As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Digital Forensics Myanmar
  eCDFP (Module-6) (Window Forensics) (Part – 5 )
  
  
• Dr. Neal Krawetz at ‘The Hacker Factor Blog’
  Reversing Samsung Metadata
  
  
• Forensafe
  Investigating Android Firefox
  
  
• Justin De Luna at ‘The DFIR Spot’
  RDP Bitmap Cache – Piece(s) of the Puzzle
  
  
• Kevin Stokes
  Plaso Super Timelines in Splunk
  
  
• Magnet Forensics
  See the story of your geolocation data with Magnet Review’s Worldmap View
  
  
• Axoloth at System Weakness
  TryHackMe | Forensic Imaging | WriteUp
  
  
• James McGee at The Metadata Perspective
  Sleepless in Cupertino: A Forensic Dive into Apple Watch Sleep Tracking
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • High Fidelity detections are Low Fidelity detections, until proven otherwise, Part 2
  • The value-proposition of building and maintaining an internal Threat Hunting team…
    
    
• Alican Kiraz
  Operation Olympic Games: In-Depth Incident and Threat Actor Analysis (a.k.a Stuxnet)
  
  
• AT&T Cybersecurity
  Are Ransomware Attacks Still a Growing Threat in 2024?
  
  
• Francis Guibernau at AttackIQ
  • Emulating the Politically Motivated North Korean Adversary Andariel – Part 2
  • Emulating Sandworm’s Prestige Ransomware
    
    
• AWS Security
  • Accelerate incident response with Amazon Security Lake – Part 2
  • How to deploy an Amazon OpenSearch cluster to ingest logs from Amazon Security Lake
    
    
• BI.Zone
  Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware
  
  
• Brad Duncan at Malware Traffic Analysis
  • 2024-07-30 – Traffic analysis exercise: You dirty rat!
  • 2024-07-23 – Eight days of server scans and probes
    
    
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 27 luglio – 2 agosto
  
  
• Check Point
  29th July – Threat Intelligence Report
  
  
• Cisco’s Talos
  • Detecting evolving threats: NetSupport RAT campaign
  • APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
    
    
• Coveware
  Ransomware actors pivot away from major brands in Q2 2024
  
  
• Crowdstrike
  Malicious Inauthentic Falcon Crash Reporter Installer Delivers LLVM-Based Mythic C2 Agent Named Ciro
  
  
• Cyber 5W
  How SIEM Works
  
  
• Cyble
  • Threat Actors Exploit Sora AI-themed Branding to Spread Malware
  • Exodus Marketplace: A Haven for Exiled Criminals 
    
    
• Cyfirma
  Weekly Intelligence Report – 02 Aug 2024
  
  
• Cyjax
  Weekly Cyber Threat Intelligence Summary
  
  
• Daniel Wyleczuk-Stern
  The Pillars of Security Monitoring: A Comprehensive Guide
  
  
• Sebastian Obregoso and Zack Allen at Datadog Security Labs
  Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access
  
  
• Detect FYI
  • CyberVolk Ransomware
  • Threat Hunting – Suspicious Named pipes
    
    
• Digital Daniela
  Threat Intelligence: Hunting IOCs with Elastic
  
  
• Haxrob at doubleagent.net
  Hiding in plain sight (part 2) – Abusing the dynamic linker
  
  
• Shelby Brooks at Dragos
  Key Insights for NERC CIP-015 Compliance: Anomaly Detection vs. Detecting Anomalous Activity
  
  
• Esentire
  • Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and PureLogs Stealer Leverage TryCloudflare
  • Hackers Are Stealing GenAI Credentials, So What Sensitive Company Data Are They Getting their Hands On?
  • Top Strategies for Ensuring Ransomware Readiness in 2024
    
    
• Flashpoint
  • COURT DOC: North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers
  • Grandoreiro Malware: Spear Phishing, Outlook Exploits, and More
    
    
• Josh Murchie, Ashley Pearson,  Joseph Pisano,  Jake Nicastro,  Joshua Shilko, and Raymond Leong at Google Cloud Threat Intelligence
  UNC4393 Goes Gently into the SILENTNIGHT
  
  
• Guardio
  “EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch…
  
  
• HackTheBox
  LLMNR poisoning attack detection
  
  
• Human Security
  It’s All in the Numbers—The Quadrillion Report: 2024 Cyber Threat Benchmarks
  
