As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Akash Patel
  • File Carving: A Simple and Powerful Way to Recover Deleted Files || String Searching with bstrings…
  • MFTECmd-MFTexplorer: A Forensic Analyst’s Guide
  • Baseline Analysis in Memory Forensics: A Practical Guide
  • Mastering AmcacheParser and appcompatprocessor.py for Amcache.hiv Analysis
    
    
• Brett Shavers
  Think You Don’t Need WinFE? Wait Until You Do.
  
  
• Cellebrite
  Tips and Tricks for Simplifying Your Investigations with Endpoint Inspector 2.5 
  
  
• Christopher Eng at Ogmini
  • Notepad++ – Documenting Digital Artifacts Part 2
  • Playing with Cursor AI – Notepad++ Digital Artifacts
  • Magnet Virtual Summit 2025 CTF / Belkasoft CTF 01
  • Magnet Virtual Summit 2025 CTF – Pre-Analysis
  • Magnet Virtual Summit 2025 CTF – Post-Analysis
  • Windows Notepad vs Notepad++ – Artifact Comparison
  • Investigating Visual Studio Code
    
    
• Chris Ray at Cyber Triage
  How to Find WMI Consumers: Complete Guide for IT & Investigators
  
  
• Krzysztof Gajewski at CyberDefNerd
  ZPAQ – Super Compression or a Cybercriminal’s Tool?
  
  
• David Cowen at the ‘Hacking Exposed Computer Forensics’ blog
  • Daily Blog #744: Sunday Funday 2/9/25
  • Daily Blog #745: Solving the windows hello challenge part 1
  • Daily Blog #746: Solving the windows hello challenge part 2
  • Daily Blog #747: What I look for when reviewing external ips
  • Daily Blog #748: National CCDC 2025
  • Daily Blog #749: Happy Valentines Day
  • Daily Blog #750: Solution Saturday 2/15/25
    
    
• Dr. Neal Krawetz at ‘The Hacker Factor Blog’
  PDF Problems as FotoForensics Turns 13
  
  
• Forensafe
  iOS Discord
  
  
• Ilya Kobzar
  Revisiting ShellBags in Windows 11
  
  
• Vikas Singh
  Mastering PowerShell De-obfuscation – Beyond the Basics
  
  
• Eric Wise at Wise Forensics
  HackTheBox | Unit42
  

THREAT INTELLIGENCE/HUNTING

• Abdulrehman Ali
  Labyrinth Chollima APT Adversary Simulation
  
  
• Adam Goss
  The CTI Team: Roles and Responsibilities You Need
  
  
• Mitch Mayne at Akamai
  Arming the Defenders: A SOTI Report for Those Who Protect the Enterprise
  
  
• Andrew Petrus
  Exposing Hidden Malware Persistence Created by SharpHide
  
  
• Arctic Wolf
  Understanding Account Takeovers
  
  
• ASEC
  • January 2025 Threat Trend Report on APT Attacks (South Korea)
  • CoinMiner Malware Distributed via USB
  • AhnLab EDR Detects CoinMiner Propagated via USB in South Korea
  • Detecting Akira Ransomware Attack Using AhnLab EDR
  • January 2025 Deep Web and Dark Web Trend Report
  • January 2025 Threat Trend Report on Ransomware
  • January 2025 APT Group Trends
  • January 2025 Security Issues in Korean & Global Financial Sector
    
    
• Francis Guibernau at AttackIQ
  Emulating the Financially Motivated Criminal Adversary FIN7 – Part 2
  
  
• Barracuda
  • Akira: Modern ransomware with a retro vibe
  • XDR roundup 2024: Ransomware rises fourfold in a year of complex threats
    
    
• Bitdefender
  • Bitdefender Threat Debrief | February 2025
  • Subnautica 2 Fake Playtest Links Sent as Part of Malicious Campaign
  • PirateFi Game Removed from Steam Library for Pushing Malware
    
    
• Mehmet Ergene at Blu Raven Academy
  Advanced KQL for Threat Hunting: Window Functions — Part 1
  
  
• Brad Duncan at Malware Traffic Analysis
  • 2025-02-10: StrelaStealer infection
  • 2025-02-13: Quick post: ClickFix style infection for Lumma Stealer
    
    
• Brian Krebs at ‘Krebs on Security’
  Nearly a Year Later, Mozilla is Still Promoting OneRep
  
  
• BushidoToken
  Investigating Anonymous VPS services used by Ransomware Gangs
  
  
• Cado Security
  • Cloud vs. On-Prem Forensics: The Differences You Need to Know
  • Forensic Victory: Catching the Ransomware EDR Couldn’t See
    
    
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 08 – 14 febbraio
  
  
• Chainalysis
  Crypto Scam Revenue 2024: Pig Butchering Grows Nearly 40% YoY as Fraud Industry Leverages AI and Increases in Sophistication
  
  
• Check Point
  • 10th February – Threat Intelligence Report
  • January 2025’s Most Wanted Malware: FakeUpdates Continues to Dominate
    
    
• Sahidya Devadoss, Arti Phugat, and Chris Shepherd at Cloudflare
  Automatic Audit Logs: new updates deliver increased transparency and accountability
  
  
• Cofense
  • Stolen Information Used in Personalized Immigration-Themed Attack
  • OAuth Phishing Alert: Fake ‘Adobe Drive X’ App Abusing Microsoft Login
    
    
• Marc Tanner at Compass Security
  Stealthy AD CS Reconnaissance
  
  
• Keith J. Jones at Corelight
  Understand and detect MITRE Caldera with Zeek® | Corelight
  
  
• Radu-Emanuel Chiscariu at CrowdStrike
  Detect Data Exfiltration Techniques with Falcon Next-Gen SIEM
  
  
• Csaba Fitzl at ‘Theevilbit’
  • The diskarbitrationd and storagekitd Audit Story Part 1
  • The diskarbitrationd and storagekitd Audit Story Part 2
    
    
• CyberArmor
  Inside a Malware Campaign: A Nigerian Hacker’s Perspective
  
  
• CyberCX
  CyberCX 2025 Threat Report reveals cyber landscape is changing
  
  
• Cyble
  • New Zealand’s National Cyber Security Centre (NCSC) Reports Surge in Cyber Threats and Vulnerabilities
  • BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites
    
    
• Cyfirma
  Weekly Intelligence Report – 14 Feb 2025
  
  
• Federico Murgia at Cyjax
  Kraken onto the extortion scene: New Kraken DLS emerges
  
  
• Darktrace
  • Defending Against Living-off-the-Land Attacks: Anomaly Detection in Action
  • Why Darktrace / EMAIL excels against APTs
    
    
• Seth Art at Datadog Security Labs
  whoAMI: A cloud image name confusion attack
  
  
• Alex Teixeira at Detect FYI
  Baselines 101: Building Resilient, Frictionless SIEM Detections
  
  
• Disconinja
  日本におけるC2サーバ調査(Week 6 2025)
  
  
• Anthony Johnson at DomainTools
  Using DomainTools and Microsoft Security Copilot to Enhance Domain Intelligence
  
  
• Dr Josh Stroschein
  100 Days of Yara, Yara Rule Tips and The Current State of Email borne Threats with Greg Lesnewich
  
  
• Abdulrahman H. Alamri and Lexie Mooney at Dragos
  Dragos Industrial Ransomware Analysis: Q4 2024 
  
  
• Arda Büyükkaya at EclecticIQ
  Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
  
  
• Elastic Security Labs
  • Linux Detection Engineering – Approaching the Summit on Persistence Mechanisms
  • You’ve Got Malware: FINALDRAFT Hides in Your Drafts
  • From South America to Southeast Asia: The Fragile Web of REF7707
    
    
• Elliptic
  Sanctions Imposed on Lockbit Ransomware’s Russian Hosting Provider
  
  
• Flashpoint
  Phobos Ransomware Affiliates Arrested in Coordinated International Disruption
  
  
• Shunichi Imano and Fred Gutierrez at Fortinet
  Ransomware Roundup – Lynx
  
  
• Tim Berghoff at G Data Security
  Malware from fake recruiters
  
  
• Gen
  Gen Q4/2024 Threat Report
  
  
• Google Cloud Security Community
  Q4 24 GTI updates
  
  
• Google Cloud Threat Intelligence
  Cybercrime: A Multifaceted National Security Threat
  
  
• GreyNoise
  • New Exploitation Surge: Attackers Target ThinkPHP and ownCloud Flaws at Scale
  • GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)
    
    
• Vito Alfano, Nam Le Phuong, Mahmoud Zohdy, and Pietro Albuquerque at Group-IB
  RansomHub Never Sleeps Episode 1: The evolution of modern ransomware
  
