As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• CCL Group
  Local Storage and Session Storage in Mozilla Firefox (Part 1)
  
  
• DFIR Review
  Location, Location, Location
  
  
• Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
  eDiscovery Risks – Sending Documents for Disclosure via Email
  
  
• Forensafe
  Investigating Android Tinder
  
  
• Emilia Chau, Marin Gheorge, and Muhammad Jawad at Jumpsec Labs
  Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 1)
  
  
• Mike at ØSecurity
  • Building a Custom AppCompatCacheParser.exe
  • AppCompatCache Part 3
    
    
• Synacktiv
  Using Veeam metadata for efficient extraction of Backup artefacts (2/3)
  
  
• The DFIR Report
  BlackSuit Ransomware
  
  
• Thomas Millar at TrustedSec
  Gobbling Up Forensic Analysis Data Using Velociraptor
  

THREAT INTELLIGENCE/HUNTING

• Faan Rossouw at Active Countermeasures
  Malware of the Day – Understanding C2 Beacons – Part 2 of 2
  
  
• Adam Goss
  Cyber Threat Intelligence Report Template (+FREE Download)
  
  
• Adan Alvarez
  Discover New CloudTrail Logs on TrailDiscover, Powered by Grimoire!
  
  
• Kyle Lefton, Larry Cashdollar & Aline Eliovich at Akamai
  Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
  
  
• Anton Chuvakin
  Not a SOC FAQ! This is SOC FMD!
  
  
• AttackIQ
  • Response to CISA Advisory (AA24-241A): Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
  • Emulating the Extortionist Mallox Ransomware
    
    
• Christine Barry at Barracuda
  Silnikau: A dark legacy of ransomware and other cybercrimes
  
  
• Black Cell
  Tool spotlight: YARA
  
  
• Brad Duncan at Malware Traffic Analysis
  • 2024-08-26 – GuLoader for Remcos RAT
  • 2024-08-30 – Approximately 11 days of server scans and probes
  • 2024-08-29 – Phishing email and traffic to fake webmail login page
    
    
• Brian Vermeer at Snyk
  The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant
  
  
• cbecks2 and SecurityAura
  edr-artifacts
  
  
• Censys
  Cibles privilégiées : L’impact des ransomwares sur l’industrie
  
  
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 24 – 30 agosto
  
  
• Chainalysis
  2024 Crypto Crime Mid-year Update Part 2: China-based CSAM and Cybercrime Networks On The Rise, Pig Butchering Scams Remain Lucrative
  
  
• Check Point
  26th August – Threat Intelligence Report
  
  
• CISA
  • Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
  • #StopRansomware: RansomHub Ransomware
    
    
• James Nutland, Craig Jackson, Terryn Valikodath, and Brennan Evans at Cisco’s Talos
  BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
  
  
• CTF导航
  • Operation DevilTiger：APT-Q-12 使用 0day 漏洞技战术披露
  • APT组织Patchwork七月活动，利用“第七届COMAC国际科技创新周”主题进行钓鱼攻击
  • BlackSuit 勒索软件窃取了软件解决方案供应商的近百万条数据
  • 揭秘MuddyWater组织的多款RMM软件攻击
    
    
• Cyber Triage
  DFIR Breakdown: Impacket Remote Execution Activity – atexec
  
  
• Cyble
  • Scammers Use ScreenConnect to Defraud SSA Beneficiaries
  • ManticoraLoader: New Loader Announced from the Developers of AresLoader
    
    
• Cyfirma
  Weekly Intelligence Report – 30 Aug 2024
  
  
• Cyjax
  Weekly Cyber Threat Intelligence Summary
  
  
• Dan Green at Push Security
  The SaaS attack matrix: A year in review
  
  
• Danny’s Newsletter
  Threat Hunting Metrics: The Good, and the …
  
  
• Darktrace
  Darktrace Releases 2024 Half-Year Threat Insights
  
  
• Debugactiveprocess
  Exposing a “Correios” phishing scam with FOFA
  
  
• Disconinja
  日本におけるC2サーバ調査(Week 34 2024)
  
  
• Elastic Security Labs
  Linux Detection Engineering – A Sequel on Persistence Mechanisms
  
  
• Emanuele De Lucia
  Unmasking the Bears’ Chrome Data Thief: The Android Cookie-Stealer Payload
  
