Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Recorded Future: H1 2021: Malware and Vulnerability Trends Repor
- Cisco Talos: Translated: Talos’ insights from the recently leaked Conti ransomware playbook
- SANS ISC: Attackers Will Always Abuse Major Events in our Lives
- CISA: Ransomware Awareness for Holidays and Weekends
- Sophos: Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
- Bushido Token: How Do You Run A Cybercrime Gang?
- Intel 471: How BEC scammers use the cybercrime underground
- Lawfare: Apple Client-Side Scanning Takes A Pause
Threat Research
- CrowdStrike: Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware
- CrowdStrike: CARBON SPIDER Embraces Big Game Hunting, Part 1
- CrowdStrike: Sidoh: WIZARD SPIDER’s Mysterious Exfiltration Tool
- Proofpoint: BEC Taxonomy: Advance Fee Fraud
- Mandiant: PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
- Mandiant: Too Log; Didn’t Read — Unknown Actor Using CLFS Log Files for Stealth
- IBM: Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
- Kaspersky: Technical analysis of the QakBot banking Trojan
- Cisco Talos: Attracting flies with Honey(gain): Adversarial abuse of proxyware
- SANS ISC: STRRAT: a Java-based RAT that doesn’t care if you have Java
- Blackberry: Threat Thursday: Who’s Afraid of Phobos Ransomware?
- Anomoli: Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
- Juniper Networks: Attacks Continue Against Realtek Vulnerabilities
- Microsoft: A deep-dive into the SolarWinds Serv-U SSH vulnerability
- Sucuri: Analysis of a Phishing Kit (that targets Chase Bank)
- Uptycs: LOLBins Are No Laughing Matter: How Attackers Operate Quietly
- AdvIntel: From Russia With… LockBit Ransomware: Inside Look & Preventive Solutions
Tools and Tips
- The DFIR Report: Cobalt Strike, a Defender’s Guide
- CrowdStrike: The Role of Malware Analysis in the Modern SOC
- IBM: Fighting Cyber Threats With Open-Source Tools and Open Standards
- Kaspersky: Q&A following our applied YARA training
- red canary: Steer clear of bad drivers with Microsoft’s recommended driver block rules
- expel: Swimming past 2FA, part 2: How to investigate Okta compromise
- Binary Defense: Mimicking Human Activity using Selenium and Python
- Sentinel Labs: 6 Pro Tricks for Rapid macOS Malware Triage with Radare2
- digital shadows: Social Media Monitoring Best Practices
- NVISO: Anatomy and Disruption of Metasploit Shellcode
- Mehmet Ergene: Detecting EDR Bypass: Malicious Drivers(Kernel Callbacks)
- Michael Koczwara: Cobalt Strike PowerShell Payload Analysis
- TrustOnCloud: The last S3 security document that we’ll ever need, and how to use it
- ehacking (video): OSINT Training Course – Open Source Intelligence Training
- Spookysec: Deception in Depth – Spoofing Logged in Users
- ninoseki: ninoseki/miteru: An experimental phishing kit detection tool
- 0xthreatintel (video): Reverse Engineering Bluelight Malware !
- AboutDFIR: First Time GIAC: Studying for the GCFE
- 0xInfection: Offensive WMI – The Basics (Part 1)
- Scorpiones: Lateral Movement using DCOM Objects
- Red Team Blog: Blinding EDR On Windows
- SearchSecurity: Top static malware analysis techniques for beginners
- Zero Sec: Understanding Cobalt Strike Profiles
- DFIR Diva: DFIR Related Events for Beginners – September 2021
- Anton on Security: Kill SOC Toil, Do SOC Eng
- F-Secure: Chainsaw Overview
- countercept: countercept/chainsaw: Rapidly Search and Hunt through Windows Event Logs
- Velociraptor: Event Tracing For Windows. Digging into Windows Internals
- AWS: How to automate forensic disk collection in AWS
- Black Hat (video): Threat Hunting in Active Directory Environment
Breaches, Government, and Law Enforcement
- FTC: FTC Bans SpyFone and CEO from Surveillance Business and Orders Company to Delete All Secretly Stolen Data
- ZDNet: FBI warns of ransomware attacks targeting food and agriculture sector as White House pushes for proactive measures
- Malwarebytes: WhatsApp hit with €225 million fine for GDPR violations – Malwarebytes Labs
- TechCrunch: SEC fines brokerage firms over email hacks that exposed client data
- The White House: Press Briefing by Press Secretary Jen Psaki and Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger, September 2, 2021
- Krebs: Gift Card Gang Extracts Cash From 100k Inboxes Daily
- Lawfare: How Congress and NIST Can Help Organizations Better Manage Cyber Risk
- US DOJ: Deputy Attorney General Lisa Monaco Announces Creation of New Cyber Fellows Positions
Vulnerabilities and Exploits
- The Hacker News: US Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw
- PAN Unit42: Threat Brief: CVE-2021-26084
- CISA: Cisco Releases Security Updates for Cisco Enterprise NFVIS
- CISA: Vulnerability Summary for the Week of August 23, 2021
- IBM: The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have
- Asset-Group: BrakTooth: Causing Havoc on Bluetooth Link Manager
- SANS ISC: BrakTooth: Impacts, Implications and Next Steps
- Checkpoint: Now Patched Vulnerability in WhatsApp could have led to data exposure of users
- The Record: ProxyToken vulnerability can modify Exchange server configs
- Zero Day Initiative: ProxyToken: An Authentication Bypass in Microsoft Exchange Server
1 comment / Add your comment below