Summary

— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio.

Even here, there is a lot of material, so I included my top picks from each category below, and added brief quotes for additional context. I hope this highlights certain bits and helps readers identify content to consume. Happy Reading!

Highlights:

News/Reports/Papers: ATT&CKing Threat Management: A Structured Methodology for Cyber Threat Analysis

“This analysis aids decision makers in their commission to balance risk management with resource management. By leveraging the MITRE Adversarial Tactics Techniques & Common Knowledge (ATT&CK) framework as a quantitative data model, analysts can bridge the gap between strategic, operational, and tactical intelligence”

by Andy Piazza

Threat Research: LookBack Malware Targets the United States Utilities Sector

“distinct delivery methodology coupled with unique LookBack malware highlights the continuing threats posed by sophisticated adversaries to utilities systems and critical infrastructure providers”

by Michael Raggi and Dennis Schwarz with the Proofpoint Threat Insight Team

Tools and Tips: Ten Tips for Thriving at Infosec Cons

“With Hacker Summer Camp starting in just days, I thought this would be a good time to share my tips for making the most of infosec conferences. Whether it’s Black Hat, DEF CON, or your local BSides, infosec cons are an awesome way to meet people and learn, and that can be crucial to your career advancement.”

by Katie Nickels

Breaches: Capital One Data Theft Impacts 106M People

“On July 29, FBI agents arrested Paige A. Thompson on suspicion of downloading nearly 30 GB of Capital One credit application data from a rented cloud data server. Capital One said the incident affected approximately 100 million people in the United States and six million in Canada.”

Krebs on Security

Vulns/Exploits: Project Zero’s Vulnerability Disclosure FAQ

“over the total lifetime of Project Zero, 95.8% of issues have been fixed under deadline.”

Google Project Zero

Industry Reports, News, and Miscellany

• Q3 2019 Email Fraud and Identity Deception Trends report (requires email registration)
  • https://www.agari.com/email-security-blog/2020-candidates-vulnerable-email-fraud/
• Development stops on PowerShell Empire framework after project reaches its goal
  • https://www.zdnet.com/article/development-stops-on-powershell-empire-framework-after-project-reaches-its-goal/
• Inside Malware Markets: Current Trends and Competitive Forces
  • https://www.recordedfuture.com/malware-market-trends/
• Financial threats in H1 2019
  • https://securelist.com/financial-threats-in-h1-2019/91899/
• APT trends report Q2 2019
  • https://securelist.com/apt-trends-report-q2-2019/91897/
• Exploit kits: summer 2019 review
  • https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/
• The Evolution of Cyber Attacks on Electric Operations
  • https://dragos.com/blog/industry-news/the-evolution-of-cyber-attacks-on-electric-operations/
• The Revival and Rise of Email Extortion Scams
  • https://www.symantec.com/blogs/threat-intelligence/email-extortion-scams
• CrowdStrike Mobile Threat Report Offers Trends and Recommendations for Securing Your Organization
  • https://www.crowdstrike.com/blog/mobile-threat-report-2019-trends-and-recommendations/
• Here’s what you need to know about business email compromise (BEC)
  • https://expel.io/blog/what-you-need-to-know-business-email-compromise/
• Cyber and Information Operations
  • https://pylos.co/2019/07/31/cyber-and-information-operations/
• ATT&CKing Threat Management: A Structured Methodology for Cyber Threat Analysis
  • https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39090
• Momentum and Inspiration – SANS DFIR Summit 2019
  • https://persistent4n6.com/2019/07/31/momentum-and-inspiration-sans-dfir-summit-2019/
• Getting Started with ATT&CK: Assessments and Engineering
  • https://medium.com/mitre-attack/getting-started-with-attack-assessment-cc0b01769cb4

