As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Akash Patel
  • Google Chrome Forensics: Analyzing History and cache
  • Browser Forensics: Uncovering Digital Clues
  • Understanding Chrome’s Data Storage and Session Recovery : What Your Browser Remembers
  • Understanding Browser Storage and Chrome’s Preferences File for Forensic Investigations
  • Understanding Chrome Synchronization: A Digital Forensics Perspective
  • Investigating Chromium-Based Browsers: A Forensic Guide/Browser analysis Book
  • Firefox Browser Forensics Series: Lets Start
  • Firefox Browser History for Forensic Investigations

• Belkasoft
  Windows Registry: Structure, Forensic Challenges, and Acquisition

• Christopher Eng at Ogmini
  • Magnet Virtual Summit 2025 CTF – AAR “The masked singer”
  • Zeltser Challenge – Second Month Accomplishments
  • Magnet Virtual Summit 2025 CTF – AAR “All of my work is gone!”
  • Expectations vs Reality – Digital Forensic Science Master’s Degree Part 4
  • Release – Windows Notepad Parser v1.0.3
  • picoCTF
  • Windows Notepad – Rewrite / AI

• David Cowen at the ‘Hacking Exposed Computer Forensics’ blog
  • Daily Blog #765: Sunday Funday 3/2/25
  • Daily Blog #766: Surviving the breach Episode 0
  • Daily Blog #767: Forensic Lunch Test Kicthen – unit tests and documentation
  • Daily Blog #768: HTCIA Boston April 8, 2025
  • Daily Blog #769: Forensic Lunch Test Kitchen
  • Daily Blog #770: Forensic Lunch Test Kitchen 3/7/25
  • Daily Blog #771: Solution Saturday 3/8/25

• Digital Forensics Myanmar
  Low Budget, High Impact Digital Forensics Investigation

• Django Faiola at ‘Appunti di Informatica Forense’
  iOS BeReal – Photos & Friends Daily

• Forensafe
  Android Gallery Vault

• Joshua Goddard at Google Cloud Threat Intelligence
  Not Lost in Translation: Rosetta 2 Artifacts in macOS Intrusions

• Kevin Pagano at Hexordia
  • Magnet Virtual Summit 2025 CTF – Android
  • Magnet Virtual Summit 2025 CTF – iOS
  • Magnet Virtual Summit 2025 CTF – Android Takeout

• Invictus Incident Response
  Deep Dive: Forensic Analysis of eM Client

• Kevin Pagano at Stark 4N6
  • Magnet Virtual Summit 2025 CTF – Windows
  • Tracking Hardware & Software via Apple Health

• Lorena Carthy-Wilmot
  Live system analysis with FSEventsParser by mac4n6

• Melissa at Sketchymoose’s Blog
  Gotta Captcha Them All!

• ThinkDFIR
  Sunday Funday – Searching for searching
  

THREAT INTELLIGENCE/HUNTING

• Faan Rossouw at Active Countermeasures
  Malware of the Day – IPv6 Address Aliasing

• Adam at Hexacorn
  Hunting for the warez & other dodgy stuff people install / download, part 2

• Adan Alvarez
  DIY — Evaluating AWS Native Approaches for Detecting Suspicious API Calls

• Arctic Wolf
  Breaking Down Ransomware-as-a-Service

• Ayelen Torello at AttackIQ
  Emulating the Relentless RansomHub Ransomware

• Barracuda
  • Living Off the Land: How threat actors use your system to steal your data
  • Black Basta’s rapid collapse

• Bitdefender
  FunkSec: An AI-Centric and Affiliate-Powered Ransomware Group

• Lawrence Abrams at BleepingComputer
  Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware

• Brad Garnett
  Brad Bits: March 4, 2025 (CyberLawCon)

• Brian Krebs at ‘Krebs on Security’
  • Who is the DOGE and X Technician Branden Spikes?
  • Feds Link $150M Cyberheist to 2022 LastPass Hacks

• Cado Security
  • Cado’s 2024 Threat Report: Key Findings and Emerging Trends
  • Detecting S3 Ransomware Attacks: Insights from Cado’s Analysis
  • Evolving Your Incident Response: Best Practices to Continuously Improve

• CERT-AGID
  • Lumma Stealer e ClickFix: accoppiata malevola di nuovo in azione abusando di un dominio .it
  • Sintesi riepilogativa delle campagne malevole nella settimana del 1 – 7 marzo

