As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Krzysztof Gajewski at CyberDefNerd
Windows Artifacts: Analyzing the USN Journal on a Live System - Clint Marsden at DFIR Insights
Quick Fixes for plaso / Log2timeline Error: Key Troubleshooting on Ubuntu - Dr. Neal Krawetz at ‘The Hacker Factor Blog’
- Forensafe
Solvig Cellebrite CTF 2024 (Felixs’ iOS) - Magnet Forensics
That one artifact: Metadata’s role in a complex child exploitation case - MuSecTech
Collecting IIS Logs - Oxygen Forensics
Full file system extraction from unlocked Android devices using Oxygen Forensic® Detective - Rapid7
Investigating a SharePoint Compromise: IR Tales from the Field - ThinkDFIR
Windows11 Wordwheelquery Woes
THREAT INTELLIGENCE/HUNTING
- Vignesh Mudliar at 4sysops
How to detect and block QR code phishing using Microsoft Defender for Office 365 - Adan at Adan Alvarez
How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access - Christine Ferrusi Ross at Akamai
Bad Bots: 6 Common Bot Attacks and Why They Happen - ASEC
- Vishal Jakharia and Varun Sharma at AWS Security
Adding threat detection to custom authentication flow with Amazon Cognito advanced security features - Christine Barry at Barracuda
BlackSuit ransomware: 8 years, 6 names, 1 cybercrime syndicate - Bishop Fox
A Brief Look at FortiJump (FortiManager CVE-2024-47575) - Ray Van Hoose, Wade Wells, and Edna Jonsson at Black Hills Information Security
Pentesting, Threat Hunting, and SOC: An Overview - BushidoToken
Cyber Threat Intelligence for Autodidacts - CERT Ukraine
Кібератака UAC-0050 з використанням податкової тематики та LITEMANAGER (CERT-UA#11776) - CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 26 ottobre – 1 novembre - Check Point
- Yehuda Gelb at Checkmarx Security
Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack - Chuan-lun (Johnson) Chou
Attacking Kerberos — Mimikatz - CISA
- Cisco’s Talos
- CTF导航
- Curated Intelligence
The CTI Research Guide - Cyble
- U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians
- Phishing Campaign Targeting Ukraine: UAC-0215 Threatens National Security
- Cyble Sensors Detect New Attacks on LightSpeed, GutenKit WordPress Plugins
- Strela Stealer targets Central and Southwestern Europe through Stealthy Execution via WebDAV
- Cyfirma
Weekly Intelligence Report – 01 Nov 2024 - Cyjax
Weekly Cyber Threat Intelligence Summary - John Reeman at Cyooda Security
Unlocking the Secrets of Cloud Digital Forensics | M365 - Danny Zendejas
Email Security Analysis - Christophe Tafani-Dereeper at Datadog Security Labs
Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends - Detect FYI
- Disconinja
日本におけるC2サーバ調査(Week 43 2024) - Steve Behm at DomainTools
Phishmas Comes Early: New Developments in USPS Smishing Attacks - EclecticIQ
Inside Intelligence Center: LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus - Elastic Security Labs
Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses - Flashpoint
- Gaetan Ferry at GitGuardian
Doomed Keys and Hidden Threats: The Scariest Secrets in Your Repositories - Google Cloud Security Community
Finding Malware: Detecting GOOTLOADER with Google Security Operations. - Google Cloud Threat Intelligence
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives - GreyNoise
The Persistent Perimeter Threat: Strategic Insights from a Multi-Year APT Campaign Targeting Edge Devices - Human Security
Satori Threat Intelligence Alert: Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information - Hunt IO
- Jonathan Johnson at Huntress
Silencing the EDR Silencers | Huntress - Max Clarke at Jumpsec Labs
Weaponize Your Word – Malicious Template Injection - Brian Krebs at Krebs on Security
Booking.com Phishers May Leave You With Reservations - Microsoft Security
- Amy L. Robertson at MITRE ATT&CK
v16 Cloud Rebalancing, Analytics, - Natto Thoughts
- Netskope
