A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Remote Work Increasing Exponentially Due to COVID-19
- Investigate | COVID-19 Cybercrime Daily Update
- Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide
- SANS Security Awareness Work-from-Home Deployment Kit
- Coronavirus Threat Landscape Update
- Worms shape the narrative in Red Canary’s 2020 Threat Detection Report
- US-CERT Alert (AA20-073A): Enterprise VPN Security
- They Come in the Night: Ransomware Deployment Trends
- Threat Intel Update | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
- Awesome-video-chat-backgrounds
- How Microsoft Dismantled the Infamous Necurs Botnet
Threat Research
- Stantinko’s new cryptominer features unique obfuscation techniques
- EnigmaSpark: Politically Themed Cyber Activity Highlights Regional Opposition to Middle East Peace Plan
- APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT
- The Inside Scoop on a Six-Figure Nigerian Fraud Campaign
- New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign
- Getting Sneakier: Hidden Sheets, Data Connections, and XLM Macros
- Breakout Time: Trickbot edition (Gtags QWE, lib693, tt0002)
- Weaponized Coronavirus Maps Distribute Malware
- CrazyCoin, the master of double mining, double white utilization, and resource utilization
- Parallax: The New RAT on the Block
- Dark Matter: Uncovering the DarkComet RAT Ecosystem (PDF)
- Vicious Panda: The COVID Campaign
- 3/20/2020 – Hancitor Infection w/Coronavirus Themed Malspam
- New version of chinoxy backdoor using COVID19 alerts document lure
Tools and Tips
- Raising Your Own APT: Purple Team Exercises to Drive Security Program Maturity
- Hunting APTs with YARA
- Security tips for working from home (WFH)
- Logging Made Easy (LME)
- How to Discover Artifacts in UFED Physical Analyzer – Part 2
- The Complete Guide to Online Brand Protection
- Wireless Penetration Tips
- Overview of Free Online Malware Analysis Sandboxes
- Trickbot Decoder Updated
- Splunk BOTS — Setup
- Real-time file monitoring on Windows with osquery
- Boss of the SOC v3 Dataset Released!
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
- Kerberoasting: AES Encryption, Protected User Group and Group MSA
Breaches, Government, and Law Enforcement
- Security Breach Disrupts Fintech Firm Finastra
- Attorney General William P. Barr Urges American Public to Report COVID-19 Fraud
- Hayward Resident Sentenced to Four Years for Acting as an Agent of the People’s Republic of China
- FBI Warning: Phishing Emails Push Fake Govt Stimulus Checks
- Durham city, county governments hit by malware attack
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code
- Two Trend Micro zero-days exploited in the wild by hackers
- Microsoft patches SMBv3 wormable bug that leaked earlier this week
- CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server
- Apache Tomcat Vulnerability “Ghostcat” Attracting Threat Actor Attention
- US-CERT Bulletin (SB20-076): Vulnerability Summary for the Week of March 9, 2020
- SMBGhost (CVE-2020-0796): a Critical SMBv3 RCE Vulnerability
- Sniffing Authentication References on macOS