As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- David Spreadborough at Amped
Protecting Evidence: Lossless Data Extraction in Forensic Video Conversion - Atola Technology
Unveiling Tomorrow: New Technologies in Hard Drives - Chris at AskClees
Chrome Visited Links - Krzysztof Gajewski at CyberDefNerd
RunMRU is not the only one forensic artifact left by the “Run” Prompt - Dr. Neal Krawetz at ‘The Hacker Factor Blog’
SEAL of Approval - Forensafe
Solving Cellebrite CTF 2024 (Otto’s iOS) - Shusei Tomonaga at JPCERT/CC
ETW Forensics – Why use Event Tracing for Windows over EventLog? – - Kathryn Hedley at SANS
New FOR518: Mac and iOS Forensic Analysis Poster Update
THREAT INTELLIGENCE/HUNTING
- Adam at Hexacorn
- Adam Goss
The ATT&CK Navigator: A Powerful Tool for Visualizing Cyber Attacks - Ori David at Akamai
The Definitive Guide to Linux Process Injection - ASEC
- Ayelen Torello at AttackIQ
Emulating the Destructive WhisperGate Malware - Martin Zugec at Bitdefender
ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again - Brad Duncan at Malware Traffic Analysis
2024-11-14 – Raspberry Robin infection using WebDAV server - CERT-AGID
- Vidar nuovamente attivo in Italia tramite caselle PEC compromesse: nuova campagna con URL aggiornati
- Rilasciata una nuova versione del tool Hashr
- Falsa notifica DocuSign: credenziali trasmesse a bot Telegram
- Studio di una nuova campagna Formbook attiva in Italia
- Sintesi riepilogativa delle campagne malevole nella settimana del 9 – 15 novembre
- Check Point
- 11th November – Threat Intelligence Report
- October 2024’s Most Wanted Malware: Infostealers Surge as Cyber Criminals Leverage Innovative Attack Vectors
- Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity
- Malware Spotlight: A Deep-Dive Analysis of WezRat
- Joey Chen, Alex Karkins, and Chetan Raghuprasad at Cisco’s Talos
New PXA Stealer targets government and education sectors for sensitive information - ClearSky Cyber Security
Iranian “Dream Job” Campaign 11.24 - Cyble
- Cyfirma
- Cyjax
- Danny Zendejas
YARA Part lll - Disconinja
- EclecticIQ
Inside Intelligence Center: Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers - Esentire
Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2 - Flare
- Sumit Patel at Google Cloud Security Community
Guide to using Ingestion Scripts with Google Security Operations - Google Cloud Threat Intelligence
- Raj at Hacking Articles
- Hudson Rock
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies - Hunt IO
Targeting Innovation: Sliver C2 and Ligolo-ng Used in Operation Aimed at Y Combinator - InfoSec Write-ups
- Alison Rusk at INKY
Fresh Phish: Harvesting Your Credentials Using Controversial Telegram Bots - Intel471
Threat Hunting Case Study: Uncovering Turla - Jamf
- Jouni Mikkola
Hunting for Windows Subsystem for Linux based attacks - Bert-Jan Pals at KQL Query
UAL = Unaligned Activity Logs - Natto Thoughts
China’s Trump Cards for Trump 2.0 - Palo Alto Networks
- Bryan Peace at Panther
Introducing PantherFlow: Accelerate Investigations in Your Security Data Lake - Luke Jennings at Push Security
How AitM phishing kits evade detection: Part 2 - Rapid7
LodaRAT: Established malware, new victim patterns - Raymond Roethof
- Recorded Future
- Red Canary
- Ryan Sherstobitoff at SecurityScorecard
The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat - Sandfly Security
Detecting Melofee Stealth Backdoor Targeting Redhat Linux - SANS Internet Storm Center
- Doug Bonderud at Security Intelligence
Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity - Sekoia
A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats - Alex Delamotte at SentinelOne
The State of Cloud Ransomware in 2024 - Shaherzakaria
Phishing Mail leads to installing DXI Infostealer and Exfiltrate Data using Telegram API as C2 - SOCRadar
Dark Web Profile: Cadet Blizzard - Jerald Perry at Splunk
Logs Are for Campfires: This Is Your Data! - Brandon Murphy at Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse - System Weakness
- Makoto Shimamura and Shingo Matsugaya at Trend Micro
Trend Micro and Japanese Partners Reveal Hidden Connections Among SEO Malware Operations - WeLiveSecurity
ESET APT Activity Report Q2 2024–Q3 2024: Key findings - Wiz
UPCOMING EVENTS
- Cellebrite
- Cyacomb
Select Your Cyacomb Webinar (November 2024)
PRESENTATIONS/PODCASTS
- Alexis Brignoni
Digital Forensics Now Podcast – S2 E4 - Ali Hadi
Why Cases Go Wrong in DFIR – Webinar with Expert Brett Shavers - Black Hills Information Security
REKAST – Talkin’ Bout [infosec] News 2024-11-11 #infosecnews #cybersecurity #podcast #podcastclips - Cellebrite
