— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- DHS alert covering Iranian Threat (National Terrorism Advisory System Bulletin)
- US-CERT Alert (AA20-006A) Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad
- Iranian State-Sponsored and Aligned Attacks: What You Need to Know and Steps to Protect Yourself
- FireEye Response to Mounting U.S.-Iran Tensions: Preparing for Possible Iranian Cyber Attacks
- Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access
- Threat Research Team Communication Concerning Potential Heightened Activity from Iran
- The State of Threats to Electric Entities in North America
- What the continued escalation of tensions in the Middle East means for security
- Windows 7: What is your company’s exit strategy?
- Big Game Ransomware being delivered to organisations via Pulse Secure VPN
- Security Primer – Ryuk
- Symantec’s Cyber Security Services business Sold to Accenture
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- PowDesk: Targeted APT34 Campaign Against LANDesk Users
- Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
- Google Highlights “Bread” aka “Joker”, Mobile Malware for SMS and Billing Fraud
- From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications
- AT&T Alien Labs analysis of an active cryptomining worm
- Predator the Thief: Analysis of Recent Versions
- Operation AppleJeus Sequel
- Tik or Tok? Is TikTok secure enough?
- Threat Spotlight: Amadey Bot Targets Non-Russian Users
- Intezer Analyze Community: 2019 Recap and Trends
- SAIGON, the Mysterious Ursnif Fork
- Muddy Water strikes again in Summer Mirage Campaign
- Crimson (01.06.2020) – Malicious Document
Tools and Tips
- Windows Debugging & Exploiting Part 3: WinDBG Time Travel Debugging
- MemLabs: Educational, CTF-styled labs for individuals interested in Memory Forensics
- Bypassing AV via in-memory PE execution
- Climbing the Vulnerability Management Mountain: Reaching Maturity Level 3 – Base Camp
- GreyNoise Cheat Sheet
- First RegRipper 2020 Update
- Ethical Hacking Lessons — Building Free Active Directory Lab in Azure
- Launching ATT&CK for ICS
- Wireshark Tutorial: Examining Ursnif Infections
- TA505 Unpacker is a python 2.7 script that is able to unpack statically, x86 TA505 packed samples
Breaches, Government, and Law Enforcement
- Travelex Impacted by Ransomware Incident
- Las Vegas city officials assessing impact after cyber attack
- F.B.I. Asks Apple to Help Unlock iPhones, Again
- https://www.nytimes.com/2020/01/07/technology/apple-fbi-iphone-encryption.html
- Lawmakers Prod FCC to Act on SIM Swapping
- City of Bend advises of possible data security breach
Vulnerabilities and Exploits
- Vulnerability in Citrix Application Delivery Controller (CVE-2019-19781) Could Allow for Arbitrary Code Execution
- A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
- Proof-of-concept code published for Citrix bug as attacks intensify
- Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution
- Firefox gets patch for critical 0-day that’s being actively exploited
- Updates to Google Project Zero Disclosure Policy
- First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
- US-CERT Bulletin (SB20-006) Vulnerability Summary
- US-CERT Alert (AA20-010A) Continued Exploitation of Pulse Secure VPN Vulnerability