As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Adam Messer
  Cloud Digital Forensics and Incident Response — AWS IAM Privilege Escalation Leads to EC2…
  
  
• Craig Ball at ‘Ball in your Court’
  AI Prompt to Improve Keyword Search
  
  
• Mike Wilkinson at Cyber Triage
  DFIR Next Steps: What To Do After You Find a Suspicious Use Of certutil.exe
  
  
• Decrypting a Defense
  Olympics Surveillance, Subway Weapons Detection System, Geofence Search Decision, Privacy from Drones, & More
  
  
• DFIR101
  • Podcast Visualized:  Digital Forensic Survival Podcast (Ep004) – Windows Prefetch
  • Podcast Visualized:  Digital Forensic Survival Podcast (ep003) – Windows Explorer Evidence
    
    
• Django Faiola at ‘Appunti di Informatica Forense’
  Identity Lookup Service
  
  
• Oleg Afonin at Elcomsoft
  Maximizing Disk Imaging Speeds
  
  
• Forensafe
  Investigating Android Yahoo Mail Application
  
  
• Heather Mahalik at Smarter Forensics
  iOS 17- The “Forever” Setting That Isn’t… Or Is It?
  
  
• Oxygen Forensics
  • iPhone Data Extraction via iOS Agent
  • Digital insights and clues into Trump rally shooting
    
    
• Shatabdi Malik at Paraben Corporation
  Unmasking Fake Emails: Essential Techniques for Email Analysis
  

THREAT INTELLIGENCE/HUNTING

• Faan Rossouw at Active Countermeasures
  Malware of the Day – Understanding C2 Beacons – Part 1 of 2
  
  
• Ori David at Akamai
  Living off the VPN ? Exploring VPN Post-Exploitation Techniques
  
  
• Ofek Shaked and Idan Revivo at Aqua
  Go deeper: Linux runtime visibility meets Wireshark
  
  
• Sean Shirley at AT&T Cybersecurity
  Stories from the SOC – Sowing the Seeds of Cybercrime: The Credential Harvester
  
  
• Avertium
  An In-Depth Look at DarkAngels Ransomware
  
  
• Tony Burgess at Barracuda
  New malware, FakeBat Loader, spreads via drive-by download
  
  
• Christine Barry at Barracuda
  BianLian: The face-changing ransomware menace
  
  
• Josue Ledesma at Bitdefender
  A Comprehensive Look at the Evolution of the Cybercriminal Underground
  
  
• Lawrence Abrams at BleepingComputer
  Surge in Magniber ransomware attacks impact home users worldwide
  
  
• Brad Duncan at Malware Traffic Analysis
  2024-08-08 – 16 days of server scans and probes
  
  
• CERT-AGID
  • Ritorna Vidar in Italia con una campagna di malspam tramite PEC
  • Nuova campagna italiana StrRat: disponibile una ricetta CyberChef per decodificare il malware
  • Sintesi riepilogativa delle campagne malevole nella settimana del 03 – 09 agosto
    
    
• Check Point
  5th August – Threat Intelligence Report
  
  
• Yehuda Gelb at Checkmarx Security
  A Year-Long Campaign of North Korean Actors Targeting Developers via Malicious npm Packages
  
  
• CISA
  Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Advisory
  
  
• Cyble
  • Double Trouble: Latrodectus and ACR Stealer observed spreading via Google Authenticator Phishing Site 
  • Unmasking the Overlap Between Golddigger and Gigabud Android Malware
    
    
• Cyfirma
  • CYFIRMA INDUSTRY REPORT : INFORMATION TECHNOLOGY
  • Weekly Intelligence Report – 09 Aug 2024
    
    
• Cyjax
  Weekly Cyber Threat Intelligence Summary
  
  
• Christophe Tafani-Dereeper at Datadog Security Labs
  Shorten your detection engineering feedback loops with Grimoire
  
  
• Efstratios Lontzetidis
  Exploring Pythia: A Generic Query Format for Discovering Malicious Infrastructure
  
  
• Elastic Security Labs
  Now in beta: New Detection as Code capabilities
  
  
• Erik Hjelmvik at Netresec
  How to Inspect TLS Encrypted Traffic
  
  
• Yurren Wan at Fortinet
  PureHVNC Deployed via Python Multi-stage Loader
  
  
• g0njxa
  Approaching stealers devs : a brief interview with AMOS
  
  
• Hudson Rock
  Meet the Top 5 Threat Actors Exploiting Infostealers Data to Breach Companies
  
  
• InfoSec Write-ups
  The Cyber Kill Chain and Incident Response Process
  
  
• Intel471
  • Threat Actors Target Gift Card Issuing Systems
  • Introducing the CTI Capability Maturity Model, a resource for measuring and building mature CTI programs
    
    
• Intrusion Truth
  Is the CCP the biggest APT?
  