• Check Point
  • 3rd March – Threat Intelligence Report
  • Unmasking Hacktivist Groups: A Modern Approach to Attribution

• CISA
  FBI Warns of Data Extortion Scam Targeting Corporate Executives

• Chetan Raghuprasad at Cisco’s Talos
  Unmasking the new persistent attacks on Japan

• Kahng An at Cofense
  LinkedIn InMail-Spoofing Email Delivers ConnectWise RAT

• Eldon Koyle at Corelight
  Threat Hunting at SCinet: Challenges & Insights | Corelight

• CrowdStrike
  • Intelligence-Led Threat Hunting: The Key to Fighting Cross-Domain Attacks
  • Byte Back: Next-Generation Malware Classification Using Binary Transformers

• Vasilis Orlof at Cyber Intelligence Insights
  Prospering Lumma

• Oleg at Cybercrime Diaries
  Black Basta Chat Leak – Organization and Infrastructures

• CyberCX
  CyberCX report reveals growing risk of cyber attacks against health organisations

• Cyble
  • Fraud and Ransomware Dominate Malaysia’s Q4 2024 Cybersecurity Report
  • February Sees Record-Breaking Ransomware Attacks, New Data Shows
  • Phantom-Goblin: Covert Credential Theft and VSCode Tunnel Exploitation
  • UAC-0173 Resumes Cyberattacks Against Ukrainian Notary Offices Using DARKCRYSTALRAT Malware
  • U.S. Indictments Shed Light on i-Soon Hacking Tools, Methods

• Cyfirma
  Weekly Intelligence Report – 07 Mar 2025

• Danny Zendejas
  Threat Model: SIM Swapping Revisited

• Dark Atlas
  Identity Reveal: The Threat Actor Behind ZATCA SAUDI ARABIA Leaks

• Darktrace
  • From Containment to Remediation: Darktrace / CLOUD & Cado Reducing MTTR
  • Darktrace’s Early Detection of the Latest Ivanti Exploits

• Sergio Albea at Detect FYI
  Detecting Base64 Code in Commands

• Marc-Andre Moreau at Devolutions
  Using RDP without leaving traces: the MSTSC public mode

• Disconinja
  日本におけるC2サーバ調査(Week 9 2025)

• Asuka Nakajima at Elastic Security Labs
  Detecting Hotkey-Based Keyloggers Using an Undocumented Kernel Data Structure

• Esentire
  Initial Takeaways from the Black Basta Chat Leaks

• Flashpoint
  Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns

• David French at Google Cloud Security Community
  Community-Driven Detection Content for Google SecOps

• GreyNoise
  • GreyNoise Detects Active Exploitation of Silk Typhoon-Linked CVEs
  • GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign

• GuidePoint Security
  • Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
  • Breaking Basta: Insights from Black Basta’s Leaked Ransomware Chats

• Alon Gal at Hudson Rock
  AI’s Role in Turning Massive Data Leaks into Hacker Paydays: A Look at the Orange Breach

• Hunt IO
  Exposing Russian EFF Impersonators: The Inside Story on Stealc & Pyramid C2

• Huntress
  • Uncover Tomorrow’s Cyber Threats Today | Huntress
  • Detect and Eliminate Persistent Malware Before It Wreaks Havoc | Huntress
  • Cybersecurity Threats in Healthcare [2025 Report] | Huntress

• Renée Burton at Infoblox
  Survey Says…It’s a Scam!

• InfoSec Write-ups
  • LetsDefend — PCAP Analysis — Challenge — [Write-Up]
  • SURIKATA: Stopping Insider Threats Before They Strike
  • ⭐SOC334 — Apache Tomcat RCE Exploitation Detected (CVE-2024–50379)
  • SOC329 — CUPS RCE Detection via IPP Injection (CVE-2024–47177)
  • ⭐ SOC321 — Windows Defender Evasion Attempt

• Intel 471
  • Black Basta exposed: A look at a cybercrime data leak
  • Update: Black Basta Ransomware and Threat Group

• Jake Williams
  Stop Tracking Russian Cyber? That’s Not How Anything Works…

• Stan Kaminsky at Kaspersky Lab
  What to collect on computers for monitoring complex threats

• KELA Cyber Threat Intelligence
  Black Basta Leak: New Findings Reveal Victim Details

• Kevin Beaumont at DoublePulsar
  Use one Virtual Machine to own them all — active exploitation of ESXicape

• Ugur Koc and Bert-Jan Pals at Kusto Insights
  Kusto Insights – February Update

• Malwarebytes
  PayPal scam abuses Docusign API to spread phishy emails

• Microsoft Detection Deep Dives
  Microsoft Logs Missing for Hours After Attack

• Microsoft Security
  • Silk Typhoon targeting IT supply chain
  • Malvertising campaign leads to info stealers hosted on GitHub

• Natto Thoughts
  Where is i-SOON Now?

