As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• ThinkDFIR
  SRUMday Funday!
  
  
• Akash Patel
  Handling Incident Response: A Guide with Velociraptor and KAPE
  
  
• Belkasoft
  Email Forensics with Belkasoft X
  
  
• Christopher Eng at Ogmini
  • Homelab Part 1 – The Current Setup
  • David Cowen Sunday Funday Challenge – SRUM Validation
  • Expectations vs Reality – Digital Forensic Science Master’s Degree Part 2
  • Investigating Lab Automation – MSLab
  • CISA IR Training – Preventing DNS Infrastructure Tampering (IR206)
  • MSLab – Part 1
  • Homelab Part 2 – The Next Iteration
    
    
• Dr. Brian Carrier at Cyber Triage
  Jump List Forensics 2025
  
  
• Damien Attoe
  • Introducing SQBite (Alpha) – Python Tool for Extracting Records from SQLite Databases
  • The Duck Hunters Guide – Blog #1 – DuckDuckGo Privacy Browser Research Project
  • The Duck Hunters Guide – Blog #2 – DuckDuckGo Browsing History (Android)
    
    
• David Cowen at the ‘Hacking Exposed Computer Forensics’ blog
  • Daily Blog #716: Sunday Funday 1/12/25
  • Daily Blog #717: Getting free Azure credits for testing
  • Daily Blog #718: Building test environments in 2025
  • Daily Blog #719: Installing project adaz
  • Daily Blog #720: Spotlight on zeltser challenge participant – Chris Eng
  • Daily Blog #720: The new hardest question to answer in an incident
  • Daily Blog #721: Solution Saturday 1/18/25
    
    
• Dr. Neal Krawetz at ‘The Hacker Factor Blog’
  Donuts and Forensics
  
  
• DriveSavers Data Recovery Services
  Case Study: SQL Server and Database Recovery After Ransomware Attack
  
  
• Forensafe
  Investigating Android Truth Social
  
  
• Sidharth Panda at InfoSec Write-ups
  Forensic and Pwn: UofTCTF 2025
  
  
• Iram Jack
  • Binaries, Executables, and Rootkits
  • IronShade
  • Disgruntled
  • Tardigrade
  • All About Yara
  • From Zero to YARA
  • Threat Hunting with YARA
    
    
• Marco Neumann at ‘Be-binary 4n6’
  Windows Recycle Bin – The known and the unknown
  
  
• Oleg Skulkin at ‘Know Your Adversary’
  • 012. They Want to Know Everything About Your System!
  • 014. Encrypting S3 Buckets Abusing Native AWS Services
  • 013. It Can Remove Rootkits. And Your EDR!
  • 015. Threat Actors Can Abuse Even This Kind of Software
  • 016. Good and Bad USB Drives
  • 017. Star Blizzard and Stolen WhatsApp accounts
  • 018. That’s How Real Adversaries Abuse Wksprt.exe and Use DLL Proxying
    
    
• Patrick Siewert at ‘The Philosophy of DFIR’
  Effective Advanced Communication in DF/IR
  
  
• Ryan Benson at dfir.blog
  Authenticating Screenshots from Netflix’s Carry-On Movie
  
  
• Salvation DATA
  Harnessing Logical Evidence in Digital Forensics Investigations
  
  
• Eric Woodruff at Semperis
  LDAPNightmare Explained
  

THREAT INTELLIGENCE/HUNTING

• Akash Patel
  • SentinelOne(P10- New SentinelOne Console): A Practical Guide/An Practical Training
  • SentinelOne Threat Hunting Series P1: Must-Have Custom Detection Rules
  • SentinelOne Threat Hunting Series P2: Must-Have Custom Detection Rules
  • SentinelOne Threat Hunting Series P3: Must-Have Custom Detection Rules
    
    
• Alex Necula
  Ransomware Gangs weaponize Windows Defender Application Control (WDAC) to disable EDR products.
  
