As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- David Spreadborough at Amped
Behind the Screen: Codecs and Formats Unveiled - David Haddad at Breakpoint Forensics
Samsung Secure Health Data Parser — A Forensic Tool for Parsing & Analyzing Samsung Secure Health Databases - Cyber Sundae DFIR
CapabilityAccessManager.db Deep Dive, Part 1 - Denis Szadkowski, Paul van Ramesdonk, Maike Orlikowski and Johann Aydinbas at DCSO CyTec
Unransomware: From Zero to Full Recovery in a Blink - Decrypting a Defense
ALPR Lawsuit, Video Authentication, NYS Commission on Forensic Science, Protester Surveillance & More - Clint Marsden at DFIR Insights
- Forensafe
Solving Cellebrite CTF 2024 (Russell’s Android) - Raj Upadhyay
Beyond Connection Logs: Understanding File Transfer Artifacts in AnyDesk Forensics - Salvation DATA
MD5 and SHA1: Essential Hash Values in Digital Forensics
THREAT INTELLIGENCE/HUNTING
- ⌛☃❀✵Gootloader Details ✵❀☃⌛
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vector - Alex Teixeira
From Intelligence to Detection: A Workflow for Integrating CTI, IR, Hunting & Red Teams - Sebastien Meriot and Christophe Bacara at APNIC
The rise of packet rate attacks: When core routers turn evil - ASEC
October 2024 Threat Trend Report on Ransomware - Steve de Vera and Mike Saintcross at AWS Security
Unauthorized tactic spotlight: Initial access through a third-party identity provider - BI.Zone
Venture Wolf attempts to disrupt Russian businesses with MetaStealer - Vlad Constantinescu
Case Study: Ransomware Attack Hits a Small Clinic - Lawrence Abrams at BleepingComputer
Meet Interlock — The new ransomware targeting FreeBSD servers - Brandon Murphy at Sublime Security
Living Off the Land: Callback Phishing via Docusign comment - CERT-AGID
- Check Point
- Elio Biasiotto, Aliza Johnson, Chetan Raghuprasad, and Michael Szeliga at Cisco’s Talos
Unwrapping the emerging Interlock ransomware attack - CTF导航
- Cyfirma
- G700 : The Next Generation of Craxs RAT
- YUNIT STEALER
- TRACKING RANSOMWARE — SEPTEMBER 2024
- CYFIRMA INDUSTRY REPORT : HEALTHCARE
- WORLD ON THE BRINK : WAR IN THE MIDDLE EAST THREATENS TO ENTER A NEW DESTRUCTIVE PHASE
- APT Profile — VOLT TYPHOON
- The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer
- Data Breach Investigation on Cisco
- CYFIRMA INDUSTRY REPORT : FINANCE INDUSTRY
- VILSA STEALER
- OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe
- Weekly Intelligence Report – 08 Nov 2024
- Cyjax
Initial Access Broker Market Summary Q3 - Den Iuzvyk and Tim Peck at Securonix
CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging - Joseph Moronwi at Digital Investigator
Decoding Anti-Virus Detection Names For Malware Analysts - Disconinja
日本におけるC2サーバ調査(Week 44 2024) - Jakub Pavlík and Marco Rodrigues at Exaforce
Supply Chain Security Incident: Analysis of the LottieFiles NPM Package Compromise - Fareed Fauzi
Threat Investigation using OSINT Online Tools - Google Cloud Security Community
Guide to using Ingestion Scripts with Cloud Run functions - Thibault Van Geluwe de Berlaere, Karl Madden, and Corné de Jong at Google Cloud Threat Intelligence
(In)tuned to Takeovers: Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments - Hunt IO
RunningRAT’s Next Move: From Remote Access to Crypto Mining for Profit - Intel471
- Interpol
INTERPOL cyber operation takes down 22,000 malicious IP addresses - Kostas
My Favourite Security-focused GPO: Stopping Script Execution with File Associations - Brian Krebs at Krebs on Security
- Ugur Koc and Bert-Jan Pals at Kusto Insights
Kusto Insights – October Update - Md. Abdullah Al Mamun
Detect Malware Attacks in A Country - Ramya Chitrakar at Microsoft Security
How Microsoft Defender for Office 365 innovated to address QR code phishing attacks - Palo Alto Networks
- Parveen Vashishtha
Recent Attacks Leveraging AutoIt - Permiso
- BucketShield: Track Log Flow, Secure Buckets, Simulate Threats – All in One Open-Source Tool
