Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Emotet Botnet Is Back, Servers Active Across the World
- VMware acquires Carbon Black for $2.1B and Pivotal for $2.7 billion
- ATT&CK Sub-Techniques Preview
- Intel, IBM, Google, Microsoft & others join new security-focused industry group
- Chinese State Media Seeks to Influence International Perceptions of Hong Kong Protests
- The State of Threat Detection 2019
- Purple Teaming ICS Networks: Part 1 of 3
- Beyond Compliance:Cyber Threats and Healthcare
- Supply Chain Attacks: Controls and Processes
- Week in OSINT #2019–33
- Cheap Fakes beat Deep Fakes
- Protecting Chrome users in Kazakhstan
- Cobalt Strike’s Process Injection: The Details
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- First‑of‑its‑kind spyware sneaks into Google Play
- The Gamaredon Group: A TTP Profile Analysis
- Agent 1433: remote attack on Microsoft SQL Server
- Magecart criminals caught stealing with their poker face on
- Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities
- Agent Tesla: Evading EDR by Removing API Hooks
- It’s all fun and games until ransomware deletes the shadow copies
- Trickbot Analysis – Part 1: Macro Analysis
- Attacks by Silence: technical analysis of Silence’s tools, tactics, and evolution
Tools and Tips
- Triage Collection and Timeline Generation with KAPE
- KAPE vs Commando, another Red vs Blue vignette
- Solving RE tasks the crypto way
- Updates released for “Tsurugi” Linux, a DFIR Distro
- MacOS Incident Response | Part 1: Collecting Device , File & System Data
- iOS 12 – Delivered Notifications and a new way to parse them
- Using CloudFront to Relay Cobalt Strike Traffic
- HacktheBox – Lame Writeup
- Unpacking Remcos Quick Tip Tutorial (Video)
Breaches, Government, and Law Enforcement
- BEC Takedown: Massive International Fraud and Money Laundering Conspiracy Detailed in Federal Grand Jury Indictment that Charges 80 Defendants
- Hackers seek total of $2.5 million in ransomware attack on Texas government agencies
- Big data company Palantir renews its controversial contract with ICE that is worth nearly $50 million
- MoviePass left customers’ credit cards exposed online
- Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards
Vulnerabilities and Exploits
- Microsoft launches bug bounty for new Chromium Edge browser, with $30,000 top reward
- Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban
- Key Negotiation Of Bluetooth (KNOB) attack: Major Bluetooth Security Flaw
- Facebook expands its Data Abuse Bounty program to Instagram
- DotNet Core: A Vector For AWL Bypass & Defense Evasion
- DejaBlue: Analyzing a RDP Heap Overflow