Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. The summaries are provided with links for the reader to drill down into particular topics according to their own interests.
Industry Reports, News, and Miscellany
- Palo Alto Networks acquires cybersecurity startup Twistlock
- Menlo Security Secures $75 Million Funding Round to Deliver Zero Trust Internet
- Should governments pay extortion payments after a ransomware attack?
- Canonical GitHub account hacked, Ubuntu source code safe
- Train maker’s coder goes loco, choo-choo-chooses to flee to China with top-secret code – allegedly
- Threat Actors are Increasing Their Use of Free Hosts
- The Future of Adversaries is Software Development
- Endpoint Hunting in an AntiEDR World
- End Users as the Strongest Link
- Ransomware Recovery Firms Who Secretly Pay Hackers
- Who’s Behind the GandCrab Ransomware?
- From exploits to honeypots: How the security community is preparing for BlueKeep’s moment of truth
- Most SMB devices run Windows versions that are expired or will expire by January 2020
- July 9: Microsoft Forces Update to Changes to Ticket-Granting Ticket (TGT) Delegation Across Trusts in Windows Server (PFE edition)
- What’s Next? Infosec Careers, Cognitive Dissonance, and Tours of Duty
Tools and Tips
- A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence
- Cyber Hygiene Guidance for Windows 10
- A peek into malware analysis tools
- Flirting With IDA and APT28
- Security Showcase: Open source projects to help build and operate more secure systems, along with tools for security monitoring and incident response.
- Logging made easy (LME): How to set up your own basic security logging system
- My-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
- NetKatz, Mimikatz to Hex and Defender groans but shrugs
- DeTT&CT is now available as a Docker Image and Dockerfile
- Seven ways to spot a business email compromise in Office 365
- Introduction to Networking | Network Basics for Beginners – OSI Model (YouTube video by Vinsloev Academy)
- Machine Learning Explained in 12 minutes
- Bypassing Beaconing Detection with Metasploit
- Organizing your OSINT Investigation Tools
- Learn regex the easy way
- Instagram OSINT Tool
- Deploying Security Onion for Monitoring HIDS (AmherstSec July 2019)
- Regipy — An OS Independent Python Library for Parsing Offline Registry Hives
- A gentle introduction to Linux Kernel fuzzing
- Hiding in the shadows at Members attribute
- EVERYTHING YOU NEED TO KNOW TO GET STARTED IN CYBERSECURITY
- Swimlane research team open sources pyattack
- Beyond good ol’ Run key, Part 108
- Notes for Beginner Network Pentesting Course
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0
- Spotting RATs: Tales from a Criminal Attack
- UK Banking Phish Targets 2-Factor Information
- Double Duty: Dridex Banking Malware Delivered with RMS RAT
- ‘Til Death Do Us Part… Romance Scams and the BEC Game
- Buhtrap group uses zero‑day in latest espionage campaigns
- Magento Killer
- Spray and Pray: Magecart Campaign Breaches Websites En Masse Via Misconfigured Amazon S3 Buckets
- Taking Over the Overlay: Reconstructing a Brazilian Remote Access Trojan (RAT)
- Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
- A Deep Dive Into IcedID Malware: Part I – Unpacking, Hooking and Process Injection
- New FinSpy iOS and Android implants revealed ITW
- Powload Loads Up on Evasion Techniques
- The 2019 Resurgence of Smokeloader
- Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
- Russian Dolls Malicious Script Delivering Ursnif
- Threat Actor Profile: TA544 targets geographies from Italy to Japan with a range of malware
- Targeted TrickBot activity drops ‘PowerBrace’ backdoor
- Threat actors using HEX encoded links to bypass phishing defenses
- Hijack My, Hijack My, Hijack My DLL
- Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack
- How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
- Strange Bits: Skull and Crossbones, Bloated Malware, and All-In-One Solution for Ransomware
- A New Ransomware Is Targeting Network Attached Storage (NAS) Devices
- TrickBooster – TrickBot’s Email-Based Infection Module
Vulnerabilities and Exploits
- A Zoom Flaw Gives Hackers Eas Access to your Webcam
- Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
- Response to Video-On Concern
- July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including 2 Exploited Vulnerabilities
- Microsoft Patch Tuesday – July 2019
- VMWare Security Advisory on DoS Vulnerability in ESXi
- Bulletin (SB19-189): Vulnerability Summary for the Week of July 1, 2019
Breaches, Government, and Law Enforcement
- Bitpoint cryptocurrency exchange hacked for $32 million
- US mayors group adopts resolution not to pay any more ransoms to hackers
- Huawei Technologies’ Links to Chinese State Security Services
- Statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
- After ‘significant’ malware attack, U.S. Coast Guard issues maritime security advisory
- Premera Blue Cross to Pay $10 Million for Leaked Health Records