Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ClearSky: Q1 2020 Summary and Threat Assessment
- Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
- Top Attacks Against Financial Services Organizations 2017–2019
- Shade Ransomware Team Ceases Operation and Releases Decryption Keys
- Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests
- Kaspersky: APT trends report Q1 2020
- US CERT: Alert (AA20-120A) Microsoft Office 365 Security Recommendations
- Analysis of Ransomware Outbreak in March 2020
- Honeysploit: Exploiting the Exploiters
- The Lawfare Podcast: Thomas Rid on ‘Active Measures,’ Part 1
- Linux home directory management is about to undergo major change
- COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned
Threat Research
- TrickBot Campaigns Targeting Users via Department of Labor FMLA Spam
- Stomping Shadow Copies – A Second Look Into Deletion Methods
- WebMonitor RAT Bundled with Zoom Installer
- Upgraded Aggah malspam campaign delivers multiple RATs
- EventBot: A New Mobile Banking Trojan is Born
- PerSwaysion Campaign
- Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
- An old enemy – Diving into QBot part 2
- “Asnarök” Trojan targets firewalls
- Zloader Malicious Excel File analysis
- Quick analysis on Powershell Dridex Loader
- Malware analysis: nspps, a Go RAT/Backdoor
Tools and Tips
- Did Someone Say Data Analytics? – Integrating Jupyter Notebooks with Splunk Enterprise
- The Many Paths Through Maze
- Staying Off the Land: A Threat Actor Methodology
- Collecting IOCs from IMAP Folder
- Lateral Movement with Secure Shell (SSH)
- Finding evil in AWS: A key pair to remember
- Excelerating Analysis, Part 2 — X[LOOKUP] Gon’ Pivot To Ya
- SysmonSearch v2.0 Released
- AutoIT Extractor – View and Extract Resources in an AutoIT Compiled Executable
- The DGA of Zloader
- Analysis of Apple Unified Logs: Quarantine Edition [Entry 4] – It’s Login Week!
- BYOM – Build Your Own Methodology (in Mobile Forensics)
- Old Tricks Are Always Useful: Exploiting Arbitrary File Writes with Accessibility Tools
- Use Ghidra to Decrypt Strings of KpotStealer Malware
- Reconstructing User Activity for Forensics with FeatureUsage
- Hunting for Beacons
- threatnote.io | Cyber Threat Intelligence Notebook
- Guy’s 30 Reverse Engineering Tips & Tricks
- Splunk Attack Range in a virtualized Ubuntu Guest VM — Guide
- S2AN: Sigma2AttackNet – Mapper of Sigma Rules > MITRE ATT&CK
- XLMMacroDeobfuscator 0.1.0
- YARA version 4.0 released
- Master of RATs – How to create your own Tracker
Breaches, Government, and Law Enforcement
- Executive Order on Securing the United States Bulk-Power System
- Hacker leaks 15 million records from Tokopedia, Indonesia’s largest online store
- WHO reports fivefold increase in cyber attacks, urges vigilance
- How Cybercriminals are Weathering COVID-19
- Xiaomi tracks private browser and phone usage, defends behavior
- PowerUp-With-PowerShell – repository is for a beginners PowerShell training course
Vulnerabilities and Exploits
- Multiple Vulnerabilities in SaltStack Could Allow for Arbitrary Code Execution
- Hackers breach LineageOS servers via unpatched vulnerability
- Fuzzing ImageIO
- Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams
- US-CERT: Bulletin (SB20-118) Vulnerability Summary for the Week of April 20, 2020