Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests. Thank you to all of the contributors for this great content!
Industry Reports, News, and Miscellany
Whether to Pay Ransomware Demands is Foremost a Business Decision
CrowdStrike Becomes a Publicly Traded Company
SQL Injection Attacks: So Old, but Still So Relevant. Here’s Why (Charts)
The Fight Against Cybercrime and BEC
Project Svalbard: The Future of Have I Been Pwned
Business Email Compromise: A Case Study
China’s Great Cannon
Tools and Tips
A few Ghidra tips for IDA users, part 4 – function call graphs
- https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/
5 Tips for Improving Employee Security Awareness
How to Automate Phishing Investigations and Remediation
Awesome Incident Response: A curated list of tools for incident response
O365: Hidden InboxRules
Ransomware identification for the judicious analyst
- https://www.gdatasoftware.com/blog/2019/06/31666-ransomware-identification-for-the-judicious-analyst
Sysmon 10.0 – New features and changes
HOWTO: Disable account enumeration in Azure Active Directory
Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro (video)
New Tool: amsiscan.py
Demystifying Code Injection Techniques: Part 1 – Shellcode Injection
IDA: What’s new in 7.3
Introducing SEPparser — to parse Symantec’s Endpoint Protection logs into a human readable form
Digital Forensics and Incident Response Cheat Sheet
The Social Engineering Framework
Visualizing BloodHound Data with PowerBI — Part 2
Threat Research – Malware, Phishing, and other Campaigns in the Wild
Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns
New Pervasive Worm Exploiting Linux Exim Server Vulnerability
Hunting COM Objects (Part Two)
Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas
Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP
Observations of ITG07 Cyber Operations
Houdini Worm Transformed in New Phishing Attack
Malware Misuses Common Operating System Commands to Perform Targeted Attacks
Threat Spotlight: MenuPass/QuasarRAT Backdoor
New Spam Campaign, Possibly Necurs-based via DNS TXT Records
- https://www.bleepingcomputer.com/news/security/new-spam-campaign-controlled-by-attackers-via-dns-txt-records/
- https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
Vulnerabilities and Exploits
MSFT June 2019 Patch Tuesday
Intel Releases Security Updates, Mitigations for Multiple Products
Sandbox Escaper Publishes Additional CVE-2019-0841 Bypass
Drop the MIC – CVE-2019-1040
“BlueKeep” Vulnerability (CVE-2019-0708) within Cloud/Datacenter Machines: How to Safeguard Yourself?
The Week in Ransomware – June 14th 2019 – pyLocky and GandCrab Cleans Up
Breaches, Government, and Law Enforcement
IoT Cybersecurity Improvement Act: An Important Step Forward
Telegram CEO Fingers China State Actors for DDoS Attack