  
• Jack’s Substack
  Scraping ransomware leak sites which don’t want to be
  
  
• Jacob Larsen
  • Black Hat USA 2024: Interviews with Extorters ‘Ego’ and ‘Reiko’
  • Black Hat USA 2024: From Doxing to Doorstep – Exposing Privacy Intrusion Techniques used by Hackers for Extortion
    
    
• Hu Ke and Nir Avraham at Jamf
  Maintaining persistence through deception: The threat of fake iOS updates
  
  
• Keith McCammon
  • The top initial access vectors in 2023, mapped to ATT&CK
  • Identity is foundational to threat detection on modern platforms
    
    
• Kijo Girardi
  LotL techniques with MDE detection – Part 1
  
  
• Brian Krebs at Krebs on Security
  • Low-Drama ‘Dark Angels’ Reap Record Ransoms
  • Cybercrime Rapper Sues Bank over Fraud Investigation
    
    
• Ugur Koc and Bert-Jan Pals at Kusto Insights
  Kusto Insights – July Update
  
  
• Priyanka Shrestha at Logpoint
  Threat Detection and Monitoring with Microsoft 365
  
  
• Clint Watts at the Microsoft Threat Analysis Center
  Iran Targeting 2024 US Election
  
  
• Tamir Friedman at Microsoft’s ‘Security, Compliance, and Identity’ Blog
  Bridging the On-premises to Cloud Security Gap: Cloud Credentials Detection
  
  
• Nasreddine Bencherchali
  Introducing Sigma Specification v2.0
  
  
• Phylum
  The Great npm Garbage Patch
  
  
• Quorum Cyber
  SharpRhino – New Hunters International RAT Identified by Quorum Cyber
  
  
• ReliaQuest
  • Inc Ransom Attack Analysis
  • Introducing: Finance & Insurance Sector Threat Landscape
  • Exfiltration Tools
    
    
• Saar Cohen at Microsoft Entra Suite Tech Accelerator
  Detect compromised RDP sessions with Microsoft Defender for Endpoint
  
  
• Tim Conway and Dean Parsons at SANS
  What’s the Scoop on FrostyGoop: The Latest ICS Malware and ICS Controls Considerations
  
  
• SANS Internet Storm Center
  • Script obfuscation using multiple instances of the same function, (Mon, Aug 5th)
  • Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary], (Wed, Aug 7th)
  • A Survey of Scans for GeoServer Vulnerabilities, (Tue, Aug 6th)
    
    
• Mike Elgan at Security Intelligence
  Cost of a data breach: The healthcare industry
  
  
• SentinelOne
  • PinnacleOne ExecBrief | The Escalation of Nation-State Sabotage and Its Implications for the Private Sector
  • Defusing AD-Based Risks | Best Practices for Securing Modern Directory Services
  • DeathGrip RaaS | Small-Time Threat Actors Aim High With LockBit & Yashma Builders
    
    
• Silent Push
  Silent Push tracks threat actor targeting UK banks in ongoing AnyDesk social engineering campaign
  
  
• SOCRadar
  SOCRadar APAC Threat Landscape Report: Gain Insights Into Threats & Trends from the APAC Region
  
  
• SonicWall
  Beware of Fake WinRar Websites: Malware Hosted on GitHub
  
  
• Sophos
  • Turning the screws: The pressure tactics of ransomware gangs
  • Best security practices for ESXi environments
  • Sophos MDR hunt tracks Mimic ransomware campaign against organizations in India
    
    
• Stephan Berger
  Today I Learned – WebDAV Cache
  
  
• Raushan, Prakash & Shubham at Strobes Security
  Securing from Active Directory Attacks
  
  
• Symantec Enterprise
  Cloud Cover: How Malicious Actors Are Leveraging Cloud Services
  
  
• Ashish Chakrabortty at Sysdig
  Detect and respond to compromised identities in minutes with Sysdig
  
  
• Indranil at System Weakness
  Understanding DLL Sideloading
  
  
• Team Cymru
  Botnet 7777: Are You Betting on a Compromised Router?
  
