A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- The CrowdStrike 2020 Global Threat Report Reveals Troubling Advances in Cybercrime
- Top 10 Malware January 2020
- Attackers Expand Coronavirus-Themed Attacks and Prey on Conspiracy Theories
- Coronavirus warning spreads computer virus
- Attackers Taking Advantage of the Coronavirus/COVID-19 Media Frenz
- The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China’s Critical Industries for 11 Years
- State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends
- APT34 (aka Helix Kitten, aka OilRig) Launches New Campaign Against Lebanese Government
- Let’s Encrypt Revoking 3 Million Certificates
- APWG Year-End Report: 2019 A Roller Coaster Ride for Phishing
- Ransomware Threatens to Reveal Company’s ‘Dirty’ Secrets
Threat Research
- The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs
- Ryuk Revisited – Analysis of Recent Ryuk Attack
- Guildma: The Devil drives electric
- ELF_TSCookie – Linux Malware Used by BlackTech
- Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
- Bisonal: 10 years of play
- GuLoader: A Popular New VB6 Downloader that Abuses Cloud Services
- Remco’s RAT, AMSI killing in the wild and defender evasion.
- Emotet Wi-Fi Spreader Upgraded
- Monster Lurking in Hidden Excel Worksheet
- Breaking TA505’s Crypter with an SMT Solver
Tools and Tips
- Engineering Process Injection Detections – Part 1: Research
- Leaky Groups: Accidental Exposure in Google Groups
- Intel Insight: How to Disable Macros
- Offense and Defense – A Tale of Two Sides: PowerShell
- U.S. Department of Justice Shares Best Practices for Gathering Threat Intelligence
- Gamification of Incident Response in the Cyber Range (Podcast)
- Code INtegrity in the Kernel: A Look into ci.dll
- Wireshark 3.2.2 Released: Windows’ Users Pay Attention Please
- Chain Reactor: Simulate Adversary Behaviors on Linux
- Unlocking Heaven’s Gate on Linux
- Accelerate Reverse Engineering with Intezer’s IDA Pro Plugin
- Extracting Embedded Payloads From Malware
- Statically Reverse Engineering Shellcode: Emulation
- The Cyber Intelligence Analyst Cookbook Volume 1 2020.pdf
- ELASTIC FOR SECURITY ANALYSTS. PART 1: SEARCHING STRINGS.
- Course Repository for University of Cincinnati Malware Analysis Class (CS7038)
Breaches, Government, and Law Enforcement
- Joint Statement From DOS, DOJ, DOD, DHS, ODNI, FBI, NSA, and CISA on Preparations for Super Tuesday
- Super Tuesday voting so far free of cyber meddling, U.S. officials say
- Former DHS official charged with theft of confidential government software, databases
- Ryuk ransomware hits Fortune 500 company EMCOR
- Two Chinese Nationals Charged with Laundering Over $100 Million in Cryptocurrency From Exchange Hack
- T-Mobile reveals data breach, customer account info accessed
- French Firms Rocked by Kasbah Hacker?
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player Could Allow for Arbitrary Code Execution
- Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution
- Zoho zero-day published on Twitter
- Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!
- Critical Netgear Bug Impacts Flagship Nighthawk Router
- US-CERT: Bulletin (SB20-062) – Vulnerability Summary for the Week of February 24, 2020
- Intel x86 Root of Trust: loss of trust
- Positive Technologies: Unfixable vulnerability in Intel chipsets threatens users and content rightsholders
- MediaTek Bug Actively Exploited, Affects Millions of Android Devices