Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests. Thank you to all of the contributors for this great content!
Industry News, Reports, and Miscellany
- Dragos 2018 Year in Review Webinar Recap: Lessons Learned from Threat Hunting and Responding to Industrial Intrusions
- APT trends report Q1 2019
- Asynchronous Warfare part 3: How Conventional Strategies and Tactics Are Applied to Cyberwarfare
- Quarterly Impostor Email Attacks Aimed at Financial Services Organizations Increased More than 60% Year-Over-Year
- USB Attacks: How Do You Counteract Curiosity?
- Another Marketplace Bites the Dust
- How Stolen Ecommerce Data is Sold on the Darknet
- Two sides of IT vs. OT Security and ICS Security Operations
- Interview with Dmitri Alperovitch Offers Insights From the Global Threat Report
- Vietnam ‘on the edge’ of becoming a mid-tier cybercrime hub
- A hacker is wiping Git repositories and asking for a ransom
Tools and Tips
- Introduction to KAPE
- Webcast: Attack Tactics 5 – Zero to Hero Attack
- Munin is a online hash checker utility that retrieves valuable information from various online sources
- Plaso Filtering Cheat Sheet — This free resource will help you learn filtering tips and techniques when creating a forensics timeline with Plaso.
- The only PowerShell Command you will ever need to find out who did what in Active Directory
- Sean Metcalf (@PyroTek3): BSidesCharm talk “You Moved to Office 365, Now What?” slides & video posted. Key Microsoft Cloud (Azure AD & Office 365) security controls and recommendations.
- OSINT-Search – Useful For Digital Forensics Investigations Or Initial Black-Box Pentest Footprinting
- Spotlight: Threat Hunting YARA Rule Example
- Tony Lambert (@ForensicITGuy): Detecting msiexec.exe with http:// or https:// in the command line is a good medium-confidence hunt.
- Malware sandbox detection and evasion
- Designing Peer-To-Peer Command and Control
- The Difference Between URLs, URIs, and URNs
- Human Honeypots: I Make Friends (and So Should You)
- EvtxECmd –n the first beta version of Eric Zimmerman’s Windows Event Log (evtx) parser.
- Mastering NSA’s Ghidra Reverse Engineering Tool
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- 2019: The Return of Retefe
- Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers
- A look at Stomped VBA code and the P-Code in a Word Document
- Who’s phishing in your cloud? And, some suggestions for detecting it
- Sodinokibi ransomware exploits WebLogic Server vulnerability
- Synthetic Identity Theft a Gateway to Business Fraud
- Quick Analysis of New Method for Spreading TrickBot
- Muhstik Botnet Exploits the Latest WebLogic Vulnerability for Cryptomining and DDoS Attacks
- Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.
- Emotet: Catch Me If You Can (Part 2 of 3)
- LockerGoga Ransomware Family Used in Targeted Attacks
- Buhtrap backdoor and ransomware distributed via major advertising platform
- Dispelling Myths Around SGX Malware
- 2019-05-01 – MALSPAM WITH PASSWORD-PROTECTED WORD DOC PUSHES ICEDID
- Wipro Threat Actors Active Since 2015
- New phishing campaign purports to come from FBI Director Christopher Wray
- Not all Roads Lead to Magento: All Payment Platforms are Targets for Magecart
- Qakbot levels up with new obfuscation techniques
- Reversing Gh0stRAT part 2: the DDOS-ening
- APT34: Glimpse project
- Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
- Cryptojacking in the post-Coinhive era
- A MYSTERIOUS HACKER GROUP IS ON A SUPPLY CHAIN HIJACKING SPREE
- “MegaCortex” ransomware wants to be The One
- I know what you did last summer, MuddyWater blending in the crowd
Breaches, Government, and Law Enforcement
- Email hackers steal $1.75 million from St. Ambrose Catholic Parish in Brunswick
- DHS Compels Federal Agencies to Remediate Critical Vulnerabliities for Internet-Accessible Systems within 15 days — Binding Operational Directive 19-02
- Executive Order on America’s Cybersecurity Workforce
Vulnerabilities and Exploits
- WebLogic Update
- Docker Hub Breach
- CVE-2019-3396: Vulnerability in Atlassian Confluence Widget Connector Exploited in the Wild
- Dell computers vulnerable to remote code exectution
- Story of a Hundred Vulnerable Jenkins Plugins