Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!

Industry Reports, News, and Miscellany

• netskop: Threat Labs Report – November 2020
• ZDNet: The best gifts for hackers
• SANS: SANS Virtual Summits FREE in 2021
• CISA: Online Holiday Shopping Scams

Threat Research 

• Checkpoint: Bandook: Signed & Delivered
• Cybereason: Cybereason vs. Egregor Ransomware
• proofpoint: TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader
• Intezer: Stantinko’s Proxy After Your Apache Server
• Fireeye: Election Cyber Threats in the Asia-Pacific Region
• Digital Shadows: Egregor: The New Ransomware Variant to Watch
• Sentinel Labs: Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
• Bitdefender: TrickBot is Dead. Long Live TrickBot! – Bitdefender Labs
• Positive Technologies: Investigation with a twist: an accidental APT attack and averted data destruction
• The DFIR Report: PYSA/Mespinoza Ransomware
• Trend Micro: New MacOS Backdoor Connected to OceanLotus Surfaces
• Ryan Corneateanu: Genetic Analysis of CryptoWall Ransomware
• malware.love: Having fun with a Ursnif VBS dropper – First world cyber problems
• S2W LAB: Analysis of Clop Ransomware suspiciously related to the Recent Incident

Tools and Tips

• Kaspersky: Lookalike domains and how to outfox them
• SANS ISC: Threat Hunting with JARM
• Inquest: SOC-Class: Use Case Development
• Compass Security: The “Volatility Triage App” for Splunk
• Carbon Black: 3 Ways to Hunt for the ZeroLogon Vulnerability on Your Windows Servers
• Palo unit42: IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance
• MDSec: A Fresh Outlook on Mail Based Persistence
• SANS ISC: Quick Tip: cobalt Strike Beacon Analysis
• BlackFr0g: [Reverse Engineering Tips] — Debugging Shellcode
• decalage2: A DLL to run some oletools functions from any language
• bs: Implementing Syscalls In The Cobaltstrike Artifact Kit

Breaches, Government, and Law Enforcement 

• FCC: Federal Communications Commission DA 20-1399–ZTE remains on threat list 
• Interpol: Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group
• Krebs: GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
• Malwarebytes: IoT cybersecurity bill passed by Senate
• Bleeping Computer: The Week in Ransomware – November 27th 2020 – Attacks continue

Vulnerabilities and Exploits

• CISA: Vulnerability Summary for the Week of November 16, 2020
• Drupal: Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2020-013
• Zecops: Crash Analysis Series: An exploitable bug on Microsoft Teams ?! A Tale of One Bit
• CISA: Fortinet FortiOS System File Leak