Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Emotet spam trojan surges back to life after 5 months of silence
- New Research Exposes Iranian Threat Group Operations
- What to expect when you’re electing: Talos’ 2020 election security primer
- Russia is hacking virus vaccine trials, US, UK, Canada say
- Manufacturing Industry in the Adversaries’ Crosshairs
- The History Behind the SANS DFIR Summit Characters
- HP-Bromium Threat Insights Report, July 2020
- DFIRSUMMIT LAUGH TRACK
- Cloudflare outage on July 17, 2020
Threat Research
- New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials
- Analysis of .NET Thanos Ransomware Supporting Safeboot with Networking Mode
- The Tetrade: Brazilian banking malware goes global
- Updates on ThiefQuest, the Quickly-Evolving macOS Malware
- A BAZAR of Tricks: Following TEAM9’s Development Cycles
- Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
- SCANdalous! (External Detection Using Network Scan Data and Automation)
- GoldenSpy Chapter 4: GoldenHelper Malware Embedded in Official Golden Tax Software
- The Domain Generation Algorithm of BazarBackdoor
- Copy pasting the copy-paste adversary for ̶l̶u̶l̶z̶ science.
- RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
Tools and Tips
- Requesting Azure AD Request Tokens on Azure-AD-joined Machines for Browser SSO
- Hunting for SigRed Exploitation
- Best Practices for Securing a Kubernetes Environment
- capa: Automatically Identify Malware Capabilities
- Making MITRE ATT&CK Actionable
- Process Monitor for Linux
- Masking Malicious Memory Artifacts – Part II: Insights from Moneta
- Windows Server Containers Are Open, and Here’s How You Can Break Out
- Hunt Fast: Splunk and tstats
- Advanced Windows Malware Analysis – Acquiring Memory Artifacts
- Hunting for advanced Tactics, Techniques and Procedures (TTPs)
- Insider Threat Hunting
- Quickpost: curl
- WORKING THROUGH SPLUNK’S BOSS OF THE SOC – PART 5
- Practical security engineering: Stateful detection
- How to Create an Internal/Corporate Red Team
- Using Azure Pipelines to validate my Sysmon configuration
Breaches, Government, and Law Enforcement
- UK follows US in banning Huawei from 5G network
- #TwitterHack: How RiskIQ Data Exposed Hundreds of Domains Belonging to the Attackers
- Who’s Behind Wednesday’s Epic Twitter Hack?
- An update on our security incident
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution
- EMERGENCY DIRECTIVE (ED 20-03) WINDOWS DNS SERVER VULNERABILITY
- SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
- US-CERT Bulletin (SB20-195): Vulnerability Summary for the Week of July 6, 2020