As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Andrea Fortuna
Digital Detectives vs. Android 14: overcoming new forensic challenges - Digital Forensics Myanmar
eCDFP (Module-6) (Window Forensics) (Part – 6) - Forensafe
Investigating Android Here WeGo - Kevin Stokes
Plaso Super Timelines and CloudTrails - Oxygen Forensics
macOS Extraction of System Artifacts with Oxygen Forensic® KeyScout - Kokab Rasool at Paraben Corporation
Memory Forensics Tools Overview - Rajendra Prasanth S
File System tunnelling - John Brown at SANS
Up and Running with Siftgrab - System Weakness
- Raymond Chen at The Old New Thing
Instead of putting a hash in the Portable Executable timestamp field, why not create a separate field for the hash?
THREAT INTELLIGENCE/HUNTING
- Austin Songer at ‘Songer Tech’
Understanding and Simulating SSH Backdoors - Martin Chlumecký at Avast Threat Labs
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations - Luke Notley and Arran Peterson at AWS Security
Using Amazon GuardDuty Malware Protection to scan uploads to Amazon S3 - Bruce Sussman at Blackberry
Ransomware Update: The State of Ransomware Attacks in 2024 - Brad Duncan at Malware Traffic Analysis
- BushidoToken
The Ransomware Tool Matrix - CERT Ukraine
UAC-0198: Масове розповсюдження ANONVNC (MESHAGENT) серед державних організацій України (CERT-UA#10647) - CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 10 – 16 agosto - Check Point
- Cloud Chronicles
Strategies Used by Adversaries to Steal Application Access Tokens - Critical Start
Recruiter phishing leads to more_eggs infection - CyberCX
CyberCX Unmasks China-linked AI Disinformation Capability on X - Cyble
- Cyfirma
- Cyjax
Weekly Cyber Threat Intelligence Summary - Aleksandar Matev at Detect FYI – Medium
Spotting the Gaps: Effective Monitoring of Log Flow in Splunk - Dragos
Dragos Industrial Ransomware Analysis: Q2 2024 - Esentire
Exploring the D3F@ck Malware-as-a-Service Loader - Flashpoint
- Fortra’s PhishLabs
What Is Tactical Threat Intelligence? - Google Threat Analysis Group
Iranian backed group steps up phishing campaigns against Israel, U.S. - GuidePoint Security
- HackTheBox
NTLM relay attack detection - Hunt IO
EvilGophish Unhooked: Insights Into the Infrastructure and Notable Domains - Infoblox
From Click to Chaos: Bouncing Around in Malicious Traffic Distribution Systems - Neetrox at InfoSec Write-ups
Windows Event IDs That Every Cybersecurity Analyst MUST Know - Intel471
MacOS is Increasingly Targeted by Threat Actors - Shwetanjali Rasal at Juniper Networks
The Hidden Door: How CVE-2024-23897 Enabled Ransomware Attack on Indian Banks - Kalpesh Mantri at Inception Cyber
Staying Ahead: Understanding the Latest Email Evasion Tactics - Kelvin Winborne
AS-REP Roasting: The Consequence of Disabling Kerberos Preauthentication - Bert-Jan Pals at KQL Query
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications - George Glass, Keith Wojcieszek, and Laurie Iacono at Kroll
July Threat Intelligence Spotlight Report - Jérôme Segura at Malwarebytes
Dozens of Google products targeted by scammers via malicious search ads - Shirley Kochavi at the Microsoft Sentinel Blog
Revolutionizing log collection with Azure Monitor Agent - Microsoft’s ‘Security, Compliance, and Identity’ Blog
eDiscovery launches a modern, intuitive user experience - Adrian Garcia Gonzalez and Tiffany Bergeron at MITRE-Engenuity
Guarding the Grid: Defending Operational Technology with ATT&CK - Cedric Van Bockhaven at Outflank
Will the real #GrimResource please stand up? – Abusing the MSC file format - Palo Alto Networks
- Quentin Roland at Synacktiv
SCCMSecrets.py: exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement - Recorded Future
Malign Influence Threats Mount Ahead of US 2024 Elections - ReliaQuest
- RussianPanda
The Abuse of ITarian RMM by Dolphin Loader - SANS Internet Storm Center
