Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests. Thank you to all of the contributors for this great content!
Industry Reports and Miscellany
- Targeted Ransomware Has Changed the Face of Incident Response
- IT threat evolution Q1 2019
- APWG: Phishing Activity Trends Report Q1 2019
- Fortinet: Quarterly Threat Landscape Report
- RSA Quarterly Fraud Report
- Cyber Intelligence Tradecraft Report: The State of Cyber Intelligence Practices in the United States
- Corporate Surveillance in Everyday Life
Tools and Tips
- oletools new release 0.54.2: fixes several bugs, especially for Excel 4 XLM macros and encrypted documents
- Amazon: AWS Security Incident Response Guide
- The art of writing (for IT Sec)
- Several new updates to @olafhartong’s: A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
- Introducing Pollen — a command-line tool for TheHive
- Universal Reddit scraper using the Reddit API
- Understanding Windows OS Architecture – Theory
- DefCon 2018 CTF File Server Take-Aways
- LogViewer for viewing and searching large text files…(updated)
- Automation for everyone with TheHive and WALKOFF
- Writing Infosec Conference Proposals: A Step-by-Step Guide
- WebDAV, NTLM & Responder
- Detect Tactics, Techniques & Combat Threats
- HOW TO CREATE A MALWARE DETECTION SYSTEM WITH MACHINE LEARNING
- A collection of awesome security hardening guides, best practices, tools and other resources.
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- A Closer Look at Satan Ransomware’s Propagation Techniques
- Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
- GOZNYM BANKING MALWARE: GANG BUSTED, BUT IS THAT THE END?
- HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider
- Hack for Hire: Exploring the Emerging Market for Account Hijacking
- Assessing risk in Office documents – Part 2: Hide my code or download it?
- Trickbot Watch: Arrival via Redirection URL in Spam
- Sorpresa! JasperLoader targets Italy with a new bag of tricks
- Shade Ransomware Hits High-Tech, Wholesale, Education Sectors in U.S, Japan, India, Thailand, Canada
- Playing Cat and Mouse: Three Techniques Abused to Avoid Detection
- A journey to Zebrocy land
- Uncovering New Activity by APT10
- Malware Code Signing on the Rise
- Emotet White Paper: The Complete story of EMOTET Most prominent Malware of 2018
Vulnerabilities and Exploits
- RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708
- An Update on the Microsoft Windows RDP “Bluekeep” Vulnerability (CVE-2019-0708) [now with pcaps]
- An Update on the Microsoft Windows RDP “Bluekeep” Vulnerability (CVE-2019-0708) [now with pcaps]
- SandboxEscaper Drops Several More Windows Exploits, IE Zero-Day
- CVE-2019-11815: A Cautionary Tale About CVSS Scores
- A deeper look at Equation Editor CVE-2017-11882 with encoded Shellcode
Breaches, Government, and Law Enforcement
- Joomla! server compromise Security Incident Report
- Equifax rating outlook decimated over cybersecurity breach
- China Released Core National Standards, Updating Mandatory Cybersecurity Requirements