As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Akash Patel
  • SentinelOne(P7- Activity/Reports): A Practical Guide/An Practical Training
  • SentinelOne (P8- SentinelOne Automation) : Guide / Training to Forensic Collection, KAPE…
  • SentinelOne(P9- Settings): A Practical Guide/An Practical Training

• Cyber 5W
  Guide to Mobile Forensics with ALEAPP

• David Cowen at the ‘Hacking Exposed Computer Forensics’ blog
  • Daily Blog #705: AI Prompts that help me
  • Daily Blog #706: Using AI to help create better test evidence
  • Daily Blog #707: Surviving the Breach Podcast
  • Daily Blog #708: Zeltser Challenge Spotlight – Oleg Skulkin

• Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
  Bellingcat Challenge – Week 4 Writeup

• Oleg Afonin at Elcomsoft
  Extraction Agent and Firewall: Software vs. Hardware

• Forensafe
  Investigating Android Wickr

• Iram Jack
  • Services
  • Autostart Scripts
  • Application Artifacts
  • Cracking the Code of Linux Logs
  • The Syslog Chronicles
  • Both Audit and Auth Logs
  • Analyzing Application Logs

• Lionel Notari
  watchOS Unified Logs – Introduction and Calls

• M4shl3
  The Challenge of Tracking SSH Connections Without System Logs

• Oleg Skulkin at ‘Know Your Adversary’
  • 001. The Zeltser Challenge
  • 002. Beyond Good Old Run Key
  • 003. Are they that advanced? Spotlighting Salt Typhoon
  • 004. Are You Forensicating Here or What?
  • 005. Is It Difficult to Spot a Russian APT?

• The DFIR Journal
  File Carving: Encrypted Virtual Hard Disks
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • Smuggling payloads and tools in, using WIM images
  • Smuggling payloads and tools in, using WIM images, Part 2
  • Clean hash set – 12M rows

• Brad Duncan at Malware Traffic Analysis
  2025-01-04: Four days of scans and probes and web traffic hitting my web server

• Jeffrey at CatchingPhish
  Yet Another Ransomware Assessment for 2025

• Tiffany Bergeron at Center for Threat-Informed Defense
  Stacked Defense from the Hardware Up

• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 28 dicembre – 3 gennaio

• Check Point
  • 30th December – Threat Intelligence Report
  • DeepDLL– A New Approach to Detect Malicious DLLs

• CTF导航
  • ELF文件结构浅析-解析器和加载器实现
  • Fancy Bear APT28 对手模拟

• Vasilis Orlof at Cyber Intelligence Insights
  • Uncovering GoPhish Deployments
  • Sliver C2 Hunt

• Danny Zendejas
  The Breaches of 2024

• Darktrace
  • A Snake in the Net: Defending Against AiTM Phishing Threats and Mamba 2FA
  • Breaking Down Nation State Attacks on Supply Chains

• Detect FYI
  • AttackRuleMap: Bridging Open-Source Detections and Atomic Tests
  • If you’ve ever worked within security engineering or as an analyst producing any kind of output in…

• Disconinja
  日本におけるC2サーバ調査(Week 52 2024)

• Dzianis Skliar
  • Silent Threats, Strategic Insights: Harnessing Info Stealer Data for Better Decisions
  • Exploiting the Backbone: How API Weaknesses Empower Modern Attackers

• Flashpoint
  United States Charges Dual Russian and Israeli National as Developer of LockBit Ransomware Group

• Chris Hall at Fortinet
  Catching “EC2 Grouper”- no indicators required!

• Huntress
  • 2024: Revisiting a Year in Threats | Huntress
  • Exploring Package Tracking Smishing Scams | Huntress

• Sunny Singh Verma at InfoSec Write-ups
  Threat Hunting With YARA — Motion Graphics Writeup TryHackMe || Detailed Walkthrough || SuNnY

• Intrinsec
  CryptBot: Hunting for initial access vector

• Kijo Girardi
  Day 19 – Threat actor, discovery techniques

• KQL Query
  KQL Sources – 2025 Update

• Brian Krebs at Krebs on Security
  U.S. Army Soldier Arrested in AT&T, Verizon Extortions

• Michalis Michalos
  Automate IP enrichment in Microsoft Sentinel incidents with IP Quality Score (IPQS)

• Nimantha Deshappriya
  RATs on the island

• Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao and Danny Tsechansky at Palo Alto Networks
  Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability

• Pulsedive
  2024 In Review

• SANS Internet Storm Center
  • Changes in SSL and TLS support in 2024, (Mon, Dec 30th)
  • No Holiday Season for Attackers, (Tue, Dec 31st)
  • Goodware Hash Sets, (Thu, Jan 2nd)
  • SwaetRAT Delivery Through Python, (Fri, Jan 3rd)

• Sansec
  Google services abused in skimming campaigns

• SentinelOne
  12 Months of Fighting Cybercrime & Defending Enterprises | SentinelLABS 2024 Review

• Simone Kraus
  • Hunting SVR — Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
  • Playbook Hunting Chinese APT

• Socket
  • Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages
  • Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon

• SOCRadar
  • Dark Web Profile: Gamaredon APT
  • Water Makara Campaign: A Sophisticated Spear-Phishing Attack on Brazilian Enterprises
  • Welcome to SOCRadar’s 2024 Saudi Arabia Threat Landscape Report!