- INTRODUCING CAPICHE DETECTION FRAMEWORK: AN OPEN-SOURCE TOOL TO SIMPLIFY CLOUD API-BASED HUNTING
- Permiso Releases Suite of Open-Source Tools to Bolster Detection Capabilities for Past,Present and Future Attacks
- Positive Technologies
Cybersecurity threatscape for African countries: Q1 2023–Q3 2024 - Red Alert
- Ryan at Intel Corgi
Quick Triage – Obsidian Malware Campaign - SANS Internet Storm Center
- Analyzing an Encrypted Phishing PDF, (Mon, Nov 4th)
- Python RAT with a Nice Screensharing Feature, (Tue, Nov 5th)
- [Guest Diary] Insights from August Web Traffic Surge, (Wed, Nov 6th)
- Steam Account Checker Poisoned with Infostealer, (Thu, Nov 7th)
- SANS Holiday Hack Challenge 2024, (Sat, Nov 9th)
- zipdump & Evasive ZIP Concatenation, (Sat, Nov 9th)
- Security Intelligence
- Sekoia
ClickFix tactic: Revenge of detection - Simone Kraus
Threat-Informed Defense human-driven — real-world behavior Threat Hunting - SOCRadar
- Sysdig
Adding runtime threat detection to Google Kubernetes Engine with Falco - System Weakness
The Rise of Ransomware as a Service (RaaS): What Organizations Need to Know - ThreatBreach
Is Statistics Required For Detection Engineering ? - Mallikarjun Wali and Sangram Mohapatro at Trellix
New Stealer Uses Invalid Cert To Compromise Systems - Stephan Khader Boelt at Truesec
Helldown Ransomware Group – A New Emerging Ransomware Threat - WeLiveSecurity
- Adhithya Suresh Kumar at White Knight Labs
HuntingCallbacks – Enumerating the Entire system32 - Amitai Cohen and Shahar Dorfman at Wiz
Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond - Seongsu Park at ZScaler
From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
UPCOMING EVENTS
- Cellebrite
Join Us for Cellebrite’s C2C Summit 2025 - Dr Josh Stroschein
Explore Command-Line Driven Binary Transformations with Binary Refinery and its Jesko Huttenhain - Magnet Forensics
- Give your lab an investigative edge with Magnet One
- Cyber Unpacked Ep. 4 // Return of the AI: A new hope (or a new threat)
- Investigating a Turncloak: A case study on when Axiom Cyber and Verakey intersect with a malicious insider
- Accelerating digital investigations with cloud technology
- Mobile Unpacked Ep. 23 // Following the Money | Tracking Mobile Payment Artifacts
- X1 Discovery
Upcoming Webinar – Addressing Information Governance in a Microsoft 365 Environment
PRESENTATIONS/PODCASTS
- Adversary Universe Podcast
Exploring Offensive Security with CrowdStrike Red Teamers - Alexis Brignoni
iLEAPP 2.0 – Big Changes! - Ali Hadi
ShadowMe #2 – Dynamic Malware Analysis - Black Hills Information Security
- Breaking Badness
Locate X Unleashed & APT29’s Latest Gambit: The Battle for Digital Privacy Option - Cellebrite
#TipTuesdays – PA 10 Installations Guide - Chainalysis
Everything You Need To Know About Crypto Cartels: Podcast Ep. 135 - Cloud Security Podcast by Google
EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective - Cyberwox
OffSec TH-200 Review (Complete Breakdown) | Worth it for Cybersecurity Analysts & Threat Hunters? - Eclypsium
BTS #41 – Pacific Rim - Endace
Packet Forensic Files Ep 59 Matt Bromiley - Hudson Rock
Mnemonic Security Podcast – Infostealers - Huntress
RISE with Robert Cioffi | Navigating Cyber Insurance - InfoSec_Bret
Challenge – Brute Force Attacks - John Hammond
- LASCON
- Magnet Forensics
The emerging role of AI in digital forensics - Marcus Hutchins
Hacking Demo: Lateral Movement & Privilege Escalation | Keynote From Veza NHI Summit 2024 - MSAB
BFU & XRY Pro = FFS or Physical Final - MyDFIR
Student Discounts for Cybersecurity SOC Analyst Training - SANS
2024 SANS Difference Makers Awards Ceremony - SANS Cyber Defense
Supply Chain Security Incident Response: Strategies for Responding to Emerging Threats - Security Conversations
- Silent Push
Raspberry Robin – Fast Flux: Catching Universally Bad Behavior by Zach Edwards at mWISE 2024. - SnapAttack
Going Rogue: APT29 Using Rogue RDP | Threat SnapShot - Ted Smith at ‘X-Ways Forensics Video Clips’
