
OST2 RE3011 Walkthrough Part 1 ft. Binary Ninja - Evan McCann, Matt Smith, Ipek Solak, and Jake McMahon at Rapid7
Malware Campaign Lures Users With Fake W2 Form - Ax Sharma at Sonatype
Npm packages conceal macOS malware in ‘travis.yml’ files, drop bogus “Safari Updates” - Splunk
AcidPour Wiper Malware: Threat Analysis and Detections - Maxime Desbrus at Synacktiv
Battle of the parsers: PEG vs combinators - David E Lares S at System Weakness
Android Malware Analysis Overview - Tehtris
Daolpu Infostealer: Full analysis of the latest malware exploited post CrowdStrike outage - Mathanraj Thangaraju, Max Kersten and Tomer Shloman at Trellix
Handala’s Wiper Targets Israel - Lukas Stefanko and Peter Strýček at WeLiveSecurity
The tap-estry of threats targeting Hamster Kombat players - Zhassulan Zhussupov
Malware and cryptography 30: Khufu payload encryption. Simple C example.
MISCELLANEOUS
- Alican Kiraz
Cybersecurity Commander’s Manifesto: The Art of Tactical and Strategic Defense — Chapter 1 - Binary Defense
The Imperative of Threat Hunting for a Mature Security Posture - Martin Pearson at Black Hills Information Security
Build a Home Lab: Equipment, Tools, and Tips - Brett Shavers
Placing the Suspect Behind the Keyboard: How Full is Your Gas Tank? - Chris Hayes at Reliance Cyber
How to use your own certificates to secure your Velociraptor deployment - Forensic Focus
- Kevin Beaumont at DoublePulsar
What I learned from the ‘Microsoft global IT outage’ - Mathilde Boivin at Lexfo
Writing a stealer logs parser - Matt Suiche
Bob and Alice in Kernel-land - Salvation DATA
Digital Forensic Examiner: 2024 Career Guide - SANS
How to Become an OSINT Investigator - Sky Blueteam
Using Nix to setup a reproducible forensics environment - The Security Noob.
Mastering Powershell Scripting by Chris Dent (REVIEW)
SOFTWARE UPDATES
- Active Countermeasures
Intro to RITA v5! - Amped
Amped Authenticate Update 34382: Range-based Processing for Video Mode, Updated Social Media Identification Filter, and More! - Brian Maloney
OneDriveExplorer v2024.07.24 - Digital Sleuth
winfor-salt v2024.12.4 - Mazars Tech
AD_Miner v1.5.2 - Metaspike
Forensic Email Collector (FEC) Changelog – 4.0.145.1004 - Ninoseki
Azuma v0.5.0 - OpenCTI
6.2.7 - Phil Harvey
ExifTool 12.92 - PuffyCid
Artemis v0.10.0 – Released! - Thiago Canozzo Lahr
uac-3.0.0-rc1
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 