  
• Alex Teixeira
  Becoming a Detection Engineering Contractor, Part I — The Motivation
  
  
• Any.Run
  • Threat Intelligence Pivoting: Actionable Insights Behind Indicators
  • YARA Rules: Cyber Threat Detection Tool for Modern Cybersecurity
  • Malware Trends Overview Report: 2024
    
    
• Ayelen Torello at AttackIQ
  Updated Response to CISA Advisory (AA23-136A): #StopRansomware: BianLian Ransomware Group
  
  
• teve de Vera and Jennifer Pa at AWS Security
  Preventing unintended encryption of Amazon S3 objects
  
  
• Bayaz Net
  Threat Hunt — Detecting Immutable Processes With UAC
  
  
• BI Zone
  Nearly impossible to detect: GuLoader weaponized against Russian organizations
  
  
• Binalyze
  • Binalyze AIR in Action: Detect malware on a potentially infected system
  • Unmasking Business Email Compromise: The Silent Threat to Organizations
    
    
• Jade Brown at Bitdefender
  Bitdefender Threat Debrief
  
  
• BushidoToken
  Analysis of Counter-Ransomware Activities in 2024
  
  
• Dylan at ByteIntoCyber
  Microsoft 365 Application IDs – BEC Investigation Resources
  
  
• Censys
  • Le vrai Volt Typhoon va-t-il se lever ?
  • Massive FortiGate Config Leak: Assessing the Impact
    
    
• CERT Ukraine
  Спроби здійснення кібератак з використанням AnyDesk, нібито, від імені CERT-UA
  
  
• CERT-AGID
  • Analisi di una campagna Lumma Stealer con falso CAPTCHA condotta attraverso domino italiano compromesso
  • Phishing finanziario sfrutta false comunicazioni del Ministero della Salute
  • Sintesi riepilogativa delle campagne malevole nella settimana del 11 – 17 gennaio
    
    
• Check Point
  • 13th January– Threat Intelligence Report
  • FunkSec: The Rising Yet Controversial Ransomware Threat Actor Dominating December 2024
    
    
• CISA
  CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook
  
  
• CTF导航
  近些年APT-C-60（伪猎者）组织使用的载荷分析
  
  
• Cyble
  Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques
  
  
• Cyfirma
  Weekly Intelligence Report – 17 Jan 2025
  
  
• Darktrace
  RansomHub Ransomware: Darktrace’s Investigation of the Newest Tool in ShadowSyndicate’s Arsenal
  
  
• Nathan Burns at Detect FYI
  VMware ESXi Logging & Detection Opportunities
  
  
• Disconinja
  日本におけるC2サーバ調査(Week 2 2025)
  
  
• Elliptic
  Huione: the company behind the largest ever illicit online marketplace has launched a stablecoin
  
  
• Esentire
  MintsLoader: StealC and BOINC Delivery
  
  
• Ryan Slaney and Chris Price at Field Effect
  Grixba’s disguise: Play Ransomware impersonates SentinelOne for stealth recon
  
  
• Carl Windsor at Fortinet
  Analysis of Threat Actor Data Posting
  
  
• g0njxa
  Lumma Stealer Q&A
  
  
• Google Cloud Security Community
  Beyond the Matrix Reloaded
  
  
• Group-IB
  The Realty of Deception: Real Estate Scams Uncovered in the Middle East
  
  
• GuidePoint Security
  • Unveiling the GRIT 2025 Ransomware and Cyber Threat Report
  • RansomHub Affiliate leverage Python-based backdoor
    
    
• Halcyon
  Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
  
  
• HP Wolf Security
  HP Wolf Security Threat Insights Report: January 2025
  
  
• Hunt IO
  ‘JustJoin’ Landing Page Linked to Suspected DPRK Activity Resurfaces
  
  
• David Brunsdon at Infoblox
  One Mikro Typo: How a simple DNS misconfiguration enables malware delivery by a Russian botnet
  
  
• InfoSec Write-ups
  • Data Exfiltration in SQL Injection Attacks: A Hidden Cybersecurity Threat
  • Redefining Cyber Threat Intelligence with AI
  • Understanding Malware Packers
    
    
• Nicole Fishbein at Intezer
  Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations
  
  
• KELA Cyber Threat Intelligence
  IntelBroker Unmasked: KELA’s In-Depth Analysis of a Cybercrime Leader
  
  
• Brian Krebs at Krebs on Security
  Chinese Innovations Spawn Wave of Toll Phishing Via SMS
  
