Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Cosmic Lynx: A Russian Threat Hits the BEC Scene
- COVID Key Developments: June 20 – July 2
- Before you join us at the DFIR Summit, read this
- Threat Hunting: What it Is, and What it Is Not
- Today is the Day I have Dreaded for the Last 5 Years
- Thai CERT: Threat Actor Cards Encyclopedia (PDF)
- The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel
Threat Research
- WastedLocker Goes “Big-Game Hunting” in 2020
- North Korean hackers are skimming US and European shoppers
- Deep Dive Into the M00nD3V Logger
- More evil: A deep look at Evilnum and its toolset
- Deep Analysis of a QBot Campaign – Part II
- New Joker variant hits Google Play with an old trick
- Excel spreadheet macro kicks off Formbook infection
- Purple Fox EK Adds Exploits for CVE-2020-0674 and CVE-2019-1458 to its Arsenal
- OSX.EvilQuest Uncovered (part two)
- TAU Threat Discovery: Conti Ransomware
- The Domain Generation Algorithm of BazarBackdoor
Tools and Tips
- Utilizing RPC Telemetry
- Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API (Part 1)
- Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API (Part 2)
- Detecting COR_PROFILER manipulation for persistence
- 6 things to do before you bring in a red team
- Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
- Digital forensics specialist’s bookshelf
- Incident Response in the Cloud
- Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing
- New YouTube Video – How To Analyse a Malicious Word Document:
- Upload and download small files with CertReq.exe
- Restricting SMB-based lateral movement in a Windows environment
- DFIR Without Certs – What Books Can Help You
Breaches, Government, and Law Enforcement
- Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches
- EDP energy giant confirms Ragnar Locker ransomware attack
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Juniper Products Could Allow for Remote Code Execution
- New Snort rule addresses critical vulnerability in F5 BIG-IP
- Active Exploit Attempts Targeting Recent Citrix ADC Vulnerabilities CTX276688
- Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
- US-CERT Bulletin (SB20-188): Vulnerability Summary for the Week of June 29, 2020
- Zoom Zero-Day Allows RCE, Patch on the Way
- RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence