Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly reading. The summaries are provided with links for the reader to drill down into particular topics according to their own interests.
Industry Reports, News, and Miscellany
- The Unique Challenges and Risks Posed by Insiders
- Escalating Cyber Tensions Risk Human Life
- CrowdStrike EMEA’s John Titmus Offers Insights on Protecting Against Today’s Biggest Threat Actors
- RDP Security Explained
- Caught in the Web of Shells?
- Me(n)tal Health in DFIR – It’s Kind of a Big Deal
- UNC Path Injection with Microsoft Access
- How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today
- “A thread on how BGP holds the internet together using sticky tape”
- Dial cURL for Content
- Empathizing with Threat Actors
- Notes on the OSI Model
- Google Public DNS over HTTPS (DoH) supports RFC 8484 standard
Tools and Tips
- How to Build a Cybersecurity Career [ 2019 Update ]
- Getting started in Cyber Security [Video by Colin Hardy]
- The Windows 10 security guide: How to safeguard your business
- Suricata IDS: an overview of threading capabilities
- Thumbs Up: Using Machine Learning to Improve IDA’s Analysis
- Verifying Running Processes against VirusTotal – Domain-Wide
- Tracking driver inventory to unearth rootkits
- Updates to Cheetsheets: Digital Forensics and Incident Response
- Free Course: Learn to install and Configure Splunk
- Awesome YARA: A curated list of awesome YARA rules, tools, and resources
- The Recon-ng Framework: providing a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly
- MISP dashboard v1.2 has been released
- sysmon-cheatsheet: All sysmon event types and their fields explained
- Strelka is a real-time, container-based file scanning system used for threat hunting, threat detection, and incident response
- Introducing Elastic SIEM
- How to get started with Threat Modeling, before you get hacked
- OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
- The “Return of the WiZard” Vulnerability: Crooks Start Hitting
- LokiBot & NanoCore being distributed via ISO disk image files
- Under the Radar – Phishing Using QR Codes to Evade URL Analysis
- New Dridex Variant Evading Traditional Antivirus
- Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations
- GandCrab Threat Actors Retire…Maybe
- Undocumented Excel Variable Used in Malicious Spam Run Targeting Japanese Users
- Riltok mobile Trojan: A banker with global reach
- Fake jquery campaign leads to malvertising and ad fraud schemes
- ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
- Welcome Spelevo: New exploit kit full of old tricks
- Malicious SYLK Files with MS Excel 4.0 Macros
- Turla Group Hacks APT34 (OilRig) Infrastructure and Puts Malware on Exchange Server and YARA Rule
- IcedID aka #Bokbot Analysis with Ghidra
- Executable and Linkable Format 101 Part 4: Dynamic Linking
Vulnerabilities and Exploits
- A Vulnerability in Oracle WebLogic Could Allow for Remote Code Execution
- Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic
- Weaponizing vulnerable driver for privilege escalation— Gigabyte Edition!
- Analyzing CVE-2018-8453: An Interesting Tale of UAF and Double Free in Windows Kernel
Breaches, Government, and Law Enforcement
- Germany and the Netherlands to build the first ever joint military internet
- 2nd Florida city in just a week to pay hackers big ransom for seized computer systems
- CISA Statement on Iranian Cybersecurity Threats
- The US 2020 Elections: weaponizing social media to conduct disinformation and influence campaigns
- Pentagon secretly struck back against Iranian cyberspies targeting U.S. ships
- The Legal Context for CYBERCOM’s Reported Operations Against Iran