• Nisos
  DPRK IT Fraud Network Uses GitHub to Target Global Companies

• Oleg Skulkin at ‘Know Your Adversary’
  • 061. DONOT Team Has a Presentation for You
  • A Few Ways to Detect a Dumping Tool from a Ransomware Gang’s Toolset
  • 063. Kimsuky Abuses Control Panel Items to Evade Detection
  • 064. Books on Cyber Threat Intelligence I Like Most
  • 065. Detecting App Bound Encryption Bypass and VSCode Abuse
  • 066. Detecting Bore – Another Tunneling Tool in Adversary’s Kit
  • 067. Detecting Ransomware Deployment Tools: PDQ Inventory and Deploy

• Orange Cyberdefense
  Diving Into AD CS: Exploring Some Common Error Messages

• Outpost24
  Unveiling EncryptHub: Analysis of a multi-stage malware campaign

• Palo Alto Networks
  • Uncovering .NET Malware Obfuscated by Encryption and Virtualization
  • Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems
  • The Next Level: Typo DGAs Used in Malicious Redirection Chains

• Palo Alto Networks
  2025-03-04 (Tuesday): Group Claiming to Be BianLian Sends Paper-Based Extortion Letters via Postal Service

• Plainbit
  360XSS

• Positive Technologies
  Positive Technologies experts uncover new malware campaign in the Middle East

• Practical Security Analytics
  Bypassing AMSI and Evading AV Detection with SpecterInsight

• Proofpoint
  Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware

• Pietro Melillo at Red Hot Cyber
  • A New Dark Actor Enters the Criminal Underground. Discovering Skira Ransomware
  • Possible breach at Ukraine’s Ministry of Foreign Affairs: the Qilin Ransomware group claims responsibility for the attack

• S-RM
  Camera off: Akira deploys ransomware via webcam

• Safe{Wallet}
  Investigation Updates and Community Call to Action

• Katie Nickels at SANS
  SANS Threat Analysis Rundown in Review: Breaking Down February 2025’s Top Threats

• SANS Internet Storm Center
  • Mark of the Web: Some Technical Details, (Mon, Mar 3rd)
  • Romanian Distillery Scanning for SMTP Credentials, (Tue, Mar 4th)
  • Tool update: mac-robber.py, (Tue, Mar 4th)
  • DShield Traffic Analysis using ELK, (Thu, Mar 6th)

• Securelist
  • Mobile malware evolution in 2024
  • Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool
  • Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

• Sekoia
  Detection engineering at scale: one step closer (part three)

• SOCRadar
  • Kenya’s Cyber Threat Landscape: The Rising Risks and How to Stay Ahead
  • Dark Web Profile: Ghost (Cring) Ransomware

• Garrett Foster at SpecterOps
  Decrypting the Forest From the Trees

• Spellzed
  The Bear Necessities

• SquareX Labs
  Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension

• Sam Scholten at Sublime Security
  Base64-encoding an SVG attack within an iframe and hiding it all in an EML attachment

• Symantec Enterprise
  Medusa Ransomware Activity Continues to Increase

• Théo Letailleur at Synacktiv
  Etude de cas : Comment Hunters International et ses affiliés ciblent vos hyperviseurs

• THOR Collective Dispatch
  • A DEATHCON Thrunting Workshop Overview Part 5: Model-Assisted Threat Hunting (M-ATH)
  • A Case for Loving Documentation

• Trend Micro
  • Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
  • From Event to Insight: Unpacking a B2B Business Email Compromise (BEC) Scenario

• Trustwave SpiderLabs
  • The Russia-Ukraine Cyber War Part 3: Attacks on Telecom and Critical Infrastructure
  • A Deep Dive into Strela Stealer and how it Targets European Countries
  • Russian State Actors: Development in Group Attributions

• Valery Rieß-Marchive at LegMagIT
  Ransomware: from REvil to Black Basta, what do we know about Tramp?

