Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- 2019 H1 Cyber Events Summary Report
- Cloudflare files for initial public offering
- Webcast: A Deep Dive Into the Mobile Malware Report Trends and Recommendations
- Malware Naming Hell Part 1: Taming the mess of AV detection names
- Kicked While Down: Critical Infrastructure Amplification and Messaging Attacks
- Learning to Forget: Infosec’s Unfortunate Departure from Spaced Learning
- Accenture: 2019 Cyber Threatscape Report
- Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp
- 2019 Unofficial Defcon DFIR CTF
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- New GoBrut Version in the Wild
- The “I’s” Have It: How BEC Scammers Validate New Targets with Blank Emails
- Troldesh Ransomware Dropper
- In the Balkans, businesses are under fire from a double‑barreled weapon
- Recent Cloud Atlas activity
- The Hidden Bee infection chain, part 1: the stegano pack
- Analysis: New Remcos RAT Arrives Via Phishing Email
- PsiXBot Continues to Evolve with Updated DNS Infrastructure
- Ursnif ups its game with sophisticated VBA and PowerShell combination Dropper
- Machete Malware Unsheathed
Tools and Tips
- Offensive Lateral Movement
- SaaSy_Boi: Why the Future of Command and Control is the Cloud
- Entity extraction for threat intelligence collection
- 3 must-dos when you’re starting a threat hunting program
- MoP – “Master of Puppets” – Advanced malware tracking framework revealed at BlackHat Arsenal 2019
- Vulnerability Management Program best practices
- AbsoluteZero: A Python Red Team Post-Exploitation Tool
- DEF CON USA 2019: .NET MALWARE THREAT -INTERNALS AND REVERSING
- Chasing the DFIR Cure
- Asset Discovery: Making Sense of the Ocean of OSINT
- Threat hunting using DNS firewalls and data enrichment
- Windows Sysmon Logging Cheat Sheet Released
- SysmonHunter: An easy ATT&CK-based Sysmon hunting tool
- Constellation: Open-source visualisation and data analysis application released by Australian Signals Directorate
- Building a Windows 2016 Domain Controller with Vagrant and Ansible
- Selecting a cyber threat intelligence provider — building out your requirements
- Detecting Adversary Tradecraft with Image Load Event Logging and EQL
- RTHVM: The Resolvn Threat Hunting Virtual Machine
- Code Analysis with Ghidra (VIDEO)
- Program Execution…Or Not
- A Threat hunter’s playbook to aid the development of techniques and hypothesis for hunting campaigns
Breaches, Government, and Law Enforcement
- At least 20 Texas local governments hit in ‘coordinated ransomware attack’
- 700,000 Choice Hotels records leaked in data breach, ransom demanded
Vulnerabilities and Exploits
- Critical Patches Issued for Microsoft Products, August 13, 2019
- DEJABLUE – Multiple Wormable RDS Vulnerabilities Affecting Latest Windows Versions
- FortiGuard Labs Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop
- August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default
- August 2019 Microsoft Patch Tuesday
- Down the Rabbit-Hole…
- Breaking Through Another Side: Bypassing Firmware Security Boundaries
Good job Ryan! keep it up
Thanks, I appreciate it!