Netskope Threat Labs Quarterly Stats for October 2024 - Nextron Systems
Antivirus Event Analysis Cheat Sheet v1.14.0 - Nimantha Deshappriya
SideWinder’s ( T-APT-04 ) Sri Lanka Adventure - Outpost24
Threat Context Monthly: Executive intelligence briefing for October 2024 - Palo Alto Networks
Jumpy Pisces Engages in Play Ransomware - Navin Thomas, Renzon Cruz and Cuong Dinh at Palo Alto Networks
TA Phone Home: EDR Evasion Testing Reveals Extortion Actor’s Toolkit - Bleon Proko at Permiso
Breaking free from the chains of fate – Bypassing AWSCompromisedKeyQuarantineV2 Policy - Phylum
- Plainbit
사고 대응 전문가의 눈으로 본 CrowdStrike Falcon EDR 활용 방안 - Tim Kromphardt, Genina Po, Hannah Rapetti, And Selena Larson at Proofpoint
Pig Butchers Join the Gig Economy: Cryptocurrency Scammers Target Job Seekers - Pulsedive
Leveraging Threat Intelligence in Security Operations - Matthew Green at Rapid7
Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor - Red Alert
- Matt Graeber at Red Canary
Artificial authentication: Understanding and observing Azure OpenAI abuse - SANS Internet Storm Center
- Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials, (Mon, Oct 28th)
- Two currently (old) exploited Ivanti vulnerabilities, (Sun, Oct 27th)
- October 2024 Activity with Username chenzilong, (Thu, Oct 31st)
- Scans for RDP Gateways, (Wed, Oct 30th)
- qpdf: Extracting PDF Streams, (Sat, Nov 2nd)
- Ross Moore at Secjuice
Understanding the Black Basta Ransomware Service - Securelist
- Antonio Villalón at Security Art Work
GRU: unidad militar 29155 - Security Scorecard
- Shaherzakaria
Rouge RDP Campaign - Silent Push
ClickFix malware: Silent Push tracks 2,000+ domains and IPs affected by WordPress fake browser update infostealers. - SOC Fortress
OT and Cybersecurity — Part III, Network Monitoring and Intrusion Detection using Zeek - SOCRadar
- Sophos
- Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
- Pacific Rim: Learning to eat soup with a knife
- Pacific Rim: What’s it to you?
- Digital Detritus: The engine of Pacific Rim and a call to the industry for action
- Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns
- From the frontlines: Our CISO’s view of Pacific Rim
- Chris Thompson at SpecterOps
Maestro - Miguel Hernández at Sysdig
EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files - Team Cymru
An Introduction to Operational Relay Box (ORB) Networks – Unpatched, Forgotten, and Obscured - The DFIR Journal
Data Exfiltration in M365: Rclone Meets SharePoint - The DFIR Report
Inside the Open Directory of the “You Dun” Threat Group - Ilya Kolmanovich, Prashant Kadam, Duy-Phuc Pham, Max Kersten and Joe Malenfant at Trellix
MacOS Malware Surges as Corporate Usage Grows - Ranga Duraisamy and Sunil Bharti at Trend Micro
Attacker Abuses Victim Resources to Reap Rewards from Titan Network - Trustwave SpiderLabs
2024 Trustwave Risk Radar Report: Cyber Threats to the Retail Sector - Merav Bar, Gal Nagli, and Danielle Aminov at at Wiz
Supply chain attack on lottie-player: everything you need to know - Andy Gill at ZephrSec
Adversarial SysAdmin – The Key to Effective Living off the Land - ZScaler
SmokeBuster: Keeping Systems SmokeLoader Free
UPCOMING EVENTS
- JB Brooks and Elena Chertova at Belkasoft
Go Deeper. Are your forensic tools showing you all the data in your investigations? - Black Hills Information Security
The Detection Engineering Process w/ Hayden Covington #livestream - Cyber 5w
Why Cases Go Wrong in DFIR (and how to keep your investigation on track) Webinar - Gerald Auger at Simply Cyber
Aligning Red and Blue Best Practices for Effective SOCs with Ashley Knowles (S1:E6) - Magnet Forensics
The emerging role of AI in digital forensics - SANS
PRESENTATIONS/PODCASTS
- Belkasoft
- Black Hills Information Security
REKAST – Talkin’ Bout [infosec] News 2024-10-28 #infosecnews #cybersecurity #podcast #podcastclips - BSides
