As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- 0xdf hacks stuff
HTB Sherlock: Reaper - Cellebrite
Performing Collection from Mobile Devices in an MDM Environment - Cyber Triage
DFIR Next Steps: What To Do After You Find a Suspicious Use Of curl.exe - Digital Forensics Myanmar
- Forensafe
Investigating Android Addidas Runtastic - Joshua Hickman at ‘The Binary Hick’
Not All Androids Who Wonder Are Lost. A Look At Android’s Find My Device Network - Katherine Nayan
Android Forensics: APK Downgrades – An Introduction - Mike at ØSecurity
AppCompatCache Deep Dive - AbdulRhman Alfaifi at u0041
Exploring Windows Artifacts: Notepad Files
THREAT INTELLIGENCE/HUNTING
- Aaron Aubrey N.
Ruminating on Cyber Threat Intelligence - Assaf Morag at Aqua
PG_MEM: A Malware Hidden in the Postgres Processes - Australian Signals Directorate and partners
Best Practices for Event Logging and Threat Detection - Adam Khan at Barracuda
Threat Spotlight: How ransomware for rent rules the threat landscape - CERT Ukraine
Кібератака UAC-0020 (Vermin) з використанням тематики військовополонених на Курському напрямку; новий інструмент FIRMACHAGENT (CERT-UA#10742) - CERT-AGID
- Check Point
- Asheer Malhotra, Guilherme Venere, and Vitor Ventura at Cisco’s Talos
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure - Fabian Bader at Cloudbrothers
You always trust your CSP – Cross Tenant MFA and GDAP - Gregory Newman at Confiant
Caught by Confiant: A preview of MutantBedrog’s adaptive malvertising maneuvers - Critical Start
Critical Start H1 2024 Cyber Threat Intelligence Report - Cyble
New Cheana Stealer Targets VPN Users Across Multiple Operating Systems - Cyfirma
- Cyjax
Weekly Cyber Threat Intelligence Summary - Andy Giron, Frederic Baguelin, Eslam Salem, and Matt Mills at Datadog Security Labs
The gift that keeps on giving: A new opportunistic Log4j campaign - Truls TD at Detect FYI
Deconstructing Security Monitoring Antipatterns - Disconinja
日本におけるC2サーバ調査(Week 33 2024) - EclecticIQ
- Unleashing the Power of Collaboration: Extended STIX 2.1 Support with Collaborative Notes
- Streamlining Threat Intelligence with Customizable Keyword-Based Watchlists
- EclecticIQ Intelligence Center 3.4 is here
- Transforming Threat Intelligence with AI-Powered, Multilingual NLP Search
- Transform Your Threat Management with Advanced MITRE ATT&CK Analysis Tools
- Elevate Your Intelligence Reports with EclecticIQ’s AI Writing Assistant
- Elastic Security Labs
Linux Detection Engineering – A primer on persistence mechanisms - Malcolm Heath at F5 Labs
Scanning for CVE-2017-9841 Drops Precipitously - Google Cloud Threat Intelligence
- HackTheBox
Essential SOC analyst tools (+ insights from real blue teamers) - Hunt IO
Announcing AttackCapture™ - Erin Meyers at Huntress
Unwanted Access: Protecting Against the Growing Threat of Session Hijacking and Credential Theft | Huntress - Intel471
- Patryk Zajdel at Jumpsec Labs
Adversary at the Door – Initial Access and what’s currently on the menu - Brian Krebs at Krebs on Security
Local Networks Go Global When Domain Names Collide - Kroll
- Swachchhanda Shrawan Poudel at Logpoint
Shenanigans of Scheduled Tasks - Malwarebytes
Why you need to know about ransomware - Matt Suiche
Financial Forensics in a fragmented ecosystem - Sean Sica at MITRE ATT&CK
Introducing TAXII 2.1 and a fond farewell to the TAXII 2.0 Server - Rachel Doucet and Lex Crumpton at MITRE-Engenuity
Exploring the Frontier: Insights from ATT&CK Evaluations Managed Services Round 2 - Palo Alto Networks
- Penetration Testing Lab
