— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Russia successfully disconnected from the internet
- Biggest Malware Threats of 2019
- A decade in cybersecurity fails: the top breaches, threats, and ‘whoopsies’ of the 2010s
- A Legal Perspective: Best Practices for Prevention and Immediate Response to a Breach
- DFIR SUMMIT 2020 SNEAK PREVIEW
- Why the cloud is probably more secure than your on-prem environment
- Ransomware in Your Stocking
- The Epidemic Analysis of Ransomware in November 2019
- Defend Against SIM Swapping
- Misconceptions: Unrestricted Release of Offensive Security Tools
- The False Choice of Penetration Testing Tools
- Inside the NSA’s plan to lure cyber talent
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Want to simulate a holiday phish? This one’s from your friends at Emotet.
- Operation Wocao: Shining a light on one of China’s hidden hacking groups
- Introducing BIOLOAD: FIN7 BOOSTWRITE’s Lost Twin
- Looking into Attacks and Techniques Used Against WordPress Sites
- Living off the Land: Turning Your Infrastructure Against You
- Canadian banks targeted in a massive phishing campaign
- Leveraging Disk Imaging Tools to Deliver RATs
- Shamoon 2012 Complete Analysis
- Exploding the DanBot code to hunt for Hexane’s cyber weapon
- Casual Analysis of Valak C2
- When Malware RATs on their Owners
- Let’s play (again) with Predator the thief
Tools and Tips
- Enumerating office365 users
- Timely acquisition of network traffic evidence in the middle of an incident response procedure
- The Empire (3.0) Strikes Back
- The Empire Rises again…
- Elemental is a centralized threat library of MITRE ATT&CK techniques
- Awesome-network-stuff: Resources about network security
- Here Be Dragons: Reverse Engineering with Ghidra – Part 1 [Data, Functions & Scripts]
- Getting Started with Timesketch and Docker
- Handling Large CSV Files for Digital Forensics and Incident Response
- A “highlight of the blogs, tools, talks etc that I keep coming back to on a regular basis, both as a defender and general InfoSec professional” — @Antonlovesdnb
- APPLOCKER FTW
Breaches, Government, and Law Enforcement
- A Data Leak Exposed The Personal Information Of Over 3,000 Ring Users
- Wawa Discloses that POS malware incident impacts ‘potentially all locations’
- Ransomware at IT Services Provider Synoptek
Vulnerabilities and Exploits
- Positive Technologies: Citrix vulnerability allows criminals to hack networks of 80,000 companies
- Google Chrome impacted by new Magellan 2.0 vulnerabilities
- Cisco ASA DoS bug attacked in wild
- US-CERT Bulletin (SB19-357): Vulnerability Summary for the Week of December 16, 2019