— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Cybersecurity Quarterly – Winter 2019
- State and Local Government Ransomware Attacks Surpass 100 for 2019
- It’s time to disconnect RDP from the internet
- 2019: The year in malware
- Monthly Threat Actor Group Intelligence Report, October 2019
- Estimating Emotet’s size and reach
- The Githubification of InfoSec
- Hackers hit Norsk Hydro with ransomware. The company responded with transparency
- Security Correlation Then and Now: A Sad Truth About SIEM
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Unveiling JsOutProx: A New Enterprise Grade Implant
- Emotet Modifies Command & Control URI Structure and Brings Back Link-based Emails
- CONNECTWISE CONTROL ABUSED AGAIN TO DELIVER ZEPPELIN RANSOMWARE
- How Websites Are Used to Spread Emotet Malware
- Spelevo exploit kit debuts new social engineering trick
- Untangling Legion Loader’s Hornet Nest of Malware
- A Shortcut to Compromise: Cobalt Gang phishing campaign
- Turkish tricks with worms, RATs… and a freelancer
- Say hello to Bottle Exploit Kit targeting Japan
- An Updated ServHelper Tunnel Variant
- Undressing the REvil
- Swrort PowerShell Stager Analysis
- Dacls, the Dual platform RAT
- Operation Wocao: Shining a light on one of China’s hidden hacking groups
Tools and Tips
- HSTS For Forensics: You Can Run, But You Can’t Use HTTP
- Wireshark version 3.2.0 was released, with many improvements
- OSINT Threat Hunting Powershell Empire
- Awesome Shodan Search Queries
- yaraZeekAlert – script scans the files extracted by Zeek with YARA rules
- How Unix Works: Become a Better Software Engineer
- phishing-yara – Collection of Yara rules on phishing kits
- Google Takeout and Vault in Email Forensics
- Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
- Mitigating Emotet
- Regrecent comes to PowerShell
- Automating Mapping to ATT&CK: The Threat Report ATT&CK Mapper (TRAM) Tool
Breaches, Government, and Law Enforcement
- Wawa says POS malware incident impacts ‘potentially all locations
- Frankfurt shuts down IT network following Emotet infection
- Member of “The Dark Overlord” Hacking Group Extradited From United Kingdom to Face Charges in St. Louis
- New Orleans cyberattack: Recovery process will last week or more, FBI aiding investigation
- Nuclear Bot Author Arrested in Sextortion Case
Vulnerabilities and Exploits
- Seven Critical Vulnerabilities Discovered in Portainer
- BreakingApp – WhatsApp Crash & Data Loss Bug
- Cisco ASA DoS bug attacked in wild
- Microsoft Updates November Security Updates with SharePoint Bug
- US-CERT Bulletin (SB19-350): Vulnerability Summary for the Week of December 9, 2019