Web Browser Stored Credentials - Joshua Miller, Georgi Mladenov, Andrew Northern, and Greg Lesnewich at Proofpoint
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset - Andrew Cook at Recon Infosec
Your Ransomware Incident Is Predictable. . . - Recorded Future
GreenCharlie Infrastructure Linked to US Political Campaign Targeting - Red Alert
- Red Canary
Intelligence Insights: August 2024 - ReliaQuest
- S2W Lab
- SANS Internet Storm Center
- Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python, (Mon, Aug 19th)
- Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], (Tue, Aug 20th)
- Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability, (Tue, Aug 20th)
- OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?, (Thu, Aug 22nd)
- Pandas Errors: What encoding are my logs in?, (Fri, Aug 23rd)
- Securelist
- Securonix
Securonix Threat Labs Monthly Intelligence Insights – June 2024 - Adi Malyanker at Semperis
A New App Consent Attack: Hidden Consent Grant - SentinelOne
- Shinigami
What a Cluster! How Industry Groups and Names Threat Activity Clusters - Lee Kirkpatrick, Paul Jacobs, Harshal Gosalia, and Robert Weiland at Sophos
Qilin ransomware caught stealing credentials stored in Google Chrome - SpecterOps
- James Hodgkinson at Splunk
Observability Meets Security: Build a Baseline To Climb the PEAK - Symantec Enterprise
New Backdoor Targeting Taiwan Employs Stealthy Communications - The Hacker News
Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys - Trent Bessell at Trend Micro
How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack
UPCOMING EVENTS
- Archan Choudhury at BlackPerl
Cloud Attack Defense BootCamp- AWS, Azure - Belkasoft
BelkaDay Asia 2024 Call For Papers - Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2024-08-26 - Magnet Forensics
Ep. 20 // Focusing in on Apps In Focus: Exploring the artifacts that tell us what the user was looking at on their device - Medex Forensics
Details Matter… How West Midlands Police Use Social Media and Medex to Solve Crime - Paraben Corporation
PFIC Navigation in Remo Conference - Recorded Future
Threat Profiling - Justin Vaicaro at TrustedSec
The Hunter’s Workshop: Mastering the Essentials of Threat Hunting
PRESENTATIONS/PODCASTS
- Adversary Universe Podcast
Hunting the Rogue Insiders Operating for FAMOUS CHOLLIMA - Black Hat
Bypassing Entra ID Conditional Access Like APT: A Deep Dive Into Device Authentication Mechanisms - Black Hills Information Security
REKAST – Talkin’ Bout [infosec] News 2024-08-19 #infosecnews #cybersecurity #podcast #podcastclips - Breaking Badness
Breaking Badness Cybersecurity Podcast – 191. Hacker Summer Camp Retrospective - Cellebrite
Tip Tuesdays – Creating Reader Reports - Clint Marsden at the TLP – Digital Forensics Podcast
Episode 13-ELK EDR and Sandboxing, Home grown CTF environments, DFIR Automation & Forensics in the cloud, with Jakob Wilson - Cloud Security Podcast by Google
EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim - Cyber Social Hub
Are You Reviewing Security Camera Footage (CCTV) In Your Investigation? - Gerald Auger at Simply Cyber
- Huntress
August 2024 Community Fireside Chat: Cybersecurity Table Stakes - InfoSec_Bret
Challenge – Downloader - Intel471
Cybercrime Exposed Podcast: Tank - John Hammond
The Mark Of The Web - Magnet Forensics
- MSAB
XAMN Pro Case Review - MyDFIR
- Paraben Corporation
Converting Email format OST to Other Formats - Sandfly Security
Sandfly Linux EDR With Agentless Password Auditing – Find Default Passwords Instantly - SANS