• US Department of State
  Sanctioning PRC Cyber Company Involved in Malicious Botnet Operations

• Valdin
  Tycoon 2FA: Analyzing and Hunting Phishing-as-a-Service Domains
  

UPCOMING EVENTS

• Cellebrite
  • Cellebrite Inseyets: Latest Updates and Capabilities Tips & Tricks (February)
  • Down the Rabbit Hole: Navigating IP Theft Investigations

     

• Cyber 5W
  Join Webinar #5: Scheduled Tasks and GhostTask Investigations

   

• Cyber Triage
  Cyber Triage 3.13 Release Highlights

   

• Dr Josh Stroschein
  Building Your Cyber Career with Gerald Auger

   

• Gerald Auger at Simply Cyber
  You’re Doing DFIR All Wrong!
  

PRESENTATIONS/PODCASTS

• Alexis Brignoni
  Digital Forensics Now Podcast – S2 E7
  
  
• Cellebrite
  Tip Tuesday: Troubleshooting Help in PA
  
  
• Cyberwox
  North Korean Hackers Are Your Next Coworkers: Shadow IT Workers & Insider Threats
  
  
• InfoSec_Bret
  No normal content this weekend, but check out The Instrusion Report…
  
  
• John Hubbard at ‘The Blueprint podcast’
  Success Simplified – The 3 Step Process for Hitting Your Career Goals in 2025 with John Hubbard
  
  
• Karsten Hahn at Malware Analysis For Hedgehogs
  Antivirus myths and how AVs actually work
  
  
• MyDFIR
  • Reflection & Goals for 2025
  • How To Get Into Cybersecurity in 2025 (ACTION PLAN)
    
    
• Oxygen Forensics
  • Cloud Extractor: Easily Extract Cloud Data
  • KeyScout: Collect Computer Artifacts from Windows, macOS, and Linux
  • Translation Tool – Speed Up Your Investigations
  • The Facial Categorization Tool Inside Oxygen Forensic® Detective
    
    
• Sandfly Security
  • Linux Process Running with Hidden Binary Name Attack
  • Linux EDR Detecting Processes Running from Temporary Directory Attack
    
    
• SANS
  Breaking Barriers with Helen Rabe
  
  
• SANS Cloud Security
  HANDS-ON WORKSHOP | Cloud Security Forensics & Incident Response: Aviata Chapter 9
  
  
• Lesley Carhart
  A Fun Chat With Patrick Miller
  

MALWARE

• 0xdf hacks stuff
  • 2024 SANS Holiday Hack Challenge: Snow-maggedon
  • Holiday Hack 2024: Prologue
  • Holiday Hack 2024: Elf Minder 9000
  • Holiday Hack 2024: Elf Connect
  • Holiday Hack 2024: Mobile Analysis
  • Holiday Hack 2024: Act II
  • Holiday Hack 2024: Hardware Hacking 101
  • Holiday Hack 2024: Frosty Keypad
  • Holiday Hack 2024: cURLing
  • Holiday Hack 2024: Act I
    
    
• Dr Josh Stroschein
  09 – Preventing Debugging by using SystemFunction40 (RtlEncryptMemory) on DbgUIRemoteBreakIn
  
  
• Eli Salem
  Green with Evil: Analyzing the new Lockbit 4 Green
  
  
• KanakSasak at InfoSec Write-ups
  Shellcode Analysis
  
  
• Md. Abdullah Al Mamun
  APT38 Attacks A CEO by MacOS Malware
  
  
• Practical Security Analytics
  Building a RuntimeInstaller Payload Pipeline to Evade AV Detection
  
  
• Tony Lambert
  Exploring VenomRAT Metadata and Encryption with YARA – #100DaysOfYara
  
  
• TRAC Labs
  Advancing Through the Cyberfront, LegionLoader Commander
  
  
• Zhassulan Zhussupov
  Malware and cryptography 38 – Encrypt/decrypt payload via Camellia cipher. S-box analyses examples. Simple C example.
  

MISCELLANEOUS

• Jessica Hyde at Hexordia
  An Enormous Thank You to the Hexordia Team for an Incredible 2024!
  
  
• Blu Raven Academy
  Mastering Log Ingestion Delay in Detection Engineering
  
  
• Brian Maloney
  • Happy New Year!
  • DFIR_Toolbar
  • OneDrive Evolution Update
    
    
• Christopher Eng at Ogmini
  • 2025 Zeltser Challenge
  • Hurdles to competing in CTFs
  • POC Malware – Part 1
  • Certification and Training Plans for 2025
    
    
• Fabian Mendoza at DFIR Dominican
  DFIR Jobs Update – 12/30/24
  
  
• Dr. Neal Krawetz at ‘The Hacker Factor Blog’
  Another Year Down
  
  
• Forensic Focus
  Embracing Change: Innovations In Digital Forensics You Need To Know
  
  
• Kevin Pagano at Stark 4N6
  Forensics StartMe Updates (1/1/2025)
  
  
• Patrick Siewert at ‘The Philosophy of DFIR’
  What Is “The Philosophy of DF/IR”?
  
  
• ForwardingPlane
  Building a host telemetry solution using Tailscale
  
  
• Thomas Roccia at SecurityBreak
  2024 Personal Rewind: What a Year!!
  

SOFTWARE UPDATES

• Digital Sleuth
  winfor-salt v2025.0.1
  
  
• FalconForce
  FalconHound v1.4.2
  
  
• Hasherezade
  tiny_tracer 2.9.5
  
  
• IntelOwl
  v6.2.0
  
  
• Oxygen Forensics
  Oxygen Forensic® Detective 17.1 Release
  
  
• Phil Harvey
  ExifTool 13.11
  
  
• Serviço de Perícias em Informática
  IPED Minor Release
  
  
• Three Planet Software
  Apple Cloud Notes Parser v0.22.1
  
  
• Xways
  X-Ways Forensics 21.4 Preview 5
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!