• Joseph Avanzato at Varonis
  Salt Typhoon: The Threat Group Behind Major Cyberattacks

• VMRay
  • DLL Sideloading: What It Is and How to Detect It
  • What is SEO Poisoning? A Growing Threat to Cybersecurity
  • Malware & Phishing Threat Landscape Report – 2024/2

• Шифровальщики-вымогатели The Digest “Crypto-Ransomware”
  FXLocker

• 위협분석보고서-genians
  비상계엄 테마 APT 공격과 Kimsuky 그룹 연관성 분석
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2025-03-10 #livestream #infosec #infosecnews

• Cellebrite
  • What the Trends Tell us About the Future of Digital Forensics
  • Innovative Search Solutions: Mastering Cellebrite Smart Search

• Sebastian Weigmann at DFRWS
  DFRWS Jubilee – 25th Anniversary

• Huntress
  Tradecraft Tuesday | The Most Boring (Not Really) Tradecraft Tuesday Ever

• SANS
  The State of Ransomware Payments

• David McGuire at SpecterOps
  Fueling the Fight Against Identity Attacks
  

PRESENTATIONS/PODCASTS

• Alexis Brignoni
  Digital Forensics Now Podcast – S2 E9

• Archan Choudhury at BlackPerl
  Threat Hunting Course with Splunk- Ghost Ransomware

• Behind the Binary by Google Cloud Security
  EP06 Duncan Ogilvie – Piano Tuning & Debugging: The Story of x64dbg

• Black Hat
  Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign

• Black Hills Information Security
  • Light at the End of the Dark Web
  • REKAST – Talkin’ Bout [infosec] News 2025-03-03 #infosecnews #cybersecurity #podcast #podcastclips

• BlueMonkey 4n6
  Magnet Virtual Summit – Capture The Flag – May 2025 – Cipher

• Breaking Badness
  Building a Hacker Conference from Scratch: The Wild Origins of ShmooCon

• Cellebrite
  Tip Tuesday: Inseyets Explained

• Cloud Security Podcast by Google
  EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

• Cyber Social Hub
  The Spreadsheet Struggle: Why Forensics Teams Are Ditching Excel for Good

• Eclypsium
  BTS #46 – Black Basta – Threat Intelligence Insights

• Hacker Valley Blue
  • KC7: A Free Online Cybersecurity Game
  • Cyber Warfare, Digital Deception, and the Hidden Threats We Ignore with Dr. Eric Cole

• Huntress
  SOC Incident Walkthrough: Lateral Movement & VPN Compromise

• InfoSec_Bret
  Challenge – NTFS Forensics

• Jai Minton
  I found MALWARE inside of MUSIC! (Octowave Steganography Malware Analysis)

• John Dwyer
  Analyzing a JavaScript CryptoJS Encrypted Phish

• John Hammond
  • the tools that real hackers use
  • TECH SUPPORT GONE WRONG

• Karsten Hahn at Malware Analysis For Hedgehogs
  Malware Analysis – Unpacking Lumma Stealer from Emmenhtal and Pure Crypter

• Matthew Plascencia
  • MVS CTF Android Challenges | Magnet CTF 2025 Part 2
  • MWS CTF Chromebook Challenges | MVS 2025 CTF Part 3

• Microsoft Threat Intelligence Podcast
  Malvertising Campaign Leads to Info Stealers Hosted on Github

• MSAB
  Available Resources

• MyDFIR
  TryHackMe Security Analyst Level 1 (SAL1) Certification | Is It Good?

• Paraben Corporation
  • E3 Volatility Import Analysis
  • Presentation of Data from Smartphones
  • Analysis of Data from Smartphones
  • Acquiring Data from Smartphones

• Sandfly Security
  • Sandfly 5.3.1 – Video Overview
  • Linux Password Hash Risks and Security Overview

• SANS
  SANS APAC DFIR Summit 2025 (Japanese)

• SentinelOne
  LABScon24 Replay | Farmyard Gossip: The Foreign Footprint in US Agriculture

• The Microsoft Security Insights Show
  • The Microsoft Security Insights Show Episode 249 – Femke Cornelissen
  • The Microsoft Security Insights Show Episode 250 – Laura Buska

• Threat Forest
  Kuulumisia ja kokemuksia DFIR tutkinnan haasteista

• Three Buddy Problem
  Revisiting the Lamberts, i-Soon indictments, VMware zero-days

