Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ITRC: Number of Data Breaches in 2021 Surpasses All of 2020 – ITRC
- Flashpoint: Flashpoint’s Top 10 Articles of 2021
- Dragos: Asset Visibility Maps Relationships and Communication Pathways in OT Environments
- Cisco Talos: 2021: Looking back on the year in malware and cyber attacks, from SolarWinds to Log4j
- BleepingComputer: Microsoft Exchange year 2022 bug in FIP-FS breaks email delivery
Threat Research
- CrowdStrike: AQUATIC PANDA in Possession of Log4Shell Exploit Tools
- Check Point: A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
- SANS ISC: Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons
- SANS ISC: Agent Tesla Updates SMTP Data Exfiltration Technique
- CyStack: The attack on ONUS – A real-life case of the Log4Shell vulnerability
- NTTSecurity: Flagpro: The new malware used by BlackTech
- ASEC: Redline Stealer Targeting Accounts Saved to Web Browser with Automatic Login Feature Included
- The Record: More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
- AmnPardaz: Take the lights-out Implant.ARM.iLOBleed.a The first rootkit discovered infecting HP iLO firmware
Tools and Tips
- Red Canary: Atomic Operator: an execution framework for Atomic Red Team
- Open Source DFIR: Plaso 20211229 released
- PAN Unit42: Strategically Aged Domain Detection: Using DNS Traffic Trends
- Atomic Matryoshika: INTRO TO STATIC ANALYSIS WITH KAZY TROJAN
- Michael Koczwara: LetsDefend: Incident Response Log4j RCE Exploit Analysis
- DMFR Security: 100 Days of YARA – Day 13: Quasar RAT
- Blake’s R&D: Cobalt Strike DFIR: Listening to the Pipes
- DFIR-IRIS: iris-web: Incident Response collaborative platform
- Marius Sandbu: Protection against Ransomware — 2021
- Forensic It Guy: Analyzing an IcedID Loader Document
Breaches, Government, and Law Enforcement
- Digital Shadows: AlphaBay’s Return: A slow-burning masterpiece, or a flash in the pan?
- BleepingComputer: Top 10 healthcare breaches in the US exposed data of 19 million
- BleepingComputer: Ransomware gang coughs up decryptor after realizing they hit the police
- The Record: LastPass confirms credential stuffing attack against some of its users