  
• Huy Kha at Semperis
  Strengthening Incident Response with Forest Druid
  
  
• Infoblox
  DNS Early Detection – Breaking the Black Basta Ransomware Kill Chain
  
  
• Invictus Incident Response
  A deep dive into Entra ID Identity Protection for Incident Response
  
  
• ITMFramework
  Check out @ITMFramework’s Tweet
  
  
• Jim Goodrich at Splunk
  Driving vSOC Detection with Machine Learning
  
  
• Brian Krebs at Krebs on Security
  Don’t Let Your Domain Name Become a “Sitting Duck”
  
  
• Lakshya Mathur, Vallabh Chole & Abhishek Karnik at McAfee Labs
  The Scam Strikes Back: Exploiting the CrowdStrike Outage
  
  
• Microsoft Security
  • Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
  • Windows Security best practices for integrating and managing security tools
    
    
• Leandro Fróes at Netskope
  Netskope Threat Labs Quarterly Stats for July 2024
  
  
• Steffen Rogge at NVISO Labs
  From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements
  
  
• Positive Technologies
  The consequences of delays in remediating vulnerabilities, 2022–2023
  
  
• Prodaft
  Why Does SystemBC Dominate the Ransomware Scene?
  
  
• Proofpoint
  • Scammer Abuses Microsoft 365 Tenants, Relaying Through Proofpoint Servers to Deliver Spam Campaigns
  • Threat Actor Abuses Cloudflare Tunnels to Deliver RATs
    
    
• Recorded Future
  “ERIAKOS” Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team
  
  
• Red Alert
  • 2023 Activities Summary of SectorB groups (JPN)
  • 2023 Activities Summary of SectorC groups (JPN)
  • 2023 Activities Summary of SectorD groups (JPN)
  • 2023 Activities Summary of SectorJ groups (JPN)
  • 2023 Activities Summary of SectorA groups (JPN)
  • Monthly Threat Actor Group Intelligence Report, June 2024 (KOR)
    
    
• Brian Donohue and Jason Killam at Red Canary
  Certified evil: Investigating signed malicious binaries
  
  
• ReliaQuest
  • Beyond the Endpoint: Cyber Threats Eluding Endpoint Detection
  • Integrating Security Tools: Maximizing Efficiency in Threat Detection, Investigation, and Response
    
    
• SANS Internet Storm Center
  • CrowdStrike Outage Themed Maldoc, (Mon, Jul 29th)
  • Quickie: Password Cracking & Energy, (Sun, Jul 28th)
  • Increased Activity Against Apache OFBiz CVE-2024-32113, (Wed, Jul 31st)
  • Tracking Proxy Scans with IPv4.Games, (Thu, Aug 1st)
  • Even Linux users should take a look at this Microsoft KB article., (Fri, Aug 2nd)
  • OOXML Spreadsheets Protected By Verifier Hashes, (Sat, Aug 3rd)
    
    
• Securelist
  How “professional” ransomware variants boost cybercrime groups
  
  
• Morgan Wright at SentinelOne
  Going For Gold | Russian Threats to the Olympic Games
  
  
• SOCRadar
  • Dark Web Profile: APT40
  • Dark Web Profile: Dark Angels
    
    
• SpecterOps
  • Deep Sea Phishing Pt. 2
  • Relay Your Heart Away: An OPSEC-Conscious Approach to 445 Takeover
  • Hybrid Attack Paths, New Views and your favorite dog learns an old trick
    
    
• Stephan Berger
  Abusing the “search-ms” URI protocol handler
  
  
• Samxia99 at System Weakness
  The Rise of Dark Web Marketplace (RaaS) Ransomware-as-a-Service:
  
  
• Sam Hunter at Thinkst Thoughts
  From Detection to Response: Automated Phishing Defense with Azure Entra ID Login Token
  
  
• Jaromir Horejsi at Trend Micro
  Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
  
  
• Christopher Paschen and Oddvar Moe at TrustedSec
  Specula – Turning Outlook Into a C2 With One Registry Change
  
  
• Trustwave SpiderLabs
  SYS01 Infostealer and Rilide Malware Likely Developed by the Same Threat Actor
  
  
• Ankur Saini, Paul Rascagneres, Steven Adair, and Thomas Lancaster at Volexity
  StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
  
  
• Jakub Kaloč at WeLiveSecurity
  Phishing targeting Polish SMBs continues via ModiLoader
  