• Triskele Labs
  TL Blue | Episode 14
  

MALWARE

• AK1001
  Analyzing RL Stealer: A Variant of 44Caliber and StormKitty Malware

• John Dwyer and Eric Gonzalez at Binary Defense
  Analysis of a JavaScript-based Phishing Campaign Targeting Microsoft 365 Credentials

• Vlad Babkin at Eclypsium
  Inside Black Basta Ransomware Group’s Chat Leak

• Yurren Wan at Fortinet
  Havoc: SharePoint with Microsoft Graph API turns into FUD C2

• Arvin Lauren Tan, John Rey Dador, and Arvin Jay Bandong at G Data Software
  Booking a Threat: Inside LummaStealer’s Fake reCAPTCHA

• Chuong Dong at Google Cloud Threat Intelligence
  GoStringUngarbler: Deobfuscating Strings in Garbled Binaries

• Dhanush and Arun Kumar S at K7 Labs
  Tracking Emmenhtal

• malwr4n6
  macOS Malware Analysis : PKG Files

• Resecurity
  DragonForce Ransomware – Reverse Engineering Report

• RevEngAI
  LummaStealer: More Tricks, More Trouble (Part 2)

• Socket
  • Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems
  • New PyPI Malware ‘set-utils’ Exfiltrates Ethereum Private Keys Through Blockchain Transactions

• Puja Srivastava at Sucuri
  Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign
  

MISCELLANEOUS

• Aviv Yaniv
  Walk Through Guide for Kusto Detective Agency Season Digibus Real-Time Crisis

• Brett Shavers at DFIR.Training
  Don’t turn your back on AI in DF/IR

• Oleg Afonin at Elcomsoft
  NVIDIA GeForce RTX 5090 Power Connectors Melting Again

• Florian Roth
  The Lost Art of Careful Craftsmanship: Lessons from My Uncle’s Workshop

• Forensic Focus
  • MD-Series 2024 Release Note Recap: A Year Of Innovation At GMDSOFT
  • Digital Forensics Round-Up, March 05 2025
  • Amped Software AFCE Certification & Training Classes: Master The Science Beyond The Software
  • Forensic Focus Digest, March 07 2025

• HackTheBox
  Tracks are leveling up: New paths, same hands-on learning

• Jelle Hol at Hunt & Hackett
  Automating alert handling in the SOC

• Tomoya Kamei at JPCERT/CC
  JSAC2025 -Day 1-

• Magnet Forensics
  • Magnet Forensics is proud to win two 2025 Cybersecurity Excellence Awards 
  • Overcoming key challenges in remote data collection for enterprises

• Netenrich
  7 Cybersecurity Monitoring Tools Every SOC Analyst Should Master

• Oxygen Forensics
  • Reflecting on 25 years of Oxygen Forensics Innovation
  • Automatic Detection of Connected Devices

• Amber Schroader at Paraben Corporation
  The Evolution of OSINT: Introducing the New Plessas Digital Knowledge Base

• Dylan Solomon at Red Canary
  Dive into the Red Canary Security Data Lake

• Robert M. Lee
  Back in Military Service – From Blue to Green

• Salvation DATA
  Cybersecurity and Digital Forensics-Their Critical Link
  

SOFTWARE UPDATES

• Cellebrite
  Productivity Reaches New Heights with the Latest Release of Inseyets

• Cellebrite
  Now Available: Cellebrite Inspector 10.10

• Didier Stevens
  • Update: zoneidentifier.exe Version 0.0.2
  • Update: oledump.py Version 0.0.79
  • Update: 1768.py Version 0.0.23
  • Update: pdfid.py Version 0.2.10
  • Update: pdf-parser.py Version 0.7.11

• Digital Sleuth
  winfor-salt v2025.3.16

• Doug Metz at Baker Street Forensics
  MalChela – A YARA and Malware Analysis Toolkit written in Rust

• Mahmoud Swelam
  HunterM – macOS Forensics

• Mandiant
  Capa v9.1.0

• Mazars Tech
  AD_Miner v1.8.1

• Michael Haag
  • ShellBag Hunter
  • Prefetch Hunter
  • PCA Analyzer

• OpenCTI
  6.5.5

• Orange Cyberdefense
  InvokeADCheck – A PowerShell Module for Assessing Active Directory

• Securizame
  LinTriage: La herramienta de Triage para el «DFIRer» en Linux

• Xways
  • Miscellaneous
  • X-Ways Forensics 21.4 SR-2
  • X-Ways Forensics 21.5 Preview 3

• Phil Harvey
  ExifTool 13.24
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!