A Visual Summary of SANS DFIR Summit 2024 - Security Conversations
Ep9: The blurring lines between nation-state APTs and the ransomware epidemic - SnapAttack
FIN7 is Dead, Long Live FIN7 | Threat SnapShot - The Microsoft Security Insights Show
Microsoft Security Insights Show Episode 223 – Hatim Othman
MALWARE
- Anchored Narratives
Reversing DISGOMOJI with Malcat like a BOSS - Any.Run
New ValleyRAT Campaign Spotted with Advanced Techniques - Dr Josh Stroschein – The Cyber Yeti
- Patrick Wardle at Objective-See
The Hidden Treasures of Crash Reports - Christiaan Beek at Rapid7
Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum - Stephan Berger
Botnet Fenix - Ben Martin at Sucuri
WordPress Websites Used to Distribute ClearFake Trojan Malware - Synacktiv
LAPSUS$ is dead, long live HexaLocker? - Mattias Wåhlén and Nicklas Keijser at Truesec
LockBit Analysis - UltimaCybr
AkitaCrypt - VMRay
Latrodectus updates to version 1.4 with AES-256 string encryption - WeLiveSecurity
- Zhassulan Zhussupov
Malware development: persistence – part 26. Microsoft Edge – part 1. Simple C example. - Ruchna Nigam at ZScaler
Technical Analysis of Copybara
MISCELLANEOUS
- Marco Fontani at Amped
Amped Software Co-authors a Journal Paper About Detecting Double Compression in HEIF Images - Craig Ball at ‘Ball in your Court’
Adapting Requests for Production for AI GLLM Assessment - Elan at DFIR Diva
Upcoming Techno Security & Digital Forensics Conference - Forensic Focus
- Magnet Forensics Acquires Medex Forensics, Strengthening Video Evidence Integrity
- GMDSOFT : MD-VIDEO AI Unveils New Features And Expands Global Reach
- Decrypt Data In Air-Gapped Environment With Passware Kit Ultimate
- Detego Global Launches Second Justice Accelerator Grant To Empower ICAC Investigators Across The U.S.
- Vigilance In Action: Monitoring Typosquatting Domains
- Digital Forensics Round-Up, August 21 2024
- Andrea Lazzarotto, Digital Forensics Consultant and Developer
- Next Level In Mobile Data Extraction And Decoding – XRY 10.10.1
- Forensic Focus Digest, August 23 2024
- Kaido Järvemets at Kaido Järvemets
Automating Arc-Enabled Server Log Collection with Azure Run Command - Magnet Forensics
How Magnet Axiom can enhance a vehicle accident investigation - Matt Suiche
Bob and Alice in Kernel-land – Part 2 - Medex Forensics
SPECIAL ANNOUNCEMENT: MEDEX FORENSICS JOINS MAGNET FORENSICS - Karam Abu Hanna at Microsoft’s ‘Security, Compliance, and Identity’ Blog
Critical Cloud Assets: Identifying and Protecting the Crown Jewels of your Cloud - N00b_H@ck3r
SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints - Oxygen Forensics
Capture RAM using Oxygen Forensic® KeyScout - Jonathan Reed at Security Intelligence
Cost of a data breach: The industrial sector - Teru Yamazaki at Forensicist
NSRLJP_202408 - Volatility Foundation
The 2024 Plugin Contest is open for submissions! - Passware
Passware Kit Ultimate – Air-Gapped Edition
SOFTWARE UPDATES
- Acelab
The New Software Update: PC-3000 Ver. 7.5.x, Data Extractor Ver. 6.5.x, PC-3000 SSD Ver. 3.5.x has been released - Canadian Centre for Cyber Security
Assemblyline Release 4.5.0.43 - Capa
v7.2.0 - Compelson
MOBILedit Forensic 9.4.1 released: New features and improvements - Hasherezade
tiny_tracer 2.8 - MISP
MISP 2.4.196 released with many bugs fixed and improvements. - MSAB
XRY 10.10.1: Enhanced capabilities for better investigations - OpenCTI
6.2.15 - Phil Harvey
ExifTool 12.93 - Semantics21
Introducing S21 CCTV - WithSecure Labs
- Xways
- Yamato Security
Hayabusa v2.17.0 🦅
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 