Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly reading. The summaries are provided with links for the reader to drill down into particular topics according to their own interests.
Industry Reports, News, and Miscellany
- THIS WEEK IN 4N6 – Week 24 2019
- How cognitive bias leads to reasoning errors in cybersecurity
- The Physical Security Intelligence Cycle
- Talos Threat Source newsletter (June 20, 2019)
- APT34 Tools Leak (background and context)
- Deviant Security: The Technical Computer Security Practices of Cyber Criminals
- Fun With Custom URI Schemes
- The Murky Value Proposition Of Cyber Threat Intelligence And How To Make It Shine
- Stranded on Pylos – Defend Forward
Tools, Tips, and How-To
- Five Things to ‘Know’ About Modern Executive Protection
- 4 Social Engineering Threats to Keep an Eye on — and How to Stop Them
- One Big Lesson From the Cyber Range to Help Solve Confirmation Bias
- A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers
- Left of Boom – Understanding Your Digital Footprint
- Lateral Movement: What It Is and How to Block It
- Hunting for Linux library injection with Osquery
- Detecting Persistence in Memory (video)
- Easily Report Phishing and Malware
- Getting Started with ATT&CK: Detection and Analytics
- OSINT-y Goodness, №14 — Directory of Open Access Journals
- Stealthy & Targeted Implant Loaders
- New releases: PEsieve and hollows_hunter – with some important bugfixes & more
- HostHunter v1.5 – A tool to efficiently discover and extract hostnames providing a large set of target IP addresses
- In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- · Dissecting NanoCore Crimeware Attack Chain
- Phishing Attacks on High Street Target Major Retailer
- Cryptomining Dropper and Cronjob Creator
- Felipe, a new infostealer Trojan
- Observations of ITG07 Cyber Operations
- Malware sidesteps Google permissions policy with new 2FA bypass technique
- Analysis of a New HawkEye Variant
- Plurox: Modular backdoor
- Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
- DanaBot Demands a Ransom Payment
- NEW PERVASIVE WORM EXPLOITING LINUX EXIM SERVER VULNERABILITY
- URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape
- Living-off-the-Land blog series – part 2
Breaches, Government, and Law Enforcement
- Data of 645k Oregonians exposed after nine DHS employees fell for a phishing attack
- NASA hacked by APT group: Cybersecurity Management and Oversight at the Jet Propulsion Laboratory
Vulnerabilities and Exploits
- OEM Software Puts Multiple Laptops At Risk
- Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control
- CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code
- Examining SymCrypt DoS Vulnerability
- CPR-Zero: The Check Point Research Vulnerability Repository
- What You Need To Know About TCP “SACK Panic”