Threat Research – Malware, Phishing, and other Campaigns in the Wild

• SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits
  • https://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kits
• LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
  • https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks
• Yemen-Based Disinformation Campaign Distributing Fake News in Israel and the Arab World
  • https://www.clearskysec.com/yemen-disinformation-campaign/
• A Deeper Look at the Phishing Campaigns Targeting Bellingcat Researchers Investigating Russia
  • https://www.riskiq.com/blog/labs/bellingcat-phishing/
• DEALPLY REVISITED: LEVERAGING REPUTATION SERVICES TO REMAIN UNDER THE RADAR
  • https://blog.ensilo.com/leveraging-reputation-services
• Android ransomware is back
  • https://www.welivesecurity.com/2019/07/29/android-ransomware-back/
• Zegost from Within – New Campaign Targeting Internal Interests
  • https://www.fortinet.com/blog/threat-research/zegost-campaign-targets-internal-interests.html
• Keeping a Hidden Identity: Mirai C&Cs in Tor Network
  • https://blog.trendmicro.com/trendlabs-security-intelligence/keeping-a-hidden-identity-mirai-ccs-in-tor-network/
• Cobalt Group Returns To Kazakhstan
  • https://research.checkpoint.com/cobalt-group-returns-to-kazakhstan/
• Malvertising: Online advertising’s darker side
  • https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html
• URSNIF INFECTION WITH PUSHDO
  • http://www.malware-traffic-analysis.net/2019/07/29/index.html
• Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques
  • https://www.bromium.com/dridex-threat-analysis-july-2019-variant/
• Clop Ransomware
  • https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/clop-ransomware/
• Frankenstein was a hack: the copy/paste cryptominer
  • https://redcanary.com/blog/frankenstein-was-a-hack-the-copy-paste-cryptominer/
• The Malicious Use of Pastebin
  • https://www.fortinet.com/blog/threat-research/malicious-use-of-pastebin.html
• Say hello to Lord Exploit Kit
  • https://blog.malwarebytes.com/threat-analysis/2019/08/say-hello-to-lord-exploit-kit/

Tools and Tips

• Ten Tips for Thriving at Infosec Cons
  • https://medium.com/katies-five-cents/ten-tips-for-thriving-at-infosec-cons-c168853b035
• Introducing Ghostwriter: 
  • https://posts.specterops.io/introducing-ghostwriter-part-1-61e7bd014aff
• AWS S3 Logjam: Server Access Logging vs. Object-Level Logging
  • https://www.netskope.com/blog/aws-s3-logjam-server-access-logging-vs-object-level-logging
• New Re2PCAP tool speeds up PCAP process for Snort rules
  • https://blog.talosintelligence.com/2019/07/new-re2pcap-tool-speeds-up-pcap-process.html
• The ultimate guide to VPN encryption, protocols, and ciphers
  • https://www.alienvault.com/blogs/security-essentials/the-ultimate-guide-to-vpn-encryption-protocols-and-ciphers
• Covenant: The Usability Update
  • https://posts.specterops.io/covenant-the-usability-update-9a7a596a4772
• Getting an Attacker IP Address from a Malicious Linux At Job
  • https://www.sandflysecurity.com/blog/getting-an-attacker-ip-address-from-a-malicious-linux-at-job/
• Lure – User Recon Automation for GoPhish
  • https://github.com/highmeh/lure
• MISP to Microsoft Graph Security Script
  • https://github.com/microsoftgraph/security-api-solutions/tree/master/Samples/MISP
• Extract Malware Configuration with MalConfScan
  • https://blogs.jpcert.or.jp/en/2019/08/malconfscan.html
• PhanTap (Phantom Tap )is an ‘invisible’ network tap aimed at red teams
  • https://github.com/nccgroup/phantap
• An Introduction To Code Analysis With Ghidra
  • https://threatvector.cylance.com/en_us/home/an-introduction-to-code-analysis-with-ghidra.html

Breaches, Government, and Law Enforcement 

• Cisco to pay $8.6 million for selling vulnerable software to US government
  • https://www.zdnet.com/article/cisco-to-pay-8-6-million-for-selling-vulnerable-software-to-us-government/
• Capital One Data Theft Impacts 106M People
  • https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/
• FTC warns Equifax claimants will get ‘nowhere near’ $125 cash payout
  • https://www.engadget.com/2019/08/01/ftc-equifax-claimants-choose-credit-monitoring/

Vulnerabilities and Exploits

• Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
  • https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-076/
• DHCP Client Remote Code Execution Vulnerability Demystified
  • https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/dhcp-client-remote-code-execution-vulnerability-demystified/
• New Dragonblood vulnerabilities found in WiFi WPA3 standard
  • https://www.zdnet.com/article/new-dragonblood-vulnerabilities-found-in-wifi-wpa3-standard/
• News and updates from the Project Zero team at Google: Vulnerability Disclosure FAQ
  • https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html