Video 70 – Device Types & Generator Signatures in X-Ways Forensics - The Cyber Mentor
LIVE: Ransomware Memory Forensics | Cybersecurity | Blue Team - Rod Trent at The Microsoft Security Insights Show
Microsoft Security Insights Show Episode 234 – Nina Alli
MALWARE
- 0xdf hacks stuff
- Adam at Hexacorn
- Any.Run
AsyncRAT’s Infection Tactics via Open Directories: Technical Analysis - Yehuda Gelb at Checkmarx Security
Supply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware - Cleafy
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM - Max Gannon at Cofense
Hidden in the Crowd: The Risk of Group-Delivered Malware - Cyble
GodFather Malware Expands Its Reach, Targeting 500 Banking And Crypto Applications Worldwide - Fortinet
- Anish Bogati at Logpoint
Hiding in Plain Sight: The Subtle Art of Loki Malware’s Obfuscation - Malwarebytes
- ReversingLabs
- S2W Lab
Detailed Analysis of TheftCalls: Impersonating Frequently Used Korean Apps - Securelist
- Raffaele Sabato, Phil Stokes & Tom Hegel at SentinelOne
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence - SonicWall
- Sophos
- Ben Martin at Sucuri
2024 Credit Card Theft Season Arrives - Matt Morrow at Sucuri
Malware Steals Account Credentials - Trend Micro
- Zhassulan Zhussupov
Malware and cryptography 34: encrypt payload via DFC algorithm. Simple C example. - 위협분석보고서-genians
APT37 위협 배후의 사이버 정찰 활동 분석
MISCELLANEOUS
- Chris Brenton at Active Countermeasures
Crash Course in Docker - Adam Goss
ATT&CK Powered Suit: Streamline Your Research and Save Time - Antoine Cailliau
- Anton Chuvakin
Anton’s Alert Fatigue: The Study - Berla
Introducing the iVe Vehicle Forensics Chip-off Course - Brent Fosdick and Šárka Fletcher at Binary Ninja
2024 Reverse Engineering Survey: The State of the Industry - Brett Shavers
DFIR’s Degree Debate: Do Degrees Deliver, or Does Direct Experience Dominate in Digital Forensics? - Check Point
Incident Response Readiness Journey - Yuri Kramarz at Cisco
Overview of Cybersecurity Regulations in the Middle East Region, Part 1 - Fabian Mendoza at DFIR Dominican
- Forensic Focus
- Next Level In Mobile Data Extraction And Decoding – XRY 10.11.1
- Exterro Whitepaper: Harnessing Mobile Forensics To Combat Evolving Criminal Tactics
- Chris Doman, Co-Founder & CTO, Cado Security
- Forensic Focus Investigator Well-Being Survey Closing Soon
- Digital Forensics Round-Up, November 06 2024
- UPCOMING WEBINAR – Oxygen Forensics Tech Takedown: A Remote Journey
- Nick Harbour at Google Cloud Threat Intelligence
Flare-On 11 Challenge Solutions - Magnet Forensics
Quickly uncover the history of your case with Magnet Review’s Timeline View - Marc Hirtz at Nextron Systems
Cybersecurity is Not a Solo Endeavor – A Recap of it-sa Expo&Congress 2024 - Jonas Bauters at NVISO Labs
TLPT & ME: Everything you need to know about Threat-Led Penetration Testing (TLPT) in a TIBER world. - Pavel Yosifovich
Structured Storage and Compound Files - Ekaterina Makhinova at StrangeBee
Incident response and case management—stronger together - Trend Micro
SOC Around the Clock: World Tour Survey Findings - Jack Burgess at Triangle Wave Security
DFIR and GRC are the Business: Systems Modeling and Metrics for the Real World - Yashraj Solanki
The GREM Reaper – Review of the SANS FOR610 Course
SOFTWARE UPDATES
- ADF Solutions
HDMI Capture and Consent Forms – Version 5.10 Release - Airbus Cybersecurity
IRIS-Web v2.4.15-rc2 - C.Peter
UFADE 0.9.5 - Cellebrite
Now Available: Cellebrite Endpoint Inspector 2.4 - Digital Sleuth
- Eric Zimmerman
ChangeLog - Obsidian Forensics
Hindsight v2024.10 - Alexis Brignoni
iLEAPP v2.0.0 - Maxim Suhanov
dfir_ntfs file system parser 1.1.19 - Mazars Tech
AD_Miner v1.7.0 - Metaspike
Forensic Email Collector (FEC) Changelog – 4.0.251.1164 - OpenCTI
6.3.11 - Phil Harvey
ExifTool 13.02 - PuffyCid
Artemis v0.11.0 – 2024-11-05 - Xways
X-Ways Forensics 21.3 SR-4
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 