As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Adam Harrison at 1234n6
- Belkasoft
Mobile Forensics Cheatsheet: iOS and Android System Artifacts - John Hyla at Blue Crew Forensics
DEBA / MDPlist Files - Decrypting a Defense
Strava and Data Brokers, Tech Eulogies, Social Media and the Fourth Amendment, the Future of Legal AI-d & More - Forensafe
Investigating iOS Instagram - Forensic Science International: Digital Investigation
Forensic Science International: Digital Investigation – Volume 51 - M4shl3
macOS File Storage Structure - Matt Shannon at F-Response
Cloudy with a Chance of Collections - Ria Ghosh at Paraben Corporation
Drone Forensics: Navigating the new frontier of digital evidence - The DFIR Report
The Curious Case of an Egg-Cellent Resume - ThreatBreach
[ Memory Forensics Mastery Part – 2 ] Acquisition of Memory Evidence
THREAT INTELLIGENCE/HUNTING
- Faan Rossouw at Active Countermeasures
Malware of the Day – Tunneling Havoc C2 with Microsoft Dev Tunnels - Adam at Hexacorn
- Adan Alvarez
GetFederationToken: A Simple AWS Persistence Technique Used in the Wild - Akash Patel
- Alex John
Adrift in the Cloud: A Forensic Dive into Container Drift - Shannon Mong at Binary Defense
Rhadamanthys Stealer Analysis for Detection Opportunities - Bruce Sussman at Blackberry
Windows, macOS, Linux, iOS and Android: Top Cyberattacks Targeting Operating Systems - Mehmet Ergene at Blu Raven Academy
- Brad Duncan at Malware Traffic Analysis
2024-12-04 – AgentTesla variant using FTP - Burak Karaduman
Atomicgen - Tara Gould at Cado Security
- CERT-AGID
- Check Point
2nd December – Threat Intelligence Report - Fabian Bader at Cloudbrothers
- Cofense
Wolves in Sheep’s Clothing: Industry-Specific Targeted Phishing Attacks - Vince Stoffer at Corelight
Volt Typhoon & Salt Typhoon Attackers Are Evading EDR: What Can You Do? | Corelight - Coveware
Misleading Metrics: Unraveling Ransom Payment Statistics in Australia - Matt Weiner and Ioan-Cristian Iacob at CrowdStrike
CrowdStrike Falcon Prevents Multiple Vulnerable Driver Attacks in Real-World Intrusion - CTF导航
- CyberArmor
- Cyble
- Cyfirma
- Cyjax
Take Me Down to Funksec Town: Funksec Ransomware DLS Emergence - Ian Kretz at Datadog Security Labs
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages - Detect FYI
- Disconinja
日本におけるC2サーバ調査(Week 48 2024) - Paul Asadoorian at Eclypsium
Bootkitty and Linux Bootkits: We’ve Got You Covered - Tommy Bumford at Elastic
Streamlining threat intelligence reporting with Elastic AI Assistant - Flashpoint
Flashpoint Intelligence Forecast: The 2025 Threat Landscape - Fortra’s PhishLabs
Cloudflare’s pages.dev and workers.dev Domains Increasingly Abused for Phishing - Thibault Van Geluwe de Berlaere at Google Cloud Threat Intelligence
(QR) Coding My Way Out of Here: C2 in Browser Isolation Environments - Konstantin Lazarev at GreyNoise Labs
Yer a Wizard! Tagging Hard-coded Credentials Can Lead to Finding Magic (Numbers) - Hacking Articles
Abusing AD-DACL: WriteDacl - HackTheBox
- Hunt IO
- Jonathan Johnson
Behind the Mask: Unpacking Impersonation Events - Brian Krebs at Krebs on Security
- George Glass, Keith Wojcieszek, and Laurie Iacono at Kroll
October Threat Intelligence Spotlight Report - Ugur Koc and Bert-Jan Pals at Kusto Insights
Kusto Insights – November Update - Lawrence Abrams at Bleeping Computer
Novel phishing campaign uses corrupted Word documents to evade security - Lumen
Snowblind: The Invisible Hand of Secret Blizzard - Microsoft Security
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage - Maretta Morovitz at MITRE Engage™
The Methodology Behind the MITRE Engage Mappings for ATT&CK for ICS and ATT&CK for Mobile (Part 2) - Natto Thoughts
Sichuan Silence Information Technology: Great Sounds are Often Inaudible - Richard Hummel at Netscout
- Oliver Smith
Hot Leads: Large Scale Phishing Against Marketing Sector Deploys Novel Python Infostealer - Palo Alto Networks
- 김서준(Seojun Kim) and 장원희(Kelly Jang) at Plainbit
Case of Using Phantom DLL Hijacking - Recorded Future
- Red Canary
- Rene Kretzinger
Client-Side Exploitation: abusing WebDAV+URL+LNK to Deliver Malicious Payloads - SANS Internet Storm Center
- Security Intelligence
- Silent Push
Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam - SOCRadar
- Sam Scholten at Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites - Puja Srivastava at Sucuri
Malicious Script Injection on WordPress Sites - Rachana Gupta at System Weakness
Amazon GuardDuty: Intelligent Threat Detection for AWS - Taz Wake
Linux incident response – malicious timestamp manipulation - Victor M. Alvarez at YARA-X
VirusTotal moves to YARA-X - Yuan Huang at Group-IB
Deepfake Fraud: How AI is Bypassing Biometric Security in Financial Institutions - Heather Bates at ZScaler
ThreatLabz Report: 87.2% of Threats Delivered Over Encrypted Channels
