Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs
- Why Cyber Ranges Are Effective To Train Your Teams
- COVID Key Developments: July 3-17
- Cyber Attack Trends: 2020 Mid-Year Report
- New Podcast Series: The Importance of Cyber Threat Intelligence in Cybersecurity
- Sextortion Update: The Final Final Chapter
- US-CERT Alert (AA20-206A): Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
- Defences tested as cyber attackers take aim at UK sports sector
- National / Industry / Cloud Exposure Report
- Phish Fryday – Q2 2020 Phishing Review
- Preserving open source software for future generations
- NSA: Protect Operational Technologies and Control Systems against Cyber Attacks
- Building the Ultimate Home Office (Again)
Threat Research
- Chinese APT group targets India and Hong Kong using new variant of MgBot malware
- User-Friendly Loaders and Crypters Simplify Intrusions and Malware Delivery
- MATA: Multi-platform targeted malware framework
- DarkCrewBot – The Return of the Bot Shop Crew
- Prometei botnet and its quest for Monero
- BlackRock – the Trojan that wanted to get them all
- Connecting Kinsing malware to Citrix and SaltStack campaigns
- Lockscreen Ransomware Phishing Leads To Google Play Card Scam
- New variant of Phobos ransomware is coming
- WastedLocker Ransomware: Abusing ADS and NTFS File Attributes
- Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
- TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves
- Evolution of Valak, from Its Beginnings to Mass Distribution
- OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
- 2020-07-17 ZLOADER MALSPAM (EXCEL 4 MACROS)
- Emotet (2020-07-21): Still Making Use of Userforms
- Malware Analysis Spotlight: The Return of Emotet
Tools and Tips
- Container Security Best Practices Taking Shape
- GReAT thoughts: Awesome IDA Pro plugins
- Version 7 of the REMnux Distro is Now Available
- Simple Blocklisting with MISP & pfSense
- Prioritizing suspicious PowerShell activity with machine learning
- Thinking of a Cybersecurity Career? Read This
- Automating ATT&CK Testing with SOAR and Atomic Red Team
- Low-Level Process Hunting on macOS – understanding complex parent/child process relationships
- Extending the Exploration and Analysis of Windows RPC Methods Calling other Functions with Ghidra 🐉, Jupyter Notebooks 📓 and Graphframes 🔗!
- Security Onion 2.0 Release Candidate 1 (RC1) Available for Testing!
- WORKING THROUGH SPLUNK’S BOSS OF THE SOC – PART 6
- Cracking VBA Project Passwords
- Introduction to Reverse Engineering with Ghidra: A Four Session Course
- Mimikatz usage & detection
- Web Proxy Event Analysis Cheat Sheet
- Malware Scarecrow (aka scaremalw)
- How To Deploy Windows Optics: Commands, Downloads, Instructions, and Screenshots
- Fifty Shades of Malware Strings
- rudder is a Python package to run commands remotely on Windows, macOS or *nix systems using PowerShell Remoting/WinRM or SSH
Breaches, Government, and Law Enforcement
- Two Chinese Hackers Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including COVID-19 Research
- Ransomware gang demands $7.5 million from Argentinian ISP
- NY Charges First American Financial for Massive Data Leak
- Garmin outage caused by confirmed WastedLocker ransomware attack
- Russia’s GRU Hackers Hit US Government and Energy Targets
- Singaporean National Pleads Guilty to Acting in the United States as an Illegal Agent of Chinese Intelligence
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Adobe Bridge Could Allow for Arbitrary Code Execution (APSB20-44)
- Tutorial of ARM Stack Overflow Exploit – Defeating ASLR with ret2plt
- US-CERT Bulletin (SB20-202): Vulnerability Summary for the Week of July 13, 2020
- Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera
- Telerik Vulnerability (CVE-2019-18935) Creates Surge in Web Compromise and Cryptomining Attacks – The Monitor, Issue 14