Summary

— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!

Industry Reports, News, and Miscellany

• SANS Reading Room: Effectively Addressing Advanced Threats
  • https://www.sans.org/reading-room/whitepapers/threats/paper/39105
• Kaspersky: Incident Response report 2018
  • https://securelist.com/incident-response-analytics-report-2018/92732/
• Purple Teaming ICS Networks: Part 2 of 3
  • https://dragos.com/blog/industry-news/purple-teaming-ics-networks-part-2-of-3/
• Banking Trojans: A Reference Guide to the Malware Family Tree
  • https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree
• Incident trends report (October 2018 – April 2019)
  • https://www.ncsc.gov.uk/report/incident-trends-report
• Day-1 Skills That Cybersecurity Hiring Managers Are Looking For
  • https://danielmiessler.com/blog/day-1-skills-required-to-land-an-entry-level-cybersecurity-job/

Threat Research – Malware, Phishing, and other Campaigns in the Wild

• More_eggs, Anyone? Threat Actor ITG08 Strikes Again
  • https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/
• Ransomware Strains in a Post-GandCrab Environment
  • https://www.fidelissecurity.com/threatgeek/threat-intelligence/ransomware-post-gandcrab/
• Tracking Down a Big Phish
  • https://www.fortinet.com/blog/threat-research/tracking-down-big-phish.html
• TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy
  • https://blog.trendmicro.com/trendlabs-security-intelligence/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy/
• China Chopper still active 9 years later
  • https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html
• RAT Ratatouille: Backdooring PCs with leaked RATs
  • https://blog.talosintelligence.com/2019/08/rat-ratatouille-revrat-orcus.html
• Malware Samples Compiling Their Next Stage on Premise
  • https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/
• Inside the APT28 DLL Backdoor Blitz
  • https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
• CB TAU Threat Intelligence Notification: Trickbot Banking Trojan Continues to Evolve
  • https://www.carbonblack.com/2019/08/16/cb-tau-threat-intelligence-notification-trickbot-banking-trojan-continues-to-evolve/
• Hancitor/Amadey (8.26.2019): .vbs script analysis
  • https://clickallthethings.wordpress.com/2019/08/26/hancitor-amadey-8-26-2019-vbs-script-analysis/

Tools and Tips

• Merlin v0.8.0 Released
  • https://posts.specterops.io/merlin-v0-8-0-released-6883528b370b
• Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)
  • https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/
• How to Write Good Tweets
  • https://medium.com/@cyb3rops/how-to-write-good-tweets-445c39081627
• Packet Strider (v0.1): A network packet forensics tool for SSH
  • https://github.com/benjeems/packetStrider
• osctrl: A fast and efficient osquery management solution
  • https://medium.com/@javuto/introducing-osctrl-91583e3fa75d
• Malware Analysis Pipeline in AWS (part 1)
  • https://blog.malware.re/2019/08/28/Malware-Analysis-Pipeline-in-AWS-part-1/index.html
• Analysis of the JSE malware
  • https://blog.rico-j.de/jse-malware-analysis/
• Kerberos Attacks Cheatsheet
  • https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
• Advanced Splunk Searching for Security Hunting and Alerting (video)
  • https://www.youtube.com/watch?v=gOSFTrQhCAI&feature=youtu.be
• Android – Locating Location Data: The Tile App
  • https://blog.d204n6.com/2019/08/android-locating-location-data-tile-app.html
• MISP v2.4.114 released  (aka the community care package release)
  • https://www.misp-project.org/2019/08/31/MISP.2.4.114.released.html

Breaches, Government, and Law Enforcement 

• Jack Dorsey’s Twitter account got hacked
  • https://www.zdnet.com/article/jack-dorseys-twitter-account-got-hacked/
• A very deep dive into iOS Exploit chains found in the wild
  • https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
• Ryuk Ransomware Impacts Long Island’s Rockville Centre School District
  • https://www.newsday.com/long-island/education/hackers-ramsomware-school-districts-1.35422441
• Ransomware Bites Dental Data Backup Firm
  • https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/

Vulnerabilities and Exploits

• A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution\
  • https://www.cisecurity.org/advisory/a-vulnerability-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-086/
• Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
• Hiding in Plain Text: Jenkins Plugin Vulnerabilities
  • https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/
• Windows Process Injection: Asynchronous Procedure Call (APC)
  • https://modexp.wordpress.com/2019/08/27/process-injection-apc/
• MiniDumpWriteDump via COM+ Services DLL
  • https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/