Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CIS CommunityDefense Model v1.0
- Phishing & BEC Scams Soar 3000%: Agari H2 2020 Email Fraud and Identity Deception Trends Report
- Time Is (Still) Money and Other Findings from the 2020 Cost of a Data Breach Report
- Spam and phishing in Q2 2020
- Incident Response Analyst Report 2019
- Machine Learning for Humans
- I’m Open Sourcing the Have I Been Pwned Code Base
- Capital One Ruling – Why Capital One was forced to disclose its incident report in data breach lawsuit
- Ransomware Attacks Fracture Between Enterprise and Ransomware-as-a-Service in Q2 as Demands Increase
- Should Governments Actively Defend Private Sector Networks?
Threat Research
- Inter skimming kit used in homoglyph attacks
- US-CERT Malware Analysis Report (AR20-216A) – MAR-10292089-1.v1 – Chinese Remote Access Trojan: TAIDOOR
- Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
- TA551 (Shathak) Word docs push IcedID (Bokbot)
- Dridex – From Word to Domain Dominance
- 2020-07-31 DEOBFUSCATING ICEDID MACRO SCRIPT
- 2020-08-05: Update on zloader XLM code
Tools and Tips
- Persistent JXA: A poor man’s Powershell for macOS
- Securing Oracle Cloud Infrastructure
- Stadeo: Deobfuscating Stantinko and more
- CPR Anti-Debug Encyclopedia: The Check Point Anti-Debug Techniques Repository
- Making the Most Out of WLAN Event Log Artifacts
- How to Install SIFT Workstation and REMnux on the Same System for Forensics and Malware Analysis
- BlackBerry’s Open Source PE Tree Tool for Malware Reverse Engineers
- Announcing the Seventh Annual Flare-On Challenge
- Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
- Masking Malicious Memory Artifacts – Part III: Bypassing Defensive Scanners
- zip-crack: The purpose of this script is brute force ZIP archives that are password protected
- DFIR Related Events for Beginners – August, 2020
- My Experience With the SANS FOR500 Course and the GCFE Exam
- Panopticon is a debugger-powered tracer for Python code to quickly visualize and explore code execution
- VT Code Similarity Yara Generator
- Kerberoasting: A Blue Team Perspective
- Windows Process Injection – some popular methods used for process injection on the windows operating system.
- Chromebook Data Locations
- 0xf0x #5 Malware Analysis Using a Cuckoo Sandbox (video)
- Unprotect [Project] The search engine about Malware Evasion Techniques
- Emotet API+string deobfuscator (v0.1)
- The Art Of Mac Malware
- Pysa: An open source static analysis tool to detect and prevent security issues in Python code
Breaches, Government, and Law Enforcement
- TikTok exploring ‘all remedies’ to safeguard ‘rule of law’ in US ban
- Rewards for Justice – Reward Offer for Information on Foreign Interference in U.S. Elections
- Announcing the Expansion of the Clean Network to Safeguard America’s Assets
- GandCrab ransomware distributor arrested in Belarus
- Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker
- US shares info on election interference tied to Russia, China, Iran
- Garmin Pays Up to Evil Corp After Ransomware Attack — Reports
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Apache Web Server Could Allow for Remote Code Execution
- Don’t be silly – it’s only a lightbulb
- Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows
- The Current State of Exploit Development, Part 1
- US-CERT Bulletin (SB20-216): Vulnerability Summary for the Week of July 27, 2020
- CVE-2020–9854: “Unauthd” (three) logic bugs ftw!
1 comment / Add your comment below