  
• Ervin Zubic
  Navigating the Cyber Threat Landscape: A Complete Guide to the CTI Lifecycle
  
  
• Esentire
  Exploring AsyncRAT and Infostealer Plugin Delivery Through Phishing Emails
  
  
• Flashpoint
  • Unveiling the Top 4 Cyber Threats in 2024
  • Member of Russian Cybercrime Group Charged in Ohio
    
    
• Shunichi Imano, James Slaughter and Fred Gutierrez at Fortinet
  Ransomware Roundup – Underground
  
  
• Google Cloud Threat Intelligence
  • I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation
  • A Measure of Motive: How Attackers Weaponize Digital Analytics Tools
    
    
• Clement LecigneThreat Analysis Group at Google Threat Analysis Group
  State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
  
  
• Rui Ataide and Hermes Bojaxhi at GuidePoint Security
  So-Phish-ticated Attacks
  
  
• HackTheBox
  NTDS dumping attack detection
  
  
• Hudson Rock
  Infostealer Malware Infections Shed Light on Sanctioned Entities & Reveals New Targets for Global Crackdown
  
  
• Human Security
  • Satori Threat Intelligence Alert: Camu cashes out ads on piracy content
  • The straw that broke the Camu’s back: Protecting brands from piracy
    
    
• Hunt IO
  Latrodectus Malware Masquerades as AhnLab Security Software to Infect Victims
  
  
• Jai Minton and Craig Sweeney at Huntress
  Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders | Huntress
  
  
• Krebs on Security
  • New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
  • When Get-Out-The-Vote Efforts Look Like Phishing
    
    
• Lumen
  Taking the Crossroads: The Versa Director Zero-Day Exploitation
  
  
• Meta
  Taking Action Against Malicious Accounts in Iran
  
  
• Microsoft Security
  • Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
  • The art and science behind Microsoft threat hunting: Part 3
    
    
• Digit Oktavianto at MII Cyber Security
  Evaluating Organisation’s Cyber Defense Capability with MITRE Top 10 ATT&CK Technique
  
  
• Palo Alto Networks
  • The Emerging Dynamics of Deepfake Scam Campaigns on the Web
  • TLD Tracker: Exploring Newly Released Top-Level Domains
    
    
• Phylum
  North Korea Still Attacking Developers via npm
  
  
• Proofpoint
  The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
  
  
• Red Alert
  • Monthly Threat Actor Group Intelligence Report, June 2024 (ENG)
  • Monthly Threat Actor Group Intelligence Report, July 2024 (KOR)
    
    
• Red Canary
  Recent dllFake activity shares code with SecondEye
  
  
• ReliaQuest
  Introducing: Manufacturing Sector Threat Landscape
  
  
• Bob Rudis
  Reading PCAP Files (Directly) With DuckDB
  
  
• Sandfly Security
  Agentless Password Auditing for Linux White Paper
  
  
• SANS Internet Storm Center
  • From Highly Obfuscated Batch File to XWorm and Redline, (Mon, Aug 26th)
  • Why Is Python so Popular to Infect Windows Hosts?, (Tue, Aug 27th)
  • Vega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)
  • Live Patching DLLs with Python, (Thu, Aug 29th)
  • Simulating Traffic With Scapy, (Fri, Aug 30th)
    
    
• Sansec
  Persistent backdoors injected on Adobe Commerce via new CosmicSting attack
  
  
• Anusthika Jeyashankar at Security Investigation
  What is Session Hijacking/Cookie Hijacking – DEMO
  
  
• Den Iuzvyk and Tim Peck at Securonix
  From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users
  
  
• Aleksandar Milenkoski at SentinelOne and Jose Luis Sánchez Martínez at VirusTotal
  Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research
  
  
• SOCRadar
  • Top 10 Threat Actors of 2024: Beyond the Numbers
  • The Ransomware Playbook: Evolving Threats and Defense Strategies for 2024
    
    
• Andreas Klopsch at Sophos
  Attack tool update impairs Windows computers
  
  
• Syne’s Cyber Corner
  Common Oauth Apps Used in Business Email Compromise
  
  
• System Weakness
  • [MemLabs Write-up] MemLabs Lab 6 — The Reckoning
  • [MemLabs Write-up] MemLabs Lab 5 — Black Tuesday
  • [LetsDefend Write-up] Compromised Network Printer
    