  
• Krishna Sai Marella
  Digital Arrest Scams : A Growing Threat to Citizens of The Republic of India
  
  
• Microsoft Security
  New Star Blizzard spear-phishing campaign targets WhatsApp accounts
  
  
• Nisos
  The Insider Threat Digital Recruitment Marketplace
  
  
• Stamatis Chatzimangou at NVISO Labs
  Detecting Teams Chat Phishing Attacks (Black Basta)
  
  
• Palo Alto Networks
  • One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks
  • Threat Brief: CVE-2025-0282 and CVE-2025-0283
    
    
• Wang Hao, daji, Alex.Turing, and Acey9 at Qi’anxin X Lab
  Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI
  
  
• Red Alert
  • Monthly Threat Actor Group Intelligence Report, September 2024 (JPN)
  • Monthly Threat Actor Group Intelligence Report, October 2024 (ENG)
    
    
• Ivan Khamenka at ReliaQuest
  Ransomware and Cyber Extortion in Q4 2024
  
  
• Sai Molige
  The Methodology of Threat Hunting Research
  
  
• Apurv Singh Gautam and Sean O’Connor at SANS
  Undercover Operations: Scraping the Cybercrime Underground
  
  
• SANS Internet Storm Center
  • Multi-OLE, (Sun, Jan 12th)
  • Wireshark 4.4.3 Released, (Sat, Jan 11th)
  • Hikvision Password Reset Brute Forcing, (Mon, Jan 13th)
  • The Curious Case of a 12-Year-Old Netgear Router Vulnerability, (Wed, Jan 15th)
  • Extracting Practical Observations from Impractical Datasets, (Thu, Jan 16th)
  • Leveraging Honeypot Data for Offensive Security Operations [Guest Diary], (Fri, Jan 17th)
  • New tool: immutable.py, (Sat, Jan 18th)
  • Zero Trust and Entra ID Conditional Access, (Sun, Jan 19th)
    
    
• Gerardo Santos at Security Art Work
  GRU: Forest Blizzard – una visita a sus operaciones más interesantes desde el inicio de la guerra con Ucrania
  
  
• Dheeraj Kumar, and Sina Chehreghani at Securonix
  Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights
  
  
• Sekoia
  • Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
  • Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
    
    
• Shayan Ahmed Khan
  Velociraptor: The Ultimate Powerhouse for Swift and Precision Investigations
  
  
• Simone Kraus
  Proxy Wars in Cyberspace — Integrated Operations of Hacktivists
  
  
• Socket
  • Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
  • Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
    
    
• SpecterOps
  • Part 16: Tool Description
  • Intune Attack Paths — Part 1
  • Introducing BloodHound CLI
    
    
• Stephan Berger
  Analysis of Python’s .pth files as a persistence mechanism
  
  
• Puja Srivastava at Sucuri
  Japanese Spam on a Cleaned WordPress Site: The Hidden Sitemap Problem
  
  
• Symantec Enterprise
  • Likely China-based Attackers Target High-profile Organizations in Southeast Asia
  • U.S. Organization in China Targeted by Attackers
    
    
• Sysdig
  Detecting and mitigating CVE-2024-12084: rsync remote code execution
  
  
• System Weakness
  Security Research: TeslaLogger Technical Analysis and Asset Intelligence
  
  
• Efstratios Lontzetidis at Valdin
  Lazarus APT: Techniques for Hunting Contagious Interview
  
  
• Martin Smolár at WeLiveSecurity
  Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
  
  
• Merav Bar and Gili Tikochinski at Wiz
  Tracking cloud-fluent threat actors – Part two: Behavioral cloud IOCs
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2025-01-20 #livestream #infosec #infosecnews
  
  
• Magnet Forensics
  • Cyber Unpacked S1:E3 // Bridging the Gap: Integrating MITRE ATT&CK with Magnet Axiom Cyber
  • Give your lab an investigative edge with Magnet One
    

PRESENTATIONS/PODCASTS

• Adversary Universe Podcast
  See You I-Soon: A Peek at China’s Offensive Cyber Operations
  
  
• Behind the Binary by Google Cloud Security
  EP04 Stephen Eckels – A Journey From Game Modding to SolarWinds: How One Gamer Became a Renowned Reverse Engineer
  
  
• Black Hills Information Security
  • Introduction to Zeek Log Analysis
  • REKAST – Talkin’ Bout [infosec] News 2025-01-13 #infosecnews #cybersecurity #podcast #podcastclips
    
    
• Breaking Badness
  Tanya Janca on Secure Coding, AppSec, and Breaking Barriers in Cybersecurity
  
  
• Cellebrite
  Tip Tuesday: Chat Capture, Part 1
  
  
• Chainalysis
  How IRS Criminal Investigation Unit Tackles Crypto Crimes: Podcast Ep. 145
  
  
• Chris Sienko at the Cyber Work podcast
  Incident response: What I learned from a hands-on project | Guest Gamuchirai Muchafa
  
  
• Cloud Security Podcast by Google
  EP206 Paying the Price: Ransomware’s Rising Stakes in the Cloud
  
  
• Huntress
  Tradecraft Tuesday | Tradecraft Predictions for 2025
  
  
• InfoSec_Bret
  Challenge – Browser Exploit
  
  
• John Hammond
  • BLOB Based Phishing Scams
  • The State of Cybercrime [2024]
  • Detection Engineering with Wazuh
    
    
• Magnet Forensics
  • Introduction to Magnet Verify
  • Cyber Unpacked S1:E2 // Uncovering the unseen: Mastering mobile data for internal investigations and eDiscovery
    
    
• Mostafa Yahia
  DFIR (Windows Forensics) Course: Search history “WordWheelQuery”
  
  
• MSAB
  XAMN Pro Column View Changes
  
  
• MyDFIR
  Cybersecurity SOC Analyst Lab – Network Ransomware
  
  
• OALabs
  USB Ethernet Adapter Malware??? Chinese RJ45-USB Full Analysis – Part 1
  
  
• Paraben Corporation
  • Paraben E3 Forensic Platform Release version 4 2
  • E3 Demonstration on Windows 11 File System
  • E3 Demonstration of iOS and Android Devices
    
    
• Sandfly Security
  Hidden Linux Binary Threats for Intruders and Malware
  
  
• SANS
  • FUD Special
  • SANS AI Cybersecurity Summit | Highlight | Jess Garcia
    
    
• Security Conversations
  Inside the PlugX malware removal operation, CISA takes victory lap and another Fortinet 0day
  
  
• The Cyber Mentor
  • Decoding Shellcode into Assembly Code – Made Easy!
  • I Hacked Myself & Analyzed It with Sysmon
    
    
• The Microsoft Security Insights Show
  The Microsoft Security Insights Show Episode 242 – Miguel Clarke
  

MALWARE

• Alexandre Borges at ‘Exploit Reversing’
  Malware Analysis Series (MAS): article 10 | Linux
  
  
• ASEC
  • Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page
  • DigitalPulse Proxyware Being Distributed Through Ad Pages
  • Warning Against ModiLoader (DBatLoader) Spreading via MS Windows CAB Header Batch File (*.cmd)
    
    
• Dr Josh Stroschein
  Stepping Through Signatures in Detect-It-Easy: Leveraging the Signature Debugger
  
  
• Xiaopeng Zhang, Faisal Abdul Malik Qureshi and John Simmons at Fortinet
  Deep Dive Into a Linux Rootkit Malware
  
  
• G Data Security
  An honest mistake – and a cautionary tale
  
  
• Google Cloud Threat Intelligence
  Backscatter: Automated Configuration Extraction
  
  
• Christopher Lopez & Nick Zolotko at Kandji
  Potential Stealer: Purrglar in Progress
  
  
• Gabor Szappanos at Sophos
  Gootloader inside out
  
  
• Trend Micro
  • Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR
  • IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024
    
    
• Karl Biron at Trustwave SpiderLabs
  The Database Slayer: Deep Dive and Simulation of the Xbash Malware
  
  
• Zhassulan Zhussupov
  Malware and cryptography 39 – encrypt/decrypt payload via DES-like cipher. Simple C example.
  