BSides Canberra 2024 - Cellebrite
- Cloud Security Podcast by Google
EP196 AI+TI: What Happens When Two Intelligences Meet? - Cyber Secrets
- Cyber Social Hub
Cyber Social Hub 3.0 & CyberSocialCon 2024 - Sebastian Weigmann at DFRWS
DFRWS USA 2024 – Impressions - Gerald Auger at Simply Cyber
Flare EXPOSES Cyber Criminals in Near Real Time - Huntress
RISE with Robert Cioffi | The Power of Company Culture - InfoSec_Bret
Challenge – Kernel Exploit - Magnet Forensics
Give your lab an investigative edge with Magnet One - Mostafa Yahia
DFIR (Windows Forensics) Course: Network Shared Files registry artifacts from source and destination - MSAB
XAMN Pro Improved Grouping Options - Richard Davis at 13Cubed
13Cubed XINTRA Lab Walkthrough - SANS Cyber Defense
- The Microsoft Security Insights Show
- Yaniv Hoffman
Hackers Targeting Digital History and Rewriting Our Past
MALWARE
- Any.Run
- Ionut Alexandru Baltariu, Nicolae Postolachi, and Alina Bîzgă at Bitdefender
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages - Adam Martin and Kian Buckley Maher at Cofense
PythonRatLoader: The Proprietor of XWorm and Friends - contagio
- Cyberdom
Defender for Endpoint: Bypassing Lsass Dump with PowerShell - Ron Ben Yizhak and David Shandalov at Deep Instinct
SHIM Me What You Got: Manipulating Shim and Office for Code Injection - Tonmoy Jitu at Denwp Research
sLoad Malware Delivery Through Phishing Campaigns in Ukraine - Nikhil “Kaido” Hegde
Deobfuscating JavaScript Malware Using Abstract Syntax Trees - petikvx
- Salvation DATA
Key Steps in Malware Analysis for Digital Forensics Investigations - Sucuri
- Anh Ho at WeLiveSecurity
CloudScout: Evasive Panda scouting cloud services - Wladimir Palant at ‘Almost Secure’
The Karma connection in Chrome Web Store - Fernando Ortega at Zimperium
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware
MISCELLANEOUS
- David Spreadborough at Amped
Proprietary Data: Navigating the Maze of Video Formats - Brett Shavers
- Fabian Mendoza at DFIR Dominican
DFIR Jobs Update – 10/28/24 - F-Response
License Amnesty – Open renewals until the end of November 2024 - Forensic Focus
- How To Load 3rd Party Extraction Images Into MD-RED
- Understanding Digital Forensics Mental Health Stressors: Introduction
- Dr. Rebecca Portnoff, Head of Data Science, Thorn
- Digital Forensics Round-Up, October 30 2024
- Detecting Any And All Malware With Oxygen Forensic® Detective
- How The AI Act Impacts Image And Video Forensics – New Article By Martino Jerian
- Forensic Focus Digest, November 01 2024
- Howard Oakley at ‘The Eclectic Light Company’
A brief history of icons, thumbnails and QuickLook - Lab539
Self Hosted Conditional Access Service - Magnet Forensics
Meet compliance needs with category extractions in Magnet Verakey - Nextron Systems
Introducing @NextronResearch: A New Channel for Threat Intelligence - YUCA
How to quickly pass Cyber Certifications while retaining knowledge
SOFTWARE UPDATES
- Airbus Cybersecurity
IRIS-Web v2.4.15-rc1 - Belkasoft
Belkasoft X v.2.6 Released: Another Method for Android Acquisition, BelkaGPT Improvements, Enhanced Timeline with New Design and Performance Boost, Oura Ring Analysis, Credit Card Decryption and More - Brian Maloney
OneDriveExplorer v2024.11.01 - Cellebrite
Now Available: Cellebrite Digital Collector 3.8 - Conor Armstrong
extract.py – SQLite Forensic Data Recovery Tool - Crowdstrike
Falconpy Version 1.4.6 - Datadog Security Labs
GuardDog v2.0.6 - Didier Stevens
- Digital Sleuth
winfor-salt v2024.17.1 - Magnet Forensics
Magnet Griffeye 24.5 and Project VIC GID now available - MSAB
XRY 10.11.1 – Next level in mobile data extraction and decoding - OpenCTI
6.3.9 - Passmark Software
OSForensics V11.0 build 1015 29th October 2024 - Phil Harvey
- WithSecure Labs
Chainsaw v2.10.1 - Xways
X-Ways Forensics 21.3 SR-1
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 