    
• Taz Wake
  Linux DFIR – Rapid Audit Log Ingestion with Elasticsearch
  
  
• James Murphy at Trellix
  Trellix Global Defenders: Unmasking ViperSoftX: In-Depth Defense Strategies Against AutoIt-Powered Threats
  
  
• Trend Micro
  • Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
  • Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
  • Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
    
    
• Nicklas Keijser and Mattias Wåhlén at Truesec
  Dissecting the Cicada
  
  
• Bernard Bautista at Trustwave SpiderLabs
  Exposed and Encrypted: Inside a Mallox Ransomware Attack
  
  
• Sean Wilson at Unpacme
  UnpacMe Weekly: Stealing Summer
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2024-09-9
  
  
• CYBER 5W
  CCDFA Webinar
  
  
• SANS
  SANS Threat Analysis Rundown with Katie Nickels | Sep. 2024 Edition
  

PRESENTATIONS/PODCASTS

• Adversary Universe Podcast
  Intern Spotlight: Starting A Cyber Career with CrowdStrike
  
  
• AhmedS Kasmani
  Malware 101: Hiding Shellcode in the Resource Section of PE File.
  
  
• Archan Choudhury at BlackPerl
  Hunting for MFA Fatigue using Splunk | Threat Hunting Tutorial- Day 12
  
  
• Black Hat
  • Cloud Console Cartographer: Tapping Into Mapping- Slogging Thru Logging
  • Chinese APT: A Master of Exploiting Edge Devices
  • From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
    
    
• Breaking Badness
  Breaking Badness Cybersecurity Podcast – 192. TLD-fense
  
  
• BSides Leeds
  BSides Leeds 2024
  
  
• Cloud Security Podcast by Google
  EP187 Conquering SOC Challenges: Leadership, Burnout, and the SIEM Evolution
  
  
• Cyber Social Hub
  • Ransomware! Are You Prepared In Your Investigation?
  • The ‘Jedi’ of Digital Forensics Training Tells His Tips & Tricks
  • Are You Reviewing Security Camera Footage (CCTV) In Your Investigation?
    
    
• Gerald Auger at Simply Cyber
  Cyber Threat Actors HATE This Tool (Danny Jenkins Explains)
  
  
• Girls Talk Cyber
  11. Behind the scenes with a Digital Detective
  
  
• Gridware Cybersecurity
  Inside the World of Sextortion: What You Need to Know
  
  
• Hudson Rock
  The Dark Truth About Infostealers: Why You Should Not Always Trust Antivirus with Leonid Rozenberg
  
  
• Huntress
  • How to triage LukaLocker Ransomware | Tradecraft Tuesday
  • The Product Lab: Elevating the Unexpected: EDR, SIEM, ITDR & Billing
    
    
• InfoSec_Bret
  Challenge – Malicious Web Traffic Analysis
  
  
• John Hammond
  • The Moment They Got Hacked
  • Interactive SQL Injection
  • Self-Extracting Executables for Hackers
  • Unity Game Hacking with dnSpy
    
    
• Matt Larkin
  Demistifying KQL for Threat Hunters
  
  
• Microsoft Threat Intelligence Podcast
  Black Basta and the Use of LLMs by Threat Actors
  
  
• MSAB
  XAMN Pro Export BIN
  
  
• MyDFIR
  • How I Would Become A SOC Analyst If I Could Start Over (Step-By-Step)
  • 30-Day SOC Analyst Challenge | Gain Practical Experience for Free!
  • How To Create a Logical Diagram | Day 1
    
    
• Paraben Corporation
  Batch Email Processing in E3
  
  
• Phil Hagen
  Wireshark Capture Considerations
  
  
• SANS
  • SANS Threat Analysis Rundown with Katie Nickels
  • Practical Threat Modeling Based on Community Templates
    
    
• Security Conversations
  Ep10: Volt Typhoon zero-day, Russia’s APT29 reusing spyware exploits, Pavel Durov’s arrest
  
  
• Threat Forest
  The DFIR Thing Part 5: Preliminary registry parsing support
  

MALWARE

• Alex Necula
  • Malware Analysis Part 3. Agent Tesla
  • Malware Analysis Part 4. XWorm
    
