As always, thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Akash Patel
- Digital Forensics Myanmar
- Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
Bellingcat Challenge – Week 3 Writeup - Forensafe
Investigating iOS Uber - Iram Jack
- Plainbit
- Tyler Brozek
Blue Team Labs — Ozarks
THREAT INTELLIGENCE/HUNTING
- 0xMatheuZ
Detecting rootkits based on ftrace hooking. - Adam at Hexacorn
- Ahmed Belhadjadji
Breaking the Pyramid of Pain: Why Focusing on TTPs Matters in Cybersecurity - AK1001
Sailing the MalSpam Ocean: A Journey Through Threat Hunting and Uncovering Malware Activity - Any.Run
Malware Trends Report: Q4, 2024 - ASEC
- BI.Zone
Espionage cluster Paper Werewolf engages in destructive behavior - CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 21 – 27 Dicembre - Check Point
23rd December – Threat Intelligence Report - CTF导航
ATT&CK 2024更新内容简介 - Cyble
- Top 10 Ransomware Trends Observed in 2024: A Look Ahead to 2025
- Cyble Sensors Detect Attacks on Ivanti, PHP, SAML, Network Devices, and More
- Must-Read Cyble Research Reports of 2024: Trends and Key Takeaways
- Russia, Ukraine, China, and More: The Nations at the Center of the Cybercrime Epidemic
- China Accuses the U.S. of Hacking Back as Cyber Conflict Grows
- Cyfirma
Weekly Intelligence Report – 27 Dec 2024 - Disconinja
日本におけるC2サーバ調査(Week 51 2024) - Dragos
Get On-Demand, Actionable Cyber Threat Insights with Dragos WorldView Request for Intelligence (RFI) Service - Efstratios Lontzetidis
Lumma 2024: Dominating the Info-Stealer Market - Expel
MDR insights: Tracking lateral movement in a Windows environment (part I) - FIRST
Ransomware Empowerment Training - C. J. May at GitGuardian
Detection Engineering: A Case Study - Tatsuhiko at Google Cloud Security Community
Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations - InfoSec Write-ups
- Detection Engineering the SOC: Writing a Detection Rule
- Notable Threat Intelligence Reports
- Maldev : [Evasion] Shellcode Injection and Fileless Execution
- Digital Forensics Basics: Metadata Extraction with pdfinfo and exiftool
- SOC Analyst Roadmap for 2025: Your Step-by-Step Self-Study Guide
- Using Blockchain to Track Ransomware Threat Actors in 2024 and Beyond
- Wireshark for Beginners: Essential Techniques for PCAP File Analysis| Part-1
- Shusei Tomonaga at JPCERT/CC
Recent Cases of Watering Hole Attacks, Part 2 - Katie Nickels at SANS
SANS Threat Analysis Rundown in Review: Breaking Down December 2024’s Discussion - SANS Internet Storm Center
- Securelist
- Dheeraj Kumar and Sina Chehreghani at Securonix
Securonix Threat Labs Monthly Intelligence Insights – November 2024 - Sekoia
PlugX worm disinfection campaign feedbacks - SOCRadar
- Stuxnet and Beyond: How Nation-State Cyber Weapons Have Changed Cybersecurity
- Dark Web Profile: Bashe (APT73)
- Top Phishing Tricks Attackers Use to Target Employees & The Recent ‘You’re Fired’ Campaign
- DarkVision RAT: A Persistent Threat Delivered via PureCrypter
- Dark Web Profile: Trinity Ransomware
- Dark Web Profile: Storm-842 (Void Manticore)
- Lewis Henderson at Team Cymru
A Primer on JA4+: Empowering Threat Analysts with Better Traffic Analysis - Steve Ragan at Technical Outcast
Blob phishing Office and DocuSign users
PRESENTATIONS/PODCASTS
- Ali Hadi
Data Recovery Basics (ShadowMe #3) - ArcPoint Forensics
S2: DFIRmas Podcast: Cesar Quezada - BlueMonkey 4n6
What is the fastest way of imaging a drive – dd/raw vs E01; NTFS vs ExFAT - Breaking Badness
Top Cyber Moments of 2024: Hoodies, Goodies, and Hilarious Puns - Cloud Security Podcast by Google
EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators - Cyber from the Frontlines
Exploring Malware Analysis with Ghidra - Cyberwox
Kubernetes DFIR (Digital Forensics & Incident Response) – Day 22 of TryHackMe Advent of Cyber 2024 - InfoSec_Bret
SA -SOC274-249 – Palo Alto Networks PAN-OS Command Injection Vulnerability Exploitation - MSAB
New and Improved XAMN Viewer - MyDFIR
CyberDefenders SOC Analyst Lab – IcedID - Sandfly Security
Linux Process Running with Hidden Binary Name Attack - SANS
Bridging the gap with Frank Kim - Security Conversations
US government’s VPN advice, dropping bombs on ransomware gangs - Sumuri
SUMURI Gives Back 2024 Winners Announcement - Sygnia
How Persistent is an APT? Battling Three Threat Actors in a Single Environment
MALWARE
- Artem Baranov
I’m (Not) Your Army Assistant – Stealthy SSH Over TOR Backdoor Targeting the Ukrainian Military - Dr. Web
- Fortinet
- Masaya Motoda and Rintaro Koike at NTT
OtterCookie, a new malware used by Contagious Interview - Nived Sawant
Dissecting Suspicious PDF files using REMnux. - Splunk
Meduza Stealer Analysis: A Closer Look at its Techniques and Attack Vector - Zhassulan Zhussupov
Malware and cryptography 36 – random sbox generation algorithms: Fisher-Yates shuffle. Simple C example. - بانک اطلاعات تهدیدات بدافزاری پادویش
Trojan.Android.RubikaPhisher.Malek
MISCELLANEOUS
- Belkasoft
How to Become a Digital Forensic Investigator - Brett Shavers
- Danny Zendejas
Cybersecurity Interview Guide Reminder - Derek Eiri
Reflecting on 2024 - Fabian Mendoza at DFIR Dominican
DFIR Jobs Update – 12/23/24 - Bob Rudis at GreyNoise
Checking It Twice: Profiling Benign Internet Scanners — 2024 Edition - Frank Adelstein at Hexordia
DFIR in a Land Down Under - Kevin Pagano at Stark 4N6
Merry DFIRmas & a Happy New Year - Kostas
2024 in Review: Helping InfoSec Professionals Achieve Their Goals - Oxygen Forensics
Review: Top Oxygen Remote Explorer updates of 2024 - Salvation DATA
SOFTWARE UPDATES
- Berla
iVe Software v4.10 Release - Didier Stevens
Update: oledump.py Version 0.0.78 - Three Planet Software
Apple Cloud Notes Parser v0.22 - WithSecure Labs
Chainsaw v2.11.0 - Xways
X-Ways Forensics 21.4 Preview 4 - Yamato Security
Hayabusa v3.0.1 🦅
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 