As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Atola Technology
  Mastering Drive Wiping: Ensuring Data Security
  
  
• Akash Patel
  • Lateral Movement Analysis: Using Chainsaw, Hayabusa, and LogParser for Cybersecurity Investigations
  • Tracing Reused $MFT Entries Paths : Recovering Deleted File Paths Forensically with CyberCX…
    
    
• Belkasoft
  Windows Browser Forensics 101
  
  
• Brian Maloney
  Autopsy Hardening Guide: Part 1
  
  
• Dr. Brian Carrier at Cyber Triage
  Information Artifacts: Simplify DFIR Analysis
  
  
• David Cowen at the ‘Hacking Exposed Computer Forensics’ blog
  • Daily Blog #709: Sunday Funday 1/5/25 Entra ID and Bloodhound
  • Daily Blog #710: Developing an AWS Examination Tool Part 1
  • Daily Blog #711: Developing an AWS Examination Tool Part 2
  • Daily Blog #712: Developing an AWS Examination Tool Part 3
  • Daily Blog #713: Developing an AWS Examination Tool Part 4
  • Daily Blog #714: Forensic Lunch 1/10/25 with Ryatt Roesrma talking about fine tuning AI models
  • Daily Blog #715: Solution Saturday 1/11/25
    
    
• Decrypting a Defense
  Digital License Plates, Encrypted Messaging, Drone Panic, State of the Surveillance State & More
  
  
• Oleg Afonin at Elcomsoft
  iPhone and iPad Acquisition Methods: Yet Another Comparison
  
  
• Forensafe
  Unlocking the Power of ArtiFast AI
  
  
• Iram Jack
  • Live Forensics | An Overview
  • System Profiling
  • Tool of the Trade | Osquery
  • Hunting for Processes
  • Persistence: Establishing Foothold
  • Files, Permissions, and Timestamps
  • Users, Groups, Directories, and Files
    
    
• Justin De Luna at ‘The DFIR Spot’
  A BITS of a Problem – Investigating BITS Jobs
  
  
• Oleg Skulkin at ‘Know Your Adversary’
  • 006. They Will Steal All Passwords from Any App with This Tool
  • 007. A Curious Case of Microsoft Management Console Abuse
  • 008. How Stealthy is Installation of an Advanced Backdoor?
  • 009. Anti-Forensics and China-nexus
  • 010. Do You Detect This Example of PowerShell Abuse?
  • 011. Red Wolf Toolset Update
    
    
• Salvation DATA
  • How to Recover Deleted Messages for Legal Investigations
  • Essential Skills Every Forensic Examiner Must Master in 2025
    
    
• Tarek Mostafa
  Email Investigation
  

THREAT INTELLIGENCE/HUNTING

• Faan Rossouw at Active Countermeasures
  Malware of the Day – Tunneling RDP with Microsoft Dev Tunnels
  
  
• Antonio Formato
  What’s new in TI Mindmap | Dec 2024
  
  
• Stefan Hostetler, Julian Tuin, Trevor Daher, Jon Grimm, Alyssa Newbury, Joe Wedderspoon, and Markus Neis at Arctic Wolf
  Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls
  
  
• ASEC
  • Statistical Report on Malware Targeting Windows Web Servers in Q4 2024
  • December 2024 Threat Trend Report on APT Attacks (South Korea)
  • December 2024 Threat Trend Report on Ransomware
  • Statistical Report on Malware Threat in Q4 2024
  • Play Ransomware Attack Cases Detected by AhnLab EDR
  • Increase in Distribution of AutoIt Compile Malware via Phishing Emails
    
    
• Francis Guibernau at AttackIQ
  Emulating the Tenacious Ako Ransomware
  
  
• Brad Duncan at Malware Traffic Analysis
  2025-01-09: CVE-2017-0199 XLS –> HTA –> VBS –> steganography –> DBatLoader/GuiLoader style malware
  
  
• Calum Hall at Cado Security
  The Case for SOC Augmentation: Empowering Analysts, Not Replacing Them
  
  
• CERT-AGID
  • PEC compromesse: Vidar sfrutta un nuovo metodo di offuscamento
  • Nuovo formato per ClamAV disponibile tramite il flusso IoC del CERT-AGID
  • Sintesi riepilogativa delle campagne malevole nella settimana del 4 – 10 gennaio
    
    
• Check Point
  • 6th January– Threat Intelligence Report
  • Banshee: The Stealer That “Stole Code” From MacOS XProtect
  • FunkSec – Alleged Top Ransomware Group Powered by AI
    