    
• Any.Run
  6 Common Obfuscation Methods in Malware 
  
  
• Dylan Michalak at Binary Defense
  Understanding Sleep Obfuscation
  
  
• Yehuda Gelb at Checkmarx Security
  Year-Long Campaign of Malicious npm Packages Targeting Roblox Users
  
  
• Tonmoy Jitu at Denwp Research
  Anatomy of a Lumma Stealer Attack via Fake CAPTCHA Pages
  
  
• Xiaopeng Zhang at Fortinet
  Deep Analysis of Snake Keylogger’s New Variant
  
  
• Jérôme Segura at Malwarebytes
  Fake Canva home page leads to browser lock
  
  
• Netskope
  • Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacks
  • Latrodectus Rapid Evolution Continues With Latest New Payload Features
    
    
• OALABS Research
  Python Hunting
  
  
• Sergey Puzan at Securelist
  HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat
  
  
• SonicWall
  AutoIT Bot Targets Gmail Accounts First
  
  
• Mike Blinkman at System Weakness
  Binary File Analysis: Techniques, Tools, and Challenges
  
  
• The Reverser’s Draft
  Automating Tasks With x64dbg Scripts
  
  
• UltimaCybr
  Unlocking Lockton Ransomware
  

MISCELLANEOUS

• Marco Fontani at Amped
  Amped Software Co-authors a Journal Paper About the Image Restoration Workflow for Forensic Applications
  
  
• Any.Run
  Why is Threat Intelligence Important  
  
  
• Arch Cloud Labs
  5 Years of InfoSec Focused Homelabbing
  
  
• Craig Ball at ‘Ball in your Court’
  “There’s No Better Rule”
  
  
• Forensic Focus
  • Book Your Place At The Refuge Tech Safety Summit 2024
  • Jad Saliba, Founder & Chief Innovation Officer, Magnet Forensics
    
    
• Jouni Mikkola at “Threat hunting with hints of incident response”
  The DFIR thing reg parsing #1
  
  
• Magnet Forensics
  2024 Magnet Forensics Scholarship Program applications open 
  
  
• Morten Knudsen
  Detect Impact MFA Enforcement
  
  
• Namit Ranjan
  Kickstarting the 30-Day MYDFIR SOC Analyst Challenge: My Journey into Cybersecurity Mastery
  
  
• Namit Ranjan
  Day 1: How to Draw a Logical Diagram
  
  
• Nik Alleyne at ‘Security Nik’
  3 simple tips, for retaining your critical resources in the 21st century
  
  
• Jonas Bauters at NVISO Labs
  The Big TIBER Encyclopedia
  
  
• Nik Earnest at OpenText
  How to support threat hunters
  
  
• Oxygen Forensics
  File Signature Search with Oxygen Forensic® Detective
  
  
• Specops Software
  How to recover a deleted Active Directory object 
  
  
• Sumuri
  Choosing Your Forensic Training Path: Vendor-Neutral vs. Product-Specific
  

SOFTWARE UPDATES

• Airbus Cybersecurity
  IRIS-Web v2.4.12
  
  
• ANSSI
  DFIR-ORC v10.2.6
  
  
• Berla
  iVe Software v4.8 Release
  
  
• C.Peter
  UFADE for Windows – v0.9.1
  
  
• Datadog Security Labs
  GuardDog v2.0.3
  
  
• Digital Sleuth
  winfor-salt v2024.13.3
  
  
• Elcomsoft
  Advanced Intuit Password Recovery 3.14 supports Intuit QuickBooks 2024
  
  
• F-Response
  F-Response 8.7.1.33 Now Available
  
  
• Google
  Timesketch 20240828
  
  
• Hasherezade
  tiny_tracer 2.8.2
  
  
• IntelOwl
  v6.1.0
  
  
• Magnet Forensics
  MacOS support comes to Magnet Nexus
  
  
• Martin Korman
  Regipy 5.0.0
  
  
• Metadata Forensics
  Google Location History Takeout Parser
  
  
• Northloop Forensics
  Bitlocker_Key_Finder v3.2
  
  
• OpenCTI
  6.2.18
  
  
• Phil Harvey
  ExifTool 12.95
  
  
• Radoslav Gadzhovski
  Toolkit for Retrieval and Analysis of Cyber Evidence (TRACE)
  
  
• Security Onion
  Security Onion 2.4.100 now available including lots of new features and updates!
  
  
• SigmaHQ
  pySigma v0.11.11
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!