  
• ThreatBreach
  [ AWS Threat Detection Part – 3 ] Detecting Attacks in AWS using CloudTrail Logs – Chapter 1
  
  
• Ted Lee and Theo Chen at Trend Micro
  A Dive into Earth Baku’s Latest Campaign
  
  
• VMRay
  • Malware goes undetected by hiding malicious code in uncommon MS Access format
  • Detection Highlights – July 2024: Tackling Malicious Windows Activities and Advancing YARA Rules
    
    
• Gili Tikochinski and Scott Piper at Wiz
  Emerging phishing campaign targeting AWS accounts
  

UPCOMING EVENTS

• Belkasoft
  Belkasoft DFIR Workshops
  
  
• Belkasoft
  BelkaDay Asia 2024 Call For Papers
  
  
• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2024-08-12
  
  
• Cellebrite
  Uncover Digital Footprints and Accelerate Investigations with Cellebrite Smart Search
  
  
• Gerald Auger at Simply Cyber
  DFIR: Everything You Need to Know #fireside
  
  
• Magnet Forensics
  • Data uncovered: Revealing truths in eDiscovery with Magnet Forensics solutions
  • Introduction to Magnet Griffeye Enterprise
    
    
• Microsoft Security Response Center
  Announcing BlueHat 2024: Call for Papers now open
  
  
• Paraben Corporation
  PFIC event enrollment
  
  
• SANS
  SANS Healthcare Forum: Tackling Challenges, Building Cyber Resilience
  
  
• Silent Push
  Webinar: Hunting for FIN7 phishing and malware infrastructure
  

PRESENTATIONS/PODCASTS

• Alexis Brignoni
  Digital Forensics Now – Episode 21
  
  
• Black Hills Information Security
  REKAST – Talkin’ Bout [infosec] News 2024-07-29 #infosecnews #cybersecurity #podcast #podcastclips
  
  
• Chainalysis
  Operation Cronos: Infiltrating the LockBit Ransomware Syndicate: Podcast Ep. 122
  
  
• Cloud Security Podcast by Google
  EP184 One Week SIEM Migration: Fact or Fiction?
  
  
• Cyberspatial
  How to Get PCAP When You Don’t Have Wireshark
  
  
• Cyberwox
  Automating Security Detection Engineering
  
  
• Desi at Hardly Adequate
  S02E30 – Chat with Craig Morris
  
  
• FIRST
  FIRSTCON24
  
  
• Gridware Cybersecurity
  Handling Ransomware: A Cybersecurity Expert’s Advice
  
  
• Huntress
  Why are cyber insurance claims denied? | Community Fireside Chat
  
  
• LaurieWired
  Operation Binder: Secrets of Computer Process Communication
  
  
• Magnet Forensics
  • Dancing between eDisco and DFIR
  • Mobile Unpacked Ep. 19 // Restoring the past part 2: Exploring artifacts related to restoring data on Android devices
  • Leveraging Axiom Cyber to accelerate corporate investigations
    
    
• Malspace
  From GReAT to greater Good
  
  
• MSAB
  XRY XAMN Re-decoding
  
  
• MyDFIR
  • Cybersecurity SOC Analyst Courses: Which one is best?
  • Hack The Box SOC Analyst Lab – Campfire (Active Directory)
    
    
• Prodaft
  • How can keystroke logging compromise your credentials?
  • Cybersecurity professionals explain the dangers of ransomware
    
    
• Susannah Clark Matt at Red Canary
  A defender’s guide to crypters and loaders
  
  
• The Microsoft Security Insights Show
  Microsoft Security Insights Show Episode 221 – Thomas Marsh
  

MALWARE

• 0day in {REA_TEAM}
  [QuickNote] Retrieve unknown python stealer from PyInstaller
  
  
• Alex Necula
  • Unpacking MPress .NET Assembly with DNSpy and Breakpoint.
  • Malware Analysis Part 2. Snake KeyLogger
  • Malware Analysis Part 1. RedLine Stealer
    
    
• Alexandre Borges at ‘Exploit Reversing’
  Malware Analysis Series (MAS): article 08 | MacOS/iOS
  
  
• Any.Run
  Fake Google Authenticator Website Installs Malware via Google Ads
  
  
• ASEC
  Weekly Detection Rule (YARA and Snort) Information – Week 2, August 2024
  
  
• Fernando Dominguez at AT&T Cybersecurity
  Hijacked: How Cybercriminals Are Turning Anti-Virus Software Against You
  
  
• Dr Josh Stroschein at The Cyber Yeti
  MM#07 – Leveraging Online Sandboxes for Triage Analysis
  
  
• Esentire
  Ande Loader Leads to 0bj3ctivity Stealer Infection
  
  
• Fatih Yilmaz
  • Batch Deobfuscation (RemcosRAT)
  • Batch Deobfuscation (RemcosRAT)
    
    
• Yuma Masubuchi at JPCERT/CC
  Dynamic Analysis Technique of Android Malware by Injecting Smali Gadgets
  
  
• Christopher Lopez at Kandji
  InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords
  
  
• Linkcabin
  Reverse Engineering a ESP32 file system from firmware
  
  
• Connor Ford at LRQA Nettitude Labs
  Version Tracking in Ghidra
  
  
• MALCAT
  Malcat tip: fast unpacking of RTF payloads
  
  
• Leandro Fróes at Netskope
  REPLAY: Revisiting Play Ransomware Anti-Analysis Techniques
  
  
• Reason Labs
  New Widespread Extension Trojan Malware Campaign
  
  
• Dmitry Kalinin at Securelist
  LianSpy: new Android spyware targeting Russian users
  
  
• Shayan Ahmed Khan
  Ghost in the system, Malware Defense Evasion
  
  
• Ax Sharma at Sonatype
  Ideal typosquat ‘solana-py’ steals your crypto wallet keys
  
  
• Max Kersten at Trellix
  No symbols? No problem!
  

MISCELLANEOUS

• Cellebrite
  The Legal Storm Brewing in the Private Sector
  
  
• Forensic Focus
  • Chad Gish, Forensic Expert, Magnet Forensics
  • Digital Forensics Round-Up, August 07 2024
  • Paul Gullon-Scott Bsc MA MSc MSc FMBPSS, Higher Assistant Psychologist
  • Forensic Focus Digest, August 09 2024
    
    
• Action Dan at LockBoxx
  Malware USBs at DEF CON 32
  
  
• Magnet Forensics
  Meet the Magnet Forensics Training Team: Kevin Goodram
  
  
• Husam Shbib at Memory Forensic
  My Review on How to Collect and Analyze Random Access Memory Course from DFIR Science
  
  
• Nik Earnest at OpenText
  Top three challenges of threat hunting
  
  
• Salvation DATA
  • Key Steps in Forensic Phone Analysis
  • Advanced Forensic Video Analysis Techniques 2024
    
    
• Security Onion
  Support the Rural Technology Fund with the Latest Version of our Security Onion Documentation Book!
  
  
• Ian at Shells.Systems
  Cortex XDR Ransomware Protection, Chocolate Teapots and Inflatable Dartboards
  
  
• SadProcessor at SpecterOps
  BloodHound Operator — Dog Whispering Reloaded
  

SOFTWARE UPDATES

• Acelab
  The New PC-3000 Flash Software Ver. 9.1.x has been released
  
  
• ADF Solutions
  • New Release of Forensic Triage Software: Triage-Investigator
  • New Release of Media Exploitation Software: Triage-G2
    
    
• Crowdstrike
  Falconpy Version 1.4.5
  
  
• Datadog Security Labs
  Introducing GuardDog 2.0: YARA scanning, user-supplied rules, and Golang support
  
  
• Jon Stewart
  Lightgrep 1.5.0
  
  
• Manabu Niseki
  Mihari v7.6.3
  
  
• Metaspike
  Forensic Email Intelligence – 2.2.158
  
  
• MISP
  MISP 2.4.195 – hot summer olympic release
  
  
• OpenCTI
  6.2.12
  
  
• Jack Naglieri at Panther Labs
  Introducing pypanther: The Future of Code-Driven Detection and Response
  
  
• radare2
  5.9.4
  
  
• SigmaHQ
  pySigma v0.11.10
  
  
• Paolo Dal Checco at Studio d’Informatica Forense
  Nuova release 2024 di Tsurugi Linux, live distro gratuita e open source per informatica forense
  
  
• Yogesh Khatri at ‘Swift Forensics’
  NSKeyedArchive Deserializer update
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!