    
• CISA
  Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
  
  
• CrowdStrike
  Recruitment Phishing Scam Imitates CrowdStrike Hiring Process
  
  
• CTF导航
  • 初探Qiling framework
  • SwaetRAT python loader分析
  • 破译APK口令，解锁知识宝藏：大狗Unlock活动优质经验分享
  • Mirai僵尸网络卷土重来，中美等国成主攻目标
  • 警惕境外APT组织在GitHub投毒，攻击国内安全从业者、指定大企业
    
    
• Omer Grossman at CyberArk
  CIO POV: Ransomware and Resilience—2024’s Biggest Cyber Stories
  
  
• Cyfirma
  Weekly Intelligence Report – 10 Jan 2025
  
  
• Roman Faithfull at Cyjax
  The Great Morpheus: New Extortion Group DLS Emerges
  
  
• Darktrace
  Detecting and mitigating adversary-in-the-middle phishing attacks with Darktrace Services
  
  
• Detect FYI
  Hunting SVR — Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
  
  
• Disconinja
  日本におけるC2サーバ調査(Week 1 2025)
  
  
• Elastic Security Labs
  Detonating Beacons to Illuminate Detection Gaps
  
  
• Carl Windsor at Fortinet
  Phish-free PayPal Phishing
  
  
• John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, and Jacob Thompson at Google Cloud Threat Intelligence
  Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
  
  
• Group-IB
  Social Engineering in Action: How Fraudsters Exploit Trust with Fake Refund Schemes in the Middle East
  
  
• Raj at Hacking Articles
  Abusing AD-DACL: AddSelf
  
  
• Halcyon
  Ransomware on the Move: Cl0p, FunkSec, Akira, RansomHub
  
  
• Hudson Rock
  Telefonica Breach: Infostealer Malware Opens Door for Social Engineering Tactics
  
  
• Hunt IO
  • Golang Beacons and VS Code Tunnels: Tracking a Cobalt Strike Server Leveraging Trusted Infrastructure
  • Cyberhaven Extension Compromise: TLS Certificates Reveal Hidden Infrastructure
    
    
• Greg Linares, Matt Anderson, and Alden Schmidt at Huntress
  Hunt for RedCurl | Huntress
  
  
• Infoblox
  Muddling Malspam: The Use of Spoofed Domains in Malicious Spam
  
  
• Inginformatico
  Lista de grupos APT con motivaciones y métodos de ataque
  
  
• Intel 471
  What 2025 May Hold for Cybersecurity
  
  
• Jeffrey Appel
  How to check and block “malicious” browser extensions with Microsoft Defender and Intune?
  
  
• Kandji
  Behavioral Detections: Kandji EDR’s Latest Defense Update Against Threats
  
  
• Brian Krebs at Krebs on Security
  A Day in the Life of a Prolific Voice Phishing Crew
  
  
• George Glass, Keith Wojcieszek, and Laurie Iacono at Kroll
  November Threat Intelligence Spotlight Report
  
  
• Ugur Koc and Bert-Jan Pals at Kusto Insights
  Kusto Insights – December Update
  
  
• Bibek Thapa Magar and Ujwal Thapa at Logpoint
  EDR Killers: After All, EDRs Are Not Invincible
  
  
• Malwarebytes
  GroupGreeting e-card site attacked in “zqxq” campaign 
  
  
• Michalis Michalos
  Five (plus one) notable cyber attacks in Greece during 2024
  
  
• Natto Thoughts
  Chengdu: Teahouses, Hotpots, Universities and … Hackers
  
  
• Recorded Future
  Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain
  
  
• Red Alert
  Monthly Threat Actor Group Intelligence Report, November 2024 (KOR)
  
  
• Brian Davis at Red Canary
  Shrinking the haystack: The six phases of cloud threat detection
  
  
• Alessio Stefan at Red Hot Cyber
  The Story Of Conti Ransomware – The Last Ceremony (Final Episode)
  
  
• John Doyle, Gert-Jan Bruggink, Steven Savoldelli, and Callie Guenther at SANS
  Beyond Meh-trics: Examining How CTI Programs Demonstrate Value Using Metrics
  
  
• SANS Internet Storm Center
  • Make Malware Happy, (Mon, Jan 6th)
  • PacketCrypt Classic Cryptocurrency Miner on PHP Servers, (Tue, Jan 7th)
  • Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary], (Thu, Jan 9th)
  • Windows Defender Chrome Extension Detection, (Fri, Jan 10th)
    
    
• Security Investigation
  Comprehensive List of APT Threat Groups, Motives, and Attack Methods
  