  
• Raj at Hacking Articles
  Shadow Credentials Attack
  
  
• HackTheBox
  Ransomware readiness: here is what we learned from 1,400+ players
  
  
• Harfanglab
  Further insights into Ivanti CSA 4.6 vulnerabilities exploitation
  
  
• Hunt IO
  • Advanced Threat Hunting with New SSL Features: Unlocking HuntSQL™ Anomaly Flags for Deeper Detection
  • Tracking Pyramid C2: Identifying Post-Exploitation Servers in Hunt
    
    
• Huntress
  • The Huntress Cyber Insurance Trends Report [2025] | Huntress
  • 6 Months of Researching OAuth Application Attacks | Huntress
  • 2025 Cybersecurity Threat Report: Proliferating RATs, Evolving Ransomware, and Other Findings | Huntress
    
    
• InfoSec Write-ups
  • SOC335 — CVE-2024-49138 Exploitation Detected
  • Understanding Windows Registries: A Deep Dive
  • SOC336 — Windows OLE Zero-Click RCE Exploitation Detected (CVE-2025–21298)
  • Tusk Infostealer Lab — CyberDefenders
  • Cloud Incident Readiness: A Practical Playbook for CISOs and Teams
    
    
• Jeffrey Appel
  How to check for OAuth apps with specific Graph permissions assigned
  
  
• Jesse Martin-Alexander at Kasada
  What We Learned From Infiltrating 22 Credential Stuffing Crews
  
  
• KELA Cyber Threat Intelligence
  No, OpenAI Wasn’t Breached—The Real Threat Comes from Infostealers
  
  
• Lab539
  2024’s AiTM Activity In Numbers
  
  
• Daniel Jeremiah
  Using Velociraptor to Detect and Hunt for Affected Systems: Unknown Malware Analysis
  
  
• Microsoft Security
  • Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series
  • The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
  • Storm-2372 conducts device code phishing campaign
    
    
• Oleg Skulkin at ‘Know Your Adversary’
  • 040. Kimsuky Abuses RDP Wrapper in a Recent Campaign
  • 041. BadIIS: Hunting and Detection
  • 042. Is It Easy to Detect Trojanized Microsoft KMS Activation Tools Used By Sandworm?
  • 043. Strela Stealer: Detecting WebDAV Abuse
  • 044. Seashell Blizzard Detection: That Easy?
  • 045. Adversaries Abuse Trusted Developer Utilities for Proxy Execution
  • 046. RedCurl Abuses PowerShell for Collection and Exfiltration: Detection Opportunities
  • 047. Qilin Ransomware Gang Abuses RSAT to Enable Discovery
    
    
• Orange Cyberdefense
  PsExec’ing the right way and why zero trust is mandatory
  
  
• OVHcloud
  Enhancing Kubernetes Security: Detecting Threats in OVHcloud Managed Kubernetes cluster (MKS) Audit Logs with Falco
  
  
• Praetorian
  Azure RBAC Privilege Escalations: Azure VM
  
  
• Proofpoint
  Emerging Threats Updates Improve Metadata, Including MITRE ATT&CK Tags
  
  
• Qi’anxin X Lab
  顶级域名ai.com认证Deepseek? ai.com的前世今生
  
  
• Recorded Future
  • RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers
  • Inside the Scam: North Korea’s IT Worker Threat
  • 6 Threat Intelligence Outlooks and Strategies for 2025
    
    
• Red Alert
  Monthly Threat Actor Group Intelligence Report, November 2024 (JPN)
  
  
• Tony Lambert and Phil Hagen at Red Canary
  Defying tunneling: A Wicked approach to detecting malicious network traffic
  
  
• Gautham Ashok at ReliaQuest
  Threat Landscape Report: Uncovering Critical Cyber Threats to Manufacturing Sector
  
  
• SANS Internet Storm Center
  • 
Reminder: 7-Zip & MoW, (Mon, Feb 10th)
  • An ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure, (Wed, Feb 12th)
  • DShield SIEM Docker Updates, (Thu, Feb 13th)
  • The Danger of IP Volatility, (Sat, Feb 15th)
  • Fake BSOD Delivered by Malicious Python Script, (Fri, Feb 14th)
    
    
• Securonix
  Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
  
  
• Sarah Gooding at Socket
  Ransomware in 2024: Record-Low Payment Rate Signals Changing Economics of Cybercrime
  
  
• SOCRadar
  • Dark Web Profile: Fog Ransomware
  • Top 10 Advanced Persistent Threat (APT) Groups That Dominated 2024
    
    
• Symantec Enterprise
  China-linked Espionage Tools Used in Ransomware Attacks
  
  
• Matt Kim at Sysdig
  Cloud invaders: Spotting compromised users before it’s too late
  
