Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- 28% of Data Breaches in 2020 Involved Small Businesses
- Business Email Compromise (BEC): W2 Scams Make an Unexpected Comeback in 2020
- Updates about government-backed hacking and disinformation
- NSA Advisory: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors
- Spam and phishing in Q1 2020
- Maze: the ransomware that introduced an extra twist
- Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App
- Russian Cyber Attack Campaigns and Actors
- CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems
- Everything You Need to Know About Websites Port Scanning You
- America rethinks its strategy in the Wild West of cyberspace
- The Future Of Work Now: Cyber Threat Attribution At FireEye
- The (Cyber Threat) Intelligence cycle
- Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks
Threat Research
- The Octopus Scanner Malware: Attacking the open source supply chain
- ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass
- From Agent.BTZ to ComRAT v4: A ten‑year journey
- The zero-day exploits of Operation WizardOpium
- Weaponized Disk Image Files: Analysis, Trends and Remediation
- VALAK: More than Meets the Eye
- Aghast at Aggah: Teasing Security Controls with Advanced Evasion Techniques
- Himera and AbSent-Loader Leverage Covid19 Themes
- IcedID: When ice burns through bank accounts
- Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
- Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module
- Examining Smokeloader’s Anti Hooking technique
- Netwalker ransomware tools give insight into threat actor
Tools and Tips
- Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta
- Zloader Maldoc Analysis With xlm-deobfuscator
- Obfuscation, reflective injection and domain fronting; oh my!
- Dumping COVID-19.jar with Java Instrumentation
- Introducing Libcloudforensics
- secureCodeBox is a docker based, modularized toolchain for continuous security scans of your software project
- Automated malware unpacking with binary emulation
- One ring (zero) to rule them all.
- Didier Stevens AdHoc Scripts GitHub Repository
- ZLOADER String Obfuscation
- gophish – Open-Source Phishing Toolkit
- THREAD for beginning malware/SOC analysts
- BLUESPAWN – An Active Defense and EDR software to empower Blue Teams
- DFIR Python Study Group
- How I Scrape and Analyse Twitter Networks: A Bolivian Info Op Case Study
- MINDSHARE: HOW TO “JUST EMULATE IT WITH QEMU”
- Verifying Windows binaries, without Windows
- Graphing MITRE ATT&CK via Bloodhound
- Extracting credentials from a remote Windows system – Living off the Land
- Building a Secure Home Network – Part 1
- MalwareMustDie shared codes repository
- Cado Live Imager is an all in one solution to forensically image local system drives into the cloud
- Automate Octopus C2 RedTeam Infrastructure Deployment
- Finding the real IP address of a website behind Cloud Flare: Gathering Information
Breaches, Government, and Law Enforcement
- Judge rules Capital One must hand over Mandiant’s forensic data breach report
- EasyJet faces £18 billion class-action lawsuit over data breach
- Bringing VandaTheGod down to Earth: Exposing the person behind a 7-year hacktivism campaign
- Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
- 26 million LiveJournal accounts being shared on hacker forums
- NTT Communications Data Breach Affects Customers, Threatens Supply Chain
- US will try Joshua Schulte again for allegedly leaking CIA hacking tools
- Japan suspects missile data leak in Mitsubishi cyberattack
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
- SaltStack FrameWork Vulnerabilities Affecting Cisco Products
- US-CERT Bulletin (SB20-146): Vulnerability Summary for the Week of May 18, 2020
- VMware Releases Security Updates for Multiple Products