- Cyberwox
Cyber Threat Intelligence at Microsoft & Building KC7 with Simeon Kakpovi | #CyberStories EP 23 - Gerald Auger at Simply Cyber
SOC Analysts Are in High Demand – Here’s Why (And How to Become One) - Huntress
- InfoSec_Bret
Challenge – Alternate Data Stream - Insane Forensics
OT Office Hours: Offensive Assessments in ICS Environments - John Hammond
- Karsten Hahn at Malware Analysis For Hedgehogs
Malware Analysis – Writing x64dbg unpacking scripts - Malspace
Doppelgänger - Mostafa Yahia
DFIR (Windows Forensics) Course: Persistence: System Boot Autostart Programs (ASEP) and services - MSAB
XAMN Related Artifacts Final - MyDFIR
- Paraben Corporation
Paraben’s E3 Forensic Platform ver 4.1 Release Notes - SANS Cloud Security
HANDS-ON WORKSHOP | API Security Flight School: Aviata Chapter 7 - Security Conversations
What happens to CISA now? Is deterrence in cyber possible? - Silent Push
Using hashes to detect adversary infrastructure: mWISE 2024 - The Microsoft Security Insights Show
Microsoft Security Insights Show Episode 235 – Just Us - Threat Forest
Threat Hunting: Windows Subsystem for Linux, WSL - WeLiveSecurity
ESET Research Podcast: Gamaredon
MALWARE
- Any.Run
HawkEye Malware: Technical Analysis - Blackberry
LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign - contagio
- CTF导航
- Dr. Web
Malicious apps on Google Play: how threat actors use the DNS protocol to covertly connect trojans to C&C servers - Forensicfossil
- Jan Rubín at Gen
Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data - George Glass and Ryan Hicks at Kroll
LUMMASTEALER Delivered Via PowerShell Social Engineering - RexorVc0
Akira – The old-new style crime - Securelist
- Stephan Berger
Reptile’s Custom Kernel-Module Launcher - Sucuri
- Tehtris
Cracking Formbook malware: Blind deobfuscation and quick response techniques - VMRay
- Callum Roxan, Charlie Gardner, and Paul Rascagneres at Volexity
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
MISCELLANEOUS
- abuse.ch
abuse.ch and Spamhaus: The Impact of Your Contributions - Brett Shavers
- Cellebrite
- Debbie Garner
The Start of My Digital Forensics Journey - Derek Eiri
FOR518: Mac and iOS Forensic Analysis and Incident Response, Re: SANS FOR518 OnDemand Experience - Fabian Mendoza at DFIR Dominican
DFIR Jobs Update – 11/11/24 - Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
Generative AI and eDiscovery – Adoption in the Courts – Part 1 - Elan at DFIR Diva
Free & Affordable Training News Monthly: Oct – Nov, 2024 - Oleg Afonin at Elcomsoft
Intelligent Load Balancing: Optimizing Password Recovery Across Heterogeneous Units - Forensic Focus
- Chris Vance, Resident Mobile Expert, Magnet Forensics
- Open-Source Solutions For Digital Forensic Investigators
- Introducing The New De-Identification Feature In MD-VIDEO AI
- Speeding Up Your Video Analysis With Amped Replay’s Motion Detection
- Digital Forensics Round-Up, November 13 2024
- UPCOMING WEBINAR – Speeding Up And Simplifying Video Investigations With Amped Replay
- Forensic Focus Digest, November 15 2024
- Jason Baker at GuidePoint Security
To Pay or Not to Pay: The Ransomware Dilemma - John Hammond, Matt Kiely, and Adam Rice at Huntress
Turning TTPs into CTF Challenges: Huntress CTF 2024 Retro | Huntress - Incident Response Consortium
Incident Response Consortium is Back - Kaido Järvemets
List all Entra ID Roles using PowerShell - Magnet Forensics
- Rio Darmawan at MII Cyber Security
Red Teaming — Credential Hunting on Target Machine [Browser Application] - Oxygen Forensics
- Salvation DATA
Network Forensics: Investigating Cyber Attacks in Real-Time - Trevor Steen at The Random Adventure That Is Life (RATIL)
SANS 2024 Holiday Hack Challenge – Prologue - Josh Lemon at Uptycs
Uptycs EDR for Windows | Uptycs - Francisco Santos at VirusTotal
Important Update: IP Address Change for VirusTotal - Vishal Thakur
Exploring Adversarial Attacks on Deep Learning Models — 1
SOFTWARE UPDATES
- Airbus Cybersecurity
IRIS-Web v2.4.16 - Alexandre Borges
Malwoverview 6.0.1 - Berla
iVe Software v4.9 Release - Brian Maloney
OneDriveExplorer v2024.11.12 - Digital Sleuth
winfor-salt v2024.18.3 - Elcomsoft
Elcomsoft Distributed Password Recovery introduces intelligent load balancing, performance optimizations - Manabu Niseki
Mihari v8.0.0 - OpenCTI
6.3.13 - Paraben Corporation
Paraben E3 Forensic Platform v4.1 Delivers Powerful New Features for Digital Investigations - Phil Harvey
ExifTool 13.03 - Sigma
Release r2024-11-10 - SpyderForensics
TorBrowser_Bookmarks.py - Xways
X-Ways Forensics 21.3 SR-5
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 