  
• THOR Collective Dispatch
  • The Case for Thrunting
  • See Evil, Thrunt Evil – Modeling Behaviors is a Critical Thrunting Prerequisite
    
    
• TRAC Labs
  Don’t Ghost the SocGholish: GhostWeaver Backdoor
  
  
• Charlie Gardner, Steven Adair, and Tom Lancaster at Volexity
  Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
  

UPCOMING EVENTS

• Black Hills Information Security
  • Light at the End of the Dark Web w/ Joseph
  • BHIS – Talkin’ Bout [infosec] News 2025-02-17 #livestream #infosec #infosecnews
    
    
• Eclypsium
  Top Firmware Attack Vectors: Supply Chain Security’s Missing Link
  
  
• Magnet Forensics
  • Cyber Unpacked S1:E5 // Forensics in the Cloud: Risks, rewards, and realities for businesses
  • AI-powered media investigation in Magnet Griffeye: Get to the vital evidence faster
    
    
• SANS
  SANS Threat Analysis Rundown with Katie Nickels | February 2025
  

PRESENTATIONS/PODCASTS

• Ali Hadi
  C5W Webinar Series – IoT Forensics with Tom Claflin
  
  
• Archan Choudhury at BlackPerl
  Incident Response Training with Splunk- Business Email Compromise, QR Phishing
  
  
• Arda Büyükkaya
  Detection Engineering with SIGMA Rule
  
  
• Behind the Binary by Google Cloud Security
  EP05 Saumil Shah – From Black Hat to RingZer0: Shaping the World of Reverse Engineering
  
  
• Black Hills Information Security
  • 5 Things We Are Going to Continue to Ignore in 2025
  • REKAST – Talkin’ Bout [infosec] News 2025-02-05 #infosecnews #cybersecurity #podcast #podcastclips
    
    
• Breaking Badness
  Zero Trust, Secure Coding & Developer Incentives: Tanya Janca on AppSec’s Biggest Challenges
  
  
• Cellebrite
  Tip Tuesday: The Learning Hub
  
  
• Cloud Security Podcast by Google
  EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real “Oh No!” Moments
  
  
• Getting Defensive Podcast
  Getting Defensive With Derek Held
  
  
• Huntress
  Threat Actors LOVE These Trends and Tactics | Tradecraft Tuesday
  
  
• InfoSec Deep Dive
  Attacker’s Mistakes and Proactive Defense
  
  
• InfoSec_Bret
  Challenge – Linux Downloader
  
  
• LaurieWired
  History of Valentine’s Day Malware (2001-2022)
  
  
• Magnet Forensics
  Mobile Unpacked S3:E2 // apples, onions, and ogres: dealing with layered iOS data structures
  
  
• MSAB
  Speech to Text Revisited
  
  
• MyDFIR
  • FREE SOC Analyst Projects For Your RESUME
  • A Scandal in Valdoria | MyDFIR KQL Series | Part 1 & 2
    
    
• Off By One Security
  • Ungarble: Deobfuscating Golang with Binary Ninja! …with Josh Reynolds
  • How to be a stealthier hacker! …with Ryan Chapman
    
    
• Sandfly Security
  • SSH Lateral Movement Attack and Key Threats on Linux Webinar
  • Obsolete Linux Password Hash Threats
    
    
• The Cyber Mentor
  • LIVE: Blue Team | MyDFIR | AMA | Cybersecurity
  • How I Got Malware From Discord!
    
    
• The Microsoft Security Insights Show
  The Microsoft Security Insights Show Episode 246 – Sergey Chubarov
  
  
• Three Buddy Problem
  An ‘extremely sophisticated’ iPhone hack; Google flags major AMD microcode bug
  
  
• Uriel Kosayev
  Reverse Engineering ARM based Mirai Botnet
  

MALWARE

• Cryptax
  Reversing an (unpacked) Prometei binary with r2 and AI — Part Two
  
  
• Esentire
  Unraveling the Many Stages and Techniques Used by RedCurl/EarthKapre APT
  
  
• Netskope
  • New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs
  • Telegram Abused as C2 Channel for New Golang Backdoor
    
    
• Ovi Liber
  Targeted Threats Research – South & North Korea (a breakdown of 3 years of threat research in Korea)
  
  
• Pierre Le Bourhis at Sekoia
  RATatouille: Cooking Up Chaos in the I2P Kitchen
  
  
• Sucuri
  • Magento Credit Card Stealer Disguised in an <img> Tag
  • Hidden Backdoors Uncovered in WordPress Malware Investigation
    
    
• ZScaler
  Technical Analysis of Xloader Versions 6 and 7 | Part 2
  

MISCELLANEOUS

• 4n6ir
  • Security version of “ls” a.k.a. “dir” command
  • Current State of CloudWatch Logs for an Organization
    
    
• Any.Run
  • How to Track Advanced Persistent Threats
  • Threat Intelligence Reports: Get Fresh Research on the Latest Cyber Attacks and APTs
    
    
• Cellebrite
  Value of AI, Cloud Solutions Reign in Cellebrite’s 2025 Annual Industry Trends Survey 
  
  
• Chainalysis
  Introducing the Chainalysis Asset Seizure Certification: A Game-Changer for Law Enforcement
  
  
• Fabian Mendoza at DFIR Dominican
  DFIR Jobs Update – 02/10/25
  
  
• Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
  Bridging the eDiscovery Gap
  
  
• Forensic Focus
  • Detego Global To Host Exclusive Webinar On Digital Investigations For UK Public Sector
  • DFIR In 2025 – AI, Smart Devices And Investigator Well-Being
  • Mobile Forensics: A Short Guide to Digital Evidence Recovery from Mobile Devices
    
    
• OSINT Team
  • Digital Forensics Analyst: Role, Responsibilities, and Essential Skills
  • MITRE ATT&CK in Action: Mapping TTPs & Data Sources for Real-World Threat Detection
    
    
• Oxygen Forensics
  How to Extract Android Data with Android Agent
  
  
• Salvation DATA
  Axon Evidence: Streamlined Digital Evidence Management
  
  
• SANS
  • Choose Your Malware Analysis Adventure: FOR610 or FOR710?
  • Strengthening Cyber Defenses for Critical Infrastructure – Introducing the New SANS ICS Practice Area
  • Breaking the Grid: Automating Offensive Strategies in OT Security with CALDERA
    
    
• Security Onion
  External API for Security Onion Pro Customers
  
  
• SJDC
  Phone Hacking and Spyware: Warning Signs & What to Do Next
  
  
• Sumuri
  • Portable T356789iu Forensic Bridge: Transforming Digital Investigations
  • The Power of Dual Systems: Why Dual Boot is a Game-Changer
    
    
• The Metadata Perspective
  Examining the United States v. Ladonies P. STRONG Case
  
  
• Rod Trent, Brodie Cassell, Edward Walton, And Raae Wolfram at The Microsoft Security Insights Show
  Women in Cybersecurity Month: Celebrating Contributions and Promoting Diversity
  
  
• UnderDefense
  SOC Performance Unplugged: Understanding MTTD, MTTA&A, MTTR, and more
  

SOFTWARE UPDATES

• Acelab
  The New Software Update: PC-3000 Ver. 7.6.12, Data Extractor Ver. 6.6.9, PC-3000 SSD Ver. 3.6.2 has been released
  
  
• Airbus Cybersecurity
  IRIS-Web v2.4.20
  
  
• Amped
  Amped Replay Update 36167: Create Custom Bookmarks, Expand Audio Redaction Intervals, Export to MKV and More!
  
  
• Brian Maloney
  OneDriveExplorer Offline Mode Edition
  
  
• Canadian Centre for Cyber Security
  Assemblyline Release 4.5.0.74
  
  
• Crowdstrike
  Falconpy Version 1.4.7
  
  
• Didier Stevens
  • Update: Python Templates Version 0.0.12
  • Update: cs-decrypt-metadata.py Version 0.0.5
    
    
• Digital Sleuth
  winfor-salt v2025.3.10
  
  
• Falco
  Blog: Falco Talon v0.3.0
  
  
• Google
  Timesketch 20250112
  
  
• Hasherezade
  hollows_hunter v0.4.1
  
  
• Kevin Stokes
  Tool Fetcher
  
  
• MISP
  Latest misp-stix Release: Enhanced Support for Analyst Data
  
  
• MSAB
  Now available: XRY 10.12.1
  
  
• Passmark Software
  OSForensics V11.1 build 1001 10th February 2025
  
  
• Phil Harvey
  ExifTool 13.19
  
  
• PuffyCid
  Artemis v0.12.0 – Released!
  
  
• Security Onion
  Security Onion 2.4.120 now available including lots of new features and updates!
  
  
• Xways
  • X-Ways Forensics 21.3 SR-9
  • X-Ways Forensics 21.4 Beta 6
    

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!