— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Top 10 Malware December 2019
- Jihadists Presence Online Decentralizes After Telegram Ban
- Lastline Threat Intelligence Briefing – 10 JAN 2020
- Stolen emails reflect Emotet’s organic growth
- CrowdStrike Services Report Focuses on Trends Observed in 2019 and the Outlook for 2020
- 6 OF THE BEST MALICIOUS LIFE CYBERSECURITY HISTORY STORIES FROM 2019
- Threat Insight 2019 in Review: Year of the RAT
- eSentire’s 2019 Annual Threat Intelligence Report
- Emotet: Not your Run-of-the-mill Malware
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Ancient Tortoise: A Deeper Look at the Aging Report BEC Attack Chain
- 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
- Zen Cart “PayPal” Skimmer
- FTCODE Ransomware — New Version Includes Stealing Capabilities
- Enter Dustman: New Wiper Takes After ZeroCleare, Likely Targets Organizations in Region
- Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37
- Uncompromised: An AutoIT worm living off the land
- Malware Evasion Techniques Part 4: Living Off The Land
- Emotet’s away but Trickbot still wants to play
- New Ransomware MZRevenge
- Hacking Activity of SectorD Group in 2019
- https://threatrecon.nshc.net/2020/01/14/hacking-activity-of-sectord-group-in-2019/
Tools and Tips
- SANS 2019 Holiday Hack Challenge (HHC) – KringleCon Write up
- Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
- How to prevent a rootkit attack
- How We Use Apache Airflow at CrowdStrike, Part 1
- Hunting for Nextcloud Cloud Storage Forensic Artifacts on Endpoints
- Admin Account Schema Extensions for AD
- PDBlaster is designed to extract PDB file paths from large sample sets of executable files
- Honepot for CVE-2019-19781 (Citrix ADC)
- New Year New APOLLO – Officially out of Beta iOS 13 Module Updates!
- Learning from cryptocurrency mining attack scripts on Linux
- Using CveEventWrite From VBA (CVE-2020-0601)
Breaches, Government, and Law Enforcement
- Two weeks after ransomware attack, Travelex says some systems are now back online
- Apple Denies FBI Request to Unlock Shooter’s iPhone—Again
- Ransomware attack cost New Orleans $7 million and counting
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
- Microsoft warns about Internet Explorer zero-day, but no patch yet
- Oracle Critical Patch Update Advisory – January 2020
- NSA Advisory: Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers
- Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability
- CRITICAL EXPOSURE IN CITRIX ADC (NETSCALER) – UNAUTHENTICATED REMOTE CODE EXECUTION
- Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
- Microsoft Patch Tuesday for January 2020
- US-CERT Bulletin (SB20-013) Vulnerability Summary for the Week of January 6, 2020
- US-CERT Alert Alert (AA20-010A) Continued Exploitation of Pulse Secure VPN Vulnerability