— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- A MITRE-based Analysis of a Cloud Attack
- Hot Off the Press: Cofense Q4 2019 Malware Trends Report
- A New Decade Of Javascript Threats
- European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019
- Monthly Threat Actor Group Intelligence Report, November 2019
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Nice Try: 501 (Ransomware) Not Implemented
- New NetWire RAT Campaigns Use IMG Attachments to Deliver Malware Targeting Enterprise Users
- Shlayer Trojan attacks one in ten macOS users
- WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation
- An Inside Look into Microsoft Rich Text Format and OLE Exploits
- Linux Rekoobe Operating with New, Undetected Malware Samples
- Fileless ransomware FTCODE now steals credentials
- New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware
- Citrix CVE-2019-19781 malware analyses
- WannaMine “Invoke-Brexit” Campaign Analysis
- Increased Emotet Malware Activity
Tools and Tips
- Revisiting Remote Desktop Lateral Movement
- DeepBlueCLI: Powershell Threat Hunting
- Detecting attacks leveraging the .NET Framework
- Hunting for Ransomware: Getting Ahead of Ryuk attacks using YARA rules
- Mac4n6 – Apple Pattern of Life Lazy Output’er (APOLLO)
- Norimaci is a simple and lightweight malware analysis sandbox for macOS
- Shocker — A HTB Walkthrough
- Discover New Forensic Evidence with File Structure Analysis
- Analyzing Modern Malware Techniques
- ROUTE TO THE DFIR CAREER
- Back to Basics: The PowerShell foreach Loop
Breaches, Government, and Law Enforcement
- Trend Micro antivirus zero-day used in Mitsubishi Electric hack
- Russian National Pleads Guilty to Running Online Criminal Marketplace
- Tampa Bay Times hit with Ryuk ransomware attack
- Everything We Know About the Jeff Bezos Phone Hack
Vulnerabilities and Exploits
- Update: Curveball Exploit (CVE-2020-0601) Starts Making the Rounds
- Vulnerability Spotlight: Multiple vulnerabilities in some AMD graphics cards
- Microsoft Zero-Day Actively Exploited, Patch Forthcoming
- US-CERT – Bulletin (SB20-020) Vulnerability Summary for the Week of January 13, 2020