  
• SOCRadar
  • Dark Web Profile: Kairos Extortion Group
  • Black Basta’s Tactical Evolution: Deploying Zbot, DarkGate, and Bespoke Malware
  • Turla Cyber Campaign Targeting Pakistan’s Critical Infrastructure
  • Major Cyber Attacks in Review: December 2024
    
    
• SpecterOps
  • ADFS — Living in the Legacy of DRS
  • Part 15: Function Type Categories
    
    
• Sam Scholten at Sublime Security
  Hiding a $50,000 BEC financial fraud in a fake email thread
  
  
• System Weakness
  • [Blue Team Labs Online Write-up] Deep Freeze
  • [Blue Team Labs Online] Aspen
  • [Blue Team Labs Online Write-up] Krampus
  • SSH LLM Honeypot caught a real threat actor
    
    
• Tomer Shloman at Trellix
  Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike
  
  
• Trend Micro
  Trend Micro Contributes and Maps Container Security to MITRE ATT&CK: A Game-Changer for Cyber Defense
  
  
• Rodel Mendrez at Trustwave SpiderLabs
  The State of Magecart: A Persistent Threat to E-Commerce Security
  
  
• Sreekar Madabushi at Valdin
  Tracking Threat Actors with Validin
  
  
• Joseliyo Sánchez at VirusTotal
  Research that builds detections
  
  
• watchTowr Labs
  • Backdooring Your Backdoors – Another $20 Domain, More Governments
  • Do Secure-By-Design Pledges Come With Stickers? – Ivanti Connect Secure RCE (CVE-2025-0282)
    
    
• Phil Muncaster at WeLiveSecurity
  State-aligned APT groups are increasingly deploying ransomware – and that’s bad news for everyone
  
  
• Gal Nagli, Merav Bar, Gili Tikochinski, and Shaked Tanchuma at Wiz
  Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
  
  
• Wladimir Palant at ‘Almost Secure’
  How extensions trick CWS search
  
  
• Peter Girnus at Zero Day Initiative
  ZDI Threat Hunting 2024: Highlights, Trends, & Challenges
  

UPCOMING EVENTS

• Jessica Hyde at Hexordia
  Magnet Virtual Summit CTF Powered by Hexordia: Elevate Your Digital Forensics Skills!
  
  
• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2025-01-13 #livestream #infosec #infosecnews
  
  
• Cado Security
  Defining the ‘R’ in CDR: A Realistic Approach to Responding to Cloud Detections
  
  
• Eclypsium
  2025 Threat Landscape Trends to Watch
  
  
• Magnet Forensics
  • Introduction to Magnet Verify
  • Cyber Unpacked S1:E2 // Uncovering the unseen: Mastering mobile data for internal investigations and eDiscovery
    
    
• Emma Burdett at Rapid7
  Securing Success: Stories from the SOC Webinar Series
  
  
• SANS
  SANS Threat Analysis Rundown with Katie Nickels | January 2025
  

PRESENTATIONS/PODCASTS

• Black Hills Information Security
  REKAST – Talkin’ Bout [infosec] News 2025-01-06 #infosecnews #cybersecurity #podcast #podcastclips
  
  
• Breaking Badness
  Cybersecurity Tales: Espionage, Ransomware, and the Stories Behind the Threats
  
  
• Cellebrite
  Tip Tuesday: Inseyets UFED
  
  
• Dr Josh Stroschein
  What To Look for in the Cyber Landscape 2025 with Ryan Chapman and Aaron Rosenmund
  
  
• InfoSec_Bret
  Challenge – Windows Theme Spoofing
  
  
• John Hammond
  • Learn Active Directory!
  • Godot Game Used As Malware
    
    
• Magnet Forensics
  • Unlocking mobile insights for traffic investigations
  • Cyber Unpacked S1:E1 // From zero to YARA hero: Detect malware like a pro
    
    
• Mark Baggett
  SEC573 Question and Answers
  
  
• Microsoft Threat Intelligence Podcast
  Threat Landscape Update: North Korean IT Workers, OSINT, and Remote Monitoring and Management Abuse
  
  
• MSAB
  XAMN 8.0 – Introducing the new Highlights Tab
  
  
• MyDFIR
  Practice KQL for FREE | Cybersecurity Training (KC7)
  
  
• Paraben Corporation
  Paraben’s E3 Forensic Platform for Digital Investigations
  
  
• Richard Davis at 13Cubed
  Be Kind, Rewind… The USN Journal
  
  
• Sandfly Security
  • Linux Immutable Malware Process Binary Attack
  • Immutable File Attack Persistence on Linux
    
