— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Cyber Threat Actors Expected to Leverage Coronavirus Outbreak
- Damages from Business Email Compromise (BEC) Top the 2019 FBI IC3 List
- Symphony Technology Group Enters Definitive Agreement with Dell Technologies to Acquire RSA
- Banking Trojans and Ransomware — A Treacherous Matrimony Bound to Get Worse
- US-CERT: North Korean Malicious Cyber Activity
- DDoS attacks in Q4 2019
- Dragos 2019 ICS Year in Review: Executive Summary
- 2020 Olympics Threat Assessment Report
- Proofpoint Q4 2019 Threat Report and Year in Review — The Year of the RAT Ends with More of the Same
- The BlackBerry Cylance 2020 Threat Report
- M-Trends 2020: Insights From the Front Lines
- The Ecosystem of Phishing: From Minnows to Marlins
- Black Hat Asia 2020 postponed due to coronavirus concerns
- Monthly Threat Actor Group Intelligence Report, December 2019
- Digital Forensics Investigator: A Road Few Have Traveled
- Malwarebytes Labs releases 2020 State of Malware Report
- CIA Secretly Owned Global Encryption Provider, Built Backdoors, Spied On 100+ Foreign Governments: Report
- Security Researchers Partner With Chrome To Take Down Browser Extension Fraud Network Affecting Millions of Users
- The Difficult Decision to Switch Jobs
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign
- Fox Kitten – Widespread Iranian Espionage-Offensive Campaign
- Multicomponent Malware Targeting Cryptocurrency
- ViperSoftX – New JavaScript Threat
- ObliqueRAT: New RAT hits victims’ endpoints via malicious documents
- 40,000 CryptBot Downloads per Day: Bitbucket Abused as Malware Slinger
- Phishing in the Cloud
Tools and Tips
- Detection Engineering with Kerberoasting Blog Series
- How to Sniff Out (and Block) BloodHound Attacks
- Discovering contents of folders in Windows without permissions
- Whodat? Enumerating Who “owns” a Workstation for IR
- Spot the Difference: Tracking Malware Campaigns using Visually Similar Images
- Evidence Indicators for Targeted Ransomware Attacks – Part II
- The Third Amigo: detecting Ryuk ransomware
- Exabeam: an incident investigator’s cheat code
- Mitigating malware and ransomware attacks
- The Missing LNK — Correlating User Search LNK files
- Chromium-based Microsoft Edge from a Forensic Point of View
- Ghost in the shell: Investigating web shell attacks
- Invoke-AtomicRedTeam
- Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments
- Wireshark Tutorial: Examining Qakbot Infections
- Red Team Techniques: Gaining access on an external engagement through spear-phishing
- Statically Reverse Engineering Shellcode Techniques: Stage 1
- HUMBLE BOOK BUNDLE: CYBERSECURITY 2020 BY WILEY
- Official VirusTotal Plugin for IDA Pro 7
Breaches, Government, and Law Enforcement
- DOD DISA discloses data breach
- US-CERT: Alert (AA20-049A) Ransomware Impacting Pipeline Operations
- Assessment of Ransomware Event at U.S. Pipeline Operator
- U.S. and Britain say Russia launched ‘paralyzing’ cyberattack on Georgia
- Hackers Were Inside Citrix for Five Months
- Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting
- Chinese Military Personnel Charged with Computer Fraud, Economic Espionage and Wire Fraud for Hacking into Credit Reporting Agency Equifax
- Puerto Rico government falls for $2.6 million email scam
Vulnerabilities and Exploits
- Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
- A Vulnerability in Cisco Smart Software Manager On-Prem Could Allow for Privileged Read and Write Access (CVE-2020-3158)
- An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
- Building a bypass with MSBuild
- US-CERT: Bulletin (SB20-048) Vulnerability Summary for the Week of February 10, 2020
- Positive Technologies: 82 Percent of Web Application Vulnerabilities are in the Source Code