UPCOMING EVENTS
- Cyacomb Forensics
5 Ways to Empower Parole & Probation - Magnet Forensics
- SANS
SANS Threat Analysis Rundown with Katie Nickels | December 2024
PRESENTATIONS/PODCASTS
- Belkasoft
Free DFIR Training: Windows Forensics with Belkasoft - Black Hills Information Security
REKAST – Talkin’ Bout [infosec] News 2024-12-02 #infosecnews #cybersecurity #podcast #podcastclips - Breaking Badness
The Rise of Holiday Scams and State-Sponsored Cyber Threats - Cyber Social Hub
Last Chance to Register For CyberSocialCon - HackTheBox
Turning threat intelligence into action: Key insights from our MITRE ATT&CK webinar - Huntress
RISE with Robert Cioffi | Post-Incident Perspective - John Hubbard at ‘The Blueprint podcast’
How Phishing Resistant Credentials Work with Mark Morowczynski and Tarek Dawoud - Karsten Hahn at Malware Analysis For Hedgehogs
Malware Analysis – Writing Code Signatures - Magnet Forensics
- Microsoft Threat Intelligence Podcast
A Couple of Rats Pick Up New Tricks, Un Proposes Cybercrime Treaty - MSAB
iOS Hide App - MyDFIR
CyberDefenders SOC Analyst Lab – Linux Analysis (Hammered) - Paraben Corporation
PAP FLEX Data in E3 - Richard Davis at 13Cubed
NTFS FILE Record Reuse - Sandfly Security
- SANS Cloud Security
HANDS-ON WORKSHOP | Cloud Security for Leaders: Aviata Chapter 8 - Security Conversations
Inside the Turla Playbook: Hijacking APTs and fourth-party espionage - SentinelOne
LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management - The Defender’s Advantage Podcast
The Art of Remediation in Incident Response - The Microsoft Security Insights Show
Microsoft Security Insights Show Episode 238 – Jerry Carlson
MALWARE
- ASEC
- Check Point
Inside Akira Ransomware’s Rust Experiment - Cleafy
DroidBot: Insights from a new Turkish MaaS fraud operation - Adam Martin and Nathaniel Sagibanda at Cofense
End-of-Year PTO: Days Off and Data Exfiltration with Formbook - Cybereason
Stellar Discovery of A New Cluster of Andromeda/Gamarue C2 - Dr Josh Stroschein
- Pei Han Liao at Fortinet
SmokeLoader Attack Targets Companies in Taiwan - KanakSasak at InfoSec Write-ups
Malware Analysis : HTB Sherloc OpSalwarKameez24–1: Super-Star - Ryan Robinson at Intezer
Babble Babble Babble Babble Babble Babble BabbleLoader - OALABS Research
CryptBot Evolution - Rayapati Lakshmi Prasanna Sai at Quick Heal
Persistence in the Shadows: A Study of Zephyr Miner Exploiting System Services - Tyler McGraw at Rapid7
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware - ReversingLabs
- Securelist
- Security Onion
Quick Malware Analysis: AGENTTESLA VARIANT USING FTP pcap from 2024-12-04 - Trevor Steen at The Random Adventure That Is Life (RATIL)
SANS 2024 Holiday Hack Challenge – Act 2 - Niranjan Hegde, Adarsh S and Shashikala Piddannavar at Trellix
Anatomy of Celestial Stealer: Malware-as-a-Service Revealed - Trend Micro
- Zhassulan Zhussupov
- Muhammed Irfan V A at ZScaler
Unveiling RevC2 and Venom Loader
MISCELLANEOUS
- Jessica Hyde at Hexordia on the Magnet Forensics blog
Magnet Virtual Summit 2025 Capture the Flag - Australian Cyber Security Centre
Enhanced visibility and hardening guidance for communications infrastructure - Brian Ireland at Black Hills Information Security
ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches - Brett Shavers at DFIR.Training
Automation vs. AI: Don’t Confuse the Two - Derek Eiri
A Reflection on Continual Growth in DFIR: An Investigative Mindset - Fabian Mendoza at DFIR Dominican
DFIR Jobs Update – 12/02/24 - Elan at DFIR Diva
Free & Affordable Training News Monthly: Nov – Dec, 2024 - Forensic Focus
- Revolutionizing Mobile Data Collection: Streamline Investigations With Cellebrite Inseyets
- How To Solve Digital Forensics’ Biggest Challenges With Oxygen Forensics
- AI-Powered License Plate Detection With DeepPlate
- Digital Forensics Round-Up, December 05 2024
- Forensic Focus Investigator Well-Being Survey Results
- Kevin Pagano at Stark 4N6
Forensics StartMe Updates (12/1/2024) - Filippos Raditsas at NVISO Labs
Building Cyber Resilience Against Ransomware Attacks - Salvation DATA
Essential Guide to Write Blockers in Digital Forensics - Clément Fleury at Synacktiv
Automated Network Security with Rust: Detecting and Blocking Port Scanners - Lesley Carhart
SOFTWARE UPDATES
- Amped
Amped DVRConv and Engine Update 35674 - Didier Stevens
Update: 1768.py Version 0.0.22 - Digital Sleuth
winfor-salt v2024.19.1 - Federico Lagrasta
PersistenceSniper v1.16.3 - hasherezade
tiny_tracer 2.9 - MALCAT
0.9.8 is out: Scripting & QoL improvements - Microsoft
msticpy – Multi-dimensional plots for outliers - OpenCTI
6.3.14 - Phil Harvey
ExifTool 13.06 - SANS
SOF-ELK®’s Evolution: A Comprehensive Update for Enhanced Digital Forensics - Three Planet Software
Apple Cloud Notes Parser v0.19 - Xways
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 