Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests. Thank you to all of the contributors for this great content!
Industry Reports, News, and Miscellany
- An APT Blueprint: Gaining New Visibility into Financial Threats
- Scattered Canary BEC Threat Group Targets U.S. Enterprise Victims
- GandGrab RaaS service to shut down
- New Iranian Hacking Tool Leaked on Telegram by Lab Dookhtegan
- The Russian Shadow in Eastern Europe: A Month Later
- Security and Human Behavior (SHB) 2019
- Watch Compelling Keynotes and Sessions from the Fal.Con for Public Sector Conference
- Now Available: Bromium Threat Insights Report – June 2019 Edition
- Bromium: Into the Web of Profit: Behind the Dark Net Black Mirror
- Mimikatz and Windows RDP: An Attack Case Study
- Circle City Con 2019 Videos
- How Combat Sport Psychology and Strategy apply to the Red vs. Blue dynamic of Cyber Security Competitions
- Book Review: Cult of the Dead Cow
- Apple replaces bash with zsh as the default shell in macOS Catalina
- Semi-Automated Cyber Threat Intelligence
Tools and Tips
- Keep an Eye on Your WMI Logs
- Tap Into Your Valuable DNS Data
- APT34: Jason project
- Awesome Shell: A curated list of awesome command-line frameworks, toolkits, guides and gizmos
- Getting Started With Splunk: Basic Searching & Data Viz
- Importing “.evtx” files into HELK or Elastic
- Kerberos (II): How to attack Kerberos?
- KAPE 0.8.4.1 released! New cleanup mode, x86 executable support in modules, better documentation and other tweaks
- DFIRtriage – Windows-based Incident Response Tool
- SOF-ELK® (Security Operations and ELK) Virtual Machine Distribution
- A walkthrough on how to set up and use BloodHound
- Exploring Mimikatz – Part 2 – SSP
- The SANS GSE: What’s it like to take one of the hardest cybersecurity certifications in the industry — and pass!
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Hackers Abusing Microsoft Azure to Deploy Malware and C2 Servers Using Evasion Technique
- BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
- Zebrocy’s Multilanguage Malware Salad
- Monero-Mining Malware PCASTLE Zeroes Back In on China, Now Uses Multilayered Fileless Arrival Techniques
- Attackers Stitch Together Frankenstein Campaign Using Free Tools
- Magecart skimmers found on Amazon CloudFront CDN
- Analyzing AZORult Infostealer Malware
- Hunting COM Objects
- Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
- A Deep Dive into the Emotet Malware
- Platinum is back
- The Zombie Phish Is Back with a Vengeance
- GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers
- Ancient ICEFOG APT malware spotted again in new wave of attacks
- Threat Spotlight: Analyzing AZORult Infostealer Malware
- The Emotet Trojan: A Tale of Two Malware Samples
Vulnerabilities and Exploits
- PoC Code for DoS Exploit of CVE-2019-0708 (“BlueKeep”) now Public
- MITM Proxy: New Search Hijack Method on Mojave
- VMware Security Advisories
- SandboxEscaper releases ByeBear exploit to bypass patched EoP flaw
- KeySteal is a macOS <= 10.14.3 Keychain exploit that allows you to access passwords inside the Keychain without a user prompt.
Breaches, Government, and Law Enforcement
- U.S. to demand five years of social media, email account info in visa application
- LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach
- 11.9M Quest Diagnostics Patients Impacted by AMCA Data Breach
- Sens. Demand AMCA, Quest, LabCorp Explain Failure to Detect Breach
- The Spycraft Revolution