  
• Adhithya Suresh Kumar at White Knight Labs
  LayeredSyscall – Abusing VEH to Bypass EDRs
  
  
• Rotem Lipowitch, Gili Tikochinski, and Shaked Rotlevi at Wiz
  Introducing pattern-based agentless malware detection using YARA rules
  
  
• Victor M. Alvarez at YARA-X
  An new parser for YARA
  
  
• Michael DePlante and Nicholas Zubrisky at Zero Day Initiative
  • Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1
  • Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2
    
    
• Brett Stone-gross, Heather Bates, Rajdeepsinh Dodia, and Yesenia Barajas at ZScaler
  ThreatLabz Ransomware Report: Unveiling a $75M Ransom Payout Amid Rising Attacks
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2024-08-05
  
  
• Cado Security
  CTF Challenge: Captured by Cado
  
  
• Huntress
  Breaking Down the 2024 Cyber Threat Report
  
  
• Recorded Future
  Influence Operations Mount Ahead of US 2024 Elections
  

PRESENTATIONS/PODCASTS

• Black Hills Information Security
  REKAST – Talkin’ Bout [infosec] News 2024-07-22 #infosecnews #cybersecurity #podcast #podcastclips
  
  
• CCL Solutions
  Hex: What and why?
  
  
• Cellebrite
  • Tip Tuesday Updated Support Matrix
  • Tip Tuesday The No Escape Room
  • Tip Tuesday: The 101
    
    
• Clint Marsden at the TLP – Digital Forensics Podcast
  Episode 11 – Velociraptor, Containerisation and Infrastructure Deployed as Code with Myles Agnew
  
  
• Clint Marsden at DFIR Insights
  • Defending Against APT40 (Leviathan): TTP’s, Detection and Defence
  • Phishing Detection, Defence and Response
    
    
• Gerald Auger at Simply Cyber
  The ULTIMATE Real-World SOC Challenge (Can YOU Win?)
  
  
• Hudson Rock
  Infostealers AI Investigation Module – Threat Actor Deanonymization Use Case
  
  
• Huntress
  Understanding Business Email Compromise: Tradecraft Tuesday | Huntress
  
  
• InfoSec_Bret
  Challenge – Batch Downloader
  
  
• Microsoft Security Insights Show
  Microsoft Security Insights Show Episode 220 – Yet Another Disney Sequel
  
  
• MSAB
  XRY/XAMN Drone Support
  
  
• MyDFIR
  • The Wazuh File Integrity Monitoring (FIM) Use case
  • Cybersecurity SOC Analyst – Malware Detected
  • MyDFIR SOC Analyst Course: Impossible Travel and Unfamiliar Sign-in
    
    
• Off By One Security
  Selling Exploits for Profit! Memory Corruption Bugs and Binary Exploitation…
  
  
• Palo Alto Networks Unit 42
  • Mark of the Web & AnyDesk Malware Delivery | Beyond the Hunt Ep 9
  • 🎭 Unmasking PoshC2 Framework | Beyond the Hunt Ep 10
    
    
• SANS
  • Supply Chain Compromises Pt. 2 | The Incident Commander Series Ep. 4
  • SANS | GIAC Workforce Report Outcomes Panel Conversation
    
    
• Security Onion
  Security Onion Essentials 2024
  
  
• SnapAttack
  • Latest APT41 Campaign: Detection Opportunities | ThreatSnapShot
  • Turning Novel Threats into Detections Easily with SnapAttack
    
    
• The Cyber Mentor
  You Give Photo, I Find Location
  
  
• Threat Forest
  • News from Threat Forest: Crowdstrike & Patchwork
  • DFIR & docker containers part 4
    

MALWARE

• Any.Run
  Brief Overview of the DeerStealer Distribution Campaign 
  
  
• ASEC
  Distribution of Xworm Malware as a URL File (Detected by AhnLab EDR)
  
  
• Yehuda Gelb at Checkmarx Security
  StackExchange Abused to Spread Malicious Python Package, Drains Victims Crypto Wallets
  
  
• Cleafy
  BingoMod: The new android RAT that steals money and wipes data
  
  
• Cyfirma
  Mint Stealer: A Comprehensive Study of a Python-Based Information Stealer
  
  
• Elastic Security Labs
  BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor
  
  
• Matthew at Embee Research
  Decoding a Cobalt Strike Downloader Script With CyberChef
  
  
• Prashant Kumar at Forcepoint
  Unseen Dangers Lurking Behind Evasive Secureserver.net URLs
  
  
• Jenna Wang at Fortinet
  Malicious Packages Hidden in PyPI
  
  
• Fortra’s PhishLabs
  Cyber-Attack Anatomy: Banking Smish
  
  
• Intel471
  BlankBot – a new Android banking trojan with screen recording, keylogging and remote control capabilities
  
  
• Kelvin W
  ’Tis a Hostile Work Environment: Word Maldoc Analysis
  
  
• Robert Derby at Netscout
  Decoding Ransomware: The Power of Omnis Cyber Intelligence in Cyberdefense
  
  
• Palo Alto Networks
  Fighting Ursa Luring Targets With Car for Sale
  
  
• Tatyana Shishkova and Igor Golovin at Securelist
  Mandrake spyware sneaks onto Google Play again, flying under the radar for two years
  
  
• Security Onion
  Quick Malware Analysis: LATRODECTUS INFECTION pcap from 2024-06-25
  
  
• Puja Mahendru at Sophos
  The State of Ransomware in Healthcare 2024
  
  
• Rafael Pena at Trellix
  OneDrive Pastejacking: The crafty phishing and downloader campaign
  
  
• Jason Reaves and Joshua Platt at Walmart
  Unknown powershell backdoor with ties to new Zloader
  
  
• Zhassulan Zhussupov
  Malware and cryptography 31: CAST-128 payload encryption. Simple C example.
  
  
• Zimperium
  • Deep Dive into Phishing Chronology: Threats and Trends 
  • Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps
    

MISCELLANEOUS

• Cellebrite
  • How Endpoint Inspector SaaS Empowers Effective Data Strategies 
  • Bridging the Gap Between Mobile Data Collection and eDiscovery
  • 2024 Industry Trends Survey for Enterprise Solutions
    
    
• Craig Ball at ‘Ball in your Court’
  Yes, AI is Here. No, You’re Not Gone.
  
  
• Dirk-jan Mollema
  Persisting on Entra ID applications and User Managed Identities with Federated Credentials
  
  
• Elan at DFIR Diva
  Free & Affordable Training News Monthly: July – Aug, 2024
  
  
• Forensic Focus
  • What’s Happening At Techno Security Pasadena, September 16 – 18 2024
  • Forensic Focus Podcast Ep. 86 Recap: Setting The Standard For Image And Video Forensics In The US With Amped Software
  • Digital Forensics Round-Up, July 31 2024
    
    
• InfoSec Write-ups
  • Evolution of Computer Malware Attacks
  • Introduction to Linux for Blue Teaming
    
    
• Jeffrey Appel
  How to secure OAuth apps with App Governance in Defender XDR
  
  
• Kevin Beaumont at DoublePulsar
  Microsoft need to be transparent about customer impacting DDoS attacks
  
  
• Matt Linton
  Recognizing dark humor and cynicism
  
  
• Ryan Mark YecYec at OpenText
  Threat hunters – A day in the life
  
  
• Oxygen Forensics
  BlueStacks emulator support
  
  
• Passware
  Effortless Management of a Password Recovery Cluster
  
  
• SANS
  Take Me to the Cyber Arcade! Level Up Your Cyber Skills with Core NetWars Version 10: A Cutting-Edge Retro Arcade and AI Adventure
  
  
• Th4ts3cur1ty Company
  CEO Q&A: an interview with Eliza-May Austin
  

SOFTWARE UPDATES

• Airbus Cybersecurity
  IRIS-Web v2.4.11
  
  
• Datadog Security Labs
  GuardDog v2.0.1
  
  
• Digital Sleuth
  winfor-salt v2024.12.6
  
  
• Nextron Systems
  Introducing THOR Cloud: Next-Level Automated Compromise Assessments
  
  
• OpenCTI
  6.2.11
  
  
• Security Onion
  Security Onion 2.4.90 now available including improvements for Detections and much more!
  
  
• Ulf Frisk
  MemProcFS Version 5.11
  
  
• Xways
  • X-Ways Forensics 21.0 SR-9
  • X-Ways Forensics 21.1 SR-8
  • X-Ways Forensics 21.2 SR-2
    
    
• Hayabusa
  Hayabusa v2.16.1
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!