    
• SANS
  • The Booming Business of Cyber Crime with Geoff White
  • SANS Webcast | Detection Engineering in the Cloud: A Defenders Wonderland
    
    
• Security Conversations
  Hijacking .gov backdoors, Ivanti 0days and a Samsung 0-click vuln
  
  
• SentinelOne
  LABScon24 Replay | The Real AI Race: Disinformation in the Taiwanese Election
  
  
• The Citizen Lab
  Sweet QuaDreams or Nightmare before Christmas? Bill Marczak on Dissecting an iOS 0-Day
  

MALWARE

• Alexandre Borges at ‘Exploit Reversing’
  Malware Analysis Series (MAS): article 09 | Shellcode
  
  
• Cyble
  HexaLocker V2: Skuld Stealer Paving the Way prior to Encryption
  
  
• Pulsedive
  Assemblyline 101 – Open Source Malware Triage
  
  
• Wang Hao, Alex.Turing, Acey9 at Qi’anxin X Lab
  Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.
  
  
• Saurabh Sharma and Vasily Berdnikov at Securelist
  EAGERBEE, with updated and novel components, targets the Middle East
  
  
• Kirill Boychenko at Socket
  Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets
  
  
• Puja Srivastava at Sucuri
  Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection
  
  
• TRAC Labs
  PEAKLIGHT: Illuminating the Shadows
  
  
• Trend Micro
  • Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
  • How Cracks and Installers Bring Malware to Your Device
    
    
• بانک اطلاعات تهدیدات بدافزاری پادویش
  Trojan_Android_MedusaV3
  

MISCELLANEOUS

• Yulia Samoteykina at Atola
  2024. Year in Review
  
  
• Brett Shavers
  • Do narcs make the best DF/IR investigators?
  • Top 10 Tools Every DF/IR Practitioner Should Master in 2025
    
    
• Cellebrite
  • The Cellebrite-Relativity Partnership Sets the Standard for Remote Mobile Collection
  • Cellebrite to Report Fourth-Quarter and Fiscal Year 2024 Financial Results on February 13, 2025
    
    
• Christopher Eng at Ogmini
  • First Week Musings
  • Expectations vs Reality – Digital Forensic Science Master’s Degree
  • CISA IR Training – Defend Against Ransomware Attacks Cyber Range Training (IR209)
  • Powerschool Hack
  • K-12 Student Data – Why would anyone steal that?
  • Forensics Software – Automated Regression/Version Testing Part 1
  • Hex Editors for Digital Forensics and Reverse Engineering
    
    
• Craig Ball at ‘Ball in your Court’
  Leery Lawyer’s Guide to AI
  
  
• Danny Zendejas
  Cybersecurity Career Path: Detection and Response
  
  
• Forensic Focus
  • AI Takes The Stand: Revolutionizing eDiscovery In The Legal World
  • UPCOMING WEBINAR – A New Era In Digital Investigations: Be The First To Discover
  • Digital Forensics Round-Up, January 08 2024
  • Forensic focus Digest, January 10 2025
  • Andrew Tyshchenko, Head of Hardware, Atola Technology
    
    
• Matt Shannon at F-Response
  What is F-Response?
  
  
• Oxygen Forensics
  Oxygen Forensics and CloudNine: What is Modern Data ECA?
  
  
• Amber Schroader at Paraben Corporation
  2024 Digital Forensic Review
  
  
• Plainbit
  LogLayer: 개발자를 위한 혁신적인 통합 로깅 라이브러리
  
  
• Security Onion
  • Coming soon: AI Summaries in Alerts!
  • Coming soon: tune alerts without leaving the Alerts interface
  • Coming soon: Zeek 7 and support for more protocols like QUIC, HTTP2, OpenVPN, and IPSEC!
  • Coming soon to Security Onion: ATT&CK Navigator Improvements!
    
    
• Tyler Brozek
  GIAC Experienced Incident Handler Certification Preparation (GX-IH)
  
  
• VMRay
  Unveiling the Power of Threat Intelligence Platforms
  

SOFTWARE UPDATES

• Datadog Security Labs
  GuardDog v2.2.0
  
  
• Digital Sleuth
  • WIN-FOR v10.0.1
  • winfor-salt v2025.1.0
    
    
• Eric Zimmerman
  ChangeLog
  
  
• IntelOwl
  v6.2.1
  
  
• Manabu Niseki
  Mihari v8.0.2
  
  
• OpenCTI
  6.4.6
  
  
• Paraben Corporation
  Starting 2025 with E3 Forensic Platform version 4.2
  
  
• Xways
  X-Ways Forensics 21.4 Preview 6
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!