MISCELLANEOUS

• Adam Chester at XPN
  ADFS – Living in the Legacy of DRS
  
  
• Peter Sosic at Amped
  Amped Software Training & Certification: Empower Your Investigations with Amped’s 2025 Training
  
  
• Anton Chuvakin
  A Brief Guide for Dealing with ‘Humanless SOC’ Idiots
  
  
• Brad Garnett
  Brad Bits: January 15, 2025
  
  
• Brett Shavers
  • Thinking Beyond Tools: Elevate Your DF/IR Skills with an Investigative Mindset
  • I paid $250,000 to learn forensics…and still don’t know forensics…
  • Do IT Pros Make the Best DF/IR Investigators?
    
    
• Brian Maloney
  Autopsy Hardening Guide: Part 2
  
  
• Cado Security
  • Understanding the Technology that Powers the Cado Platform
  • From Data Capture to Analysis: How Cado Simplifies Cloud Investigations
    
    
• Cellebrite
  • Corporate Investigations on the Go: Collecting Data from Anywhere
  • Enhancing Legal Workflows with Seamless Mobile Data Collection and Analysis
    
    
• Fabian Mendoza at DFIR Dominican
  DFIR Jobs Update – 01/13/25
  
  
• Forensic Focus
  • Newly Patented Remote Mobile Collection Technology Is A Game-Changer For Corporate Investigators 
  • Exterro Hosts UK Digital Forensics Roadshow: Shaping The Future Of Investigations
  • Digital Forensics Round-Up, January 15 2025
  • GMDSOFT Tech Letter Vol 8. Investigating AirDrop Transfer Activities
  • Amped Software Training & Certification: Empower Your Investigations With Amped’s 2025 Training
  • When The Job Comes Home: The Personal Toll Of Digital Forensics
  • The Silent Threat: How Fraud Is Costing You 
    
    
• iBlue Team
  Azure Blob storage with NGINX proxy
  
  
• Invictus Incident Response
  Training Schedule – 2025
  
  
• Jack Burgess
  How many attacks are we missing? Let’s calculate it
  
  
• Luke Bradley
  ChatGPT Records: A New Frontier in Digital Evidence
  
  
• Magnet Forensics
  • The role of AI and digital forensics in modern policing 
  • How cloud-based DFIR solutions accelerate investigations
    
    
• Matt Shannon at F-Response
  Which F-Response is right for you?
  
  
• Oxygen Forensics
  What Lies Ahead: 5 Solutions for Today’s Cloud Forensics Challenges
  
  
• Jimmy Astle at Red Canary
  Incorporating AI agents into SOC workflows
  
  
• Piers Shearman at Red Goat
  10 Ways to Improve Your Incident Response Plan
  
  
• Ross Donnelly at Keith Borer Consultants
  Establishing a career in Digital Forensics
  
  
• Security Onion
  Coming soon to Security Onion: Elastic Agent Deployment via MSI!
  

SOFTWARE UPDATES

• Alexis Brignoni
  iLEAPP v2.0.3
  
  
• C.Peter
  UFADE 0.9.7
  
  
• c3rb3ru5
  binlex v2.0.0-rc2
  
  
• Canadian Centre for Cyber Security
  Assemblyline Release 4.5.0.68
  
  
• Datadog Security Labs
  GuardDog v2.3.0
  
  
• Digital Sleuth
  winfor-salt v2025.3.2
  
  
• Eric Zimmerman
  ChangeLog
  
  
• Keith McCammon
  Atomic Red Team ATT&CK tool updated to v16.1
  
  
• MISP
  • MISP 2.4.204 and 2.5.6 released including new features, performance improvements and many other improvements.
  • MISP 2.4.202 and 2.5.4 released with numerous enhancements including analyst data, bug fixes, and security improvements
  • MISP 2.4.203 and 2.5.5 released including new features, improvements and many security improvements.
    
    
• OpenCTI
  • 6.4.8
  • 6.2.7-hotfix
    
    
• Phil Harvey
  ExifTool 13.12
  
  
• SigmaHQ
  pySigma v0.11.19
  
  
• Ulf Frisk
  MemProcFS Vesion 5.14
  
  
• Volatility Foundation
  Volatility 3 2.11.0
  
  
• Xways
  • X-Ways Forensics 21.1 SR-10
  • X-Ways Forensics 21.3 SR-8
  • X-Ways Forensics 21.4 Beta 1
    
    
• Yogesh Khatri at ‘Swift Forensics’
  mac_apt update to BTM processing
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!