Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Proofpoint: How Threat Actors Hijack Attention: The 2022 Social Engineering Report
- Securelist: The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
- Malwarebytes: Ransomware review: June 2022
- PhishLabs: Dark Web Disruptions in Q1 Trigger Shift in Illicit Exchanges
- CISA: #StopRansomware: MedusaLocker
- VMware: Lateral Movement in the Real World: A Quantitative Analysis
- Trend Micro: Conti vs. LockBit: A Comparative Analysis of Ransomware Groups
- SANS: SANS 2022 Security Awareness Report
- Team Cymru: The Sliding Scale of Threat Actor Sophistication When Reacting to 0-day Vulnerabilities
- Sophos: Active Adversary Playbook 2022 Insights: Web Shells
- Cloud Security Alliance: Measuring Risk and Risk Governance
- EFF: What Companies Can Do Now to Protect Digital Rights In A Post-Roe World
- Humanitec: Whitepaper: 2021 DevOps Setups: Benchmarking Study
Threat Research
- CrowdStrike: Novel Exploit in Mitel VOIP Appliance
- Zscaler: Return of the Evilnum APT with updated TTPs and new targets
- Fortinet: Ukraine Targeted by Dark Crystal RAT (DCRat)
- Securelist: The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact
- Sekoia: Raccoon Stealer v2 – Part 1: The return of the dead
- Symantec: Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
- Check Point: Chinese actor takes aim, armed with Nim Language and Bizarro AES
- Cisco Talos: Avos ransomware group expands with new attack arsenal
- Cybereason: Cybereason vs. Black Basta Ransomware
- SANS ISC: Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
- McAfee: Rise of LNK (Shortcut files) Malware
- Blackberry: Threat Thursday: China-Based APT Plays Auto-Updater Card to Deliver WinDealer Malware
- Inquest: GlowSand
- BushidoToken: Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022
- Reversing Labs: Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs
- Bitdefender: RIG Exploit Kit Swaps Dead Raccoon with Dridex
- Group-IB: Fat Cats Analysis of the BlackCat/ALPHV ransomware affiliate program
- Lumen: ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks
Tools and Tips
- SpecterOps: Relaying NTLM Authentication from SCCM Clients
- CIS: How to Build Cybersecurity Compliance with Free CIS Resources
- Securelist: ‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace
- Cisco Talos: De-anonymizing ransomware domains on the dark web
- SANS ISC: It’s New Phone Day! Time to migrate your MFA!
- Secureworks: Protecting Against BEC (Business Email Compromise) Attacks
- Mandiant: Burrowing your way into VPNs, Proxies, and Tunnels
- SANS: Month of PowerShell – Embracing the Pipeline
- Microsoft: Using process creation properties to catch evasion techniques
- Atomic Matryoshka: From the User Perspective – Emotet Phish
- FalconForce: Microsoft Defender for Endpoint Internals 0x02 — Audit Settings and Telemetry
- CTFd: Malware Analysis CTF
- Casa-de-caplan: Write Up for the Malware Analysis CTF created by @Bowflexin91 & @HBRH_314
- Kostas: Threat Hunting Series: What Makes a Good Threat Hunter
- Mubix: Blocking ISO mounting
- Purp1eW0lf: Blue Team Notes: A collection of one-liners, small scripts, and some useful tips for blue team work.
- Kroll: Anti-Forensic Techniques – Timestomping with NewFileTime
- lkarlslund: Adalanche: Active Directory ACL Visualizer and Explorer – who’s really Domain Admin?
- edoardottt: Awesome Hacker Search Engines: useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more
- Magnet Forensics: How to Conquer Memory Analysis for Incident Response, Threat Hunting and Compromise Assessment
- The Center for Threat Informed Defense: Google Cloud Platform Capabilities Mapped to MITRE ATT&CK®
- Trimarc: Webcast: Top 10 Ways to Improve Active Directory Security Quickly
- Stark 4N6: Magnet User Summit 2022 CTF – Linux
- Navdeep: Extracting userform field values from VBA maldocs
Breaches, Government, and Law Enforcement
- Recorded Future: War in Ukraine: Implications for the Black Sea
- FBI: Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions
- Digital Shadows: NATO Leaders are Meeting at the Madrid Summit 2022: What is going to happen?
- Intel471: The 7 common traits among highly-successful cybercriminals: Part II
- The Record: DOJ sets new goals for responding to ransomware attacks
- Data Breach Today: US DOJ Targets Baller Ape Rug Pull and Other Crypto Fraud
- Data Breach Today: Ukrainian Cops Arrest Phishing Gang That Stole $3.4 Million
- Krebs: Meet the Administrators of the RSOCKS Proxy Botnet
- US DOJ: Justice Department Sues to Block Booz Allen Hamilton’s Proposed Acquisition of EverWatch
- Reuters: How mercenary hackers sway litigation battles
- HackerOne: June 2022 Incident Report
Vulnerabilities and Exploits
- CISA: Vulnerability Summary for the Week of June 20, 2022
- Secureworks: Security Vulnerability Remediation: To Patch or Not to Patch?
- PAN Unit42: FabricScape: Escaping Service Fabric and Taking Over the Cluster
- Sucuri: Vulnerability & Patch Roundup — June 2022
- Google: Project Zero: The curious tale of a fake Carrier.app