- Securelist
- Silent Push
Silent Push Observes Significant Spike in Newly Registered Domains Referencing ‘CrowdStrike’ After BSOD Incident. - SOCRadar
- Sophos
- Forrest Kasler at SpecterOps
Sleeping With the Phishes - James Hodgkinson at Splunk
Observability Meets Security: Tracing that Connection - Team Cymru
- John Scott-Railton, Rebekah Brown, Ksenia Ermoshina, and Ron Deibert at The Citizen Lab
Rivers of Phish: Sophisticated Phishing Targets Russia’s Perceived Enemies Around the Globe - The DFIR Report
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts - Oddvar Moe at TrustedSec
Oops I UDL’d it Again - David Broggy at Trustwave SpiderLabs
The Art of Deception: Turning the Tables on Attackers with Active Defenses - Jonathan Mccay at Walmart
Rhadamanthys V0.6.0 : Automating Config Decryption - Victor M. Alvarez at YARA-X
NDJSON output in YARA-X
UPCOMING EVENTS
- Black Hills Information Security
- Cellebrite
Closing the Mobile Data Gap: A Deep Dive into Investigation Challenges - Dr Josh Stroschein – The Cyber Yeti
🔴 Practical Steps to False Positive Reduction and Benign File Analysis with Karsten Hahn - Magnet Forensics
PRESENTATIONS/PODCASTS
- Black Hills Information Security
- Clint Marsden at the TLP – Digital Forensics Podcast
Episode 12 – You’re forced to decide: Cyber Generalist or Cyber Specialist? - Cyber Social Hub
- Grzegorz Tworek
OSET – Offline SAM Editing Tool - Hudson Rock
Infostealer Investigation Module – Analyzing Stolen Files (Hudson Rock) - Huntress
Unraveling LukaLocker Ransomware - John Hammond
- Karsten Hahn at Malware Analysis For Hedgehogs
Writing an unpacker for a 3-stage stub with emulation via speakeasy - Magnet Forensics
- Microsoft Threat Intelligence Podcast
Disrupting Cracked Cobalt Strike - MSAB
XAMN Using quick views - MyDFIR
- Paraben Corporation
Google Takeout Processing Contacts-Chrome-Fit - The Cyber Mentor
LIVE Blue Team & SOC 101 | New course | @MalwareCube
MALWARE
- Adam at Hexacorn
Enter Sandbox 29: The subtle art of reversing persuasion – pushing samples to run… - Any.Run
- Assaf Morag at Aqua
Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments - Arete
Malware Spotlight: Fog Ransomware - Blaze’s Security Blog
Microsoft Word and Sandboxes - Elastic Security Labs
Beyond the wail: deconstructing the BANSHEE infostealer - Eduardo Altares and Joie Salvio at Fortinet
A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers - G Data Security
- Harfanglab
Cyclops: a likely replacement for BellaCiao - Christopher Lopez at Kandji
TodoSwift Disguises Malware Download Behind Bitcoin PDF - Ben Martin at Sucuri
PrestaShop GTAG Websocket Skimmer
MISCELLANEOUS
- Forensic Focus
- John Hollenberger at Fortinet
Preparation Is Not Optional: 10 Incident Response Readiness Considerations for Any Organization - Magnet Forensics
New course and certification now available for Magnet Verakey users - MISP
SkillAegis - MWLab
SMB Decryption – TryHackMe - Kyrie Hale at OpenText
Understanding threat hunter personas - Remy Kullberg at Panther Labs
How to Know You’re Ready for a Dedicated Detections Team - Salvation DATA
Implementing Affordable DFIR Solutions for Cyber Defense - Suzie at Metadata Forensics
Rookie Reflections: A Green Examiner’s Forensic Journey Into Cellebrite
SOFTWARE UPDATES
- Binary Ninja
4.1 Release 2 - CCL Solutions
Skinny dipping into browser data - Exterro
Meet The New FTK 8.1 From Exterro - GCHQ
CyberChef v10.19.2 - Metaspike
Forensic Email Collector (FEC) Changelog – 4.0.167.1390 - MobilEdit
MOBILedit Forensic 9.4.1 released: New features and improvements - OpenCTI
6.2.13 - Sandfly Security
Sandfly 5.1.1 – Important Performance Upgrade and Yescrypt Support - Three Planet Software
Apple Cloud Notes Parser v0.17.1 - Xways
X-Ways Forensics 21.3 Preview
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 