Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Agari: BEC Cash-out Methods: Email Fraudsters Experimenting With Alternative Approaches
- IBM: IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain
- Kaspersky: The chronicles of Emotet
- Kaspersky: APT annual review: What the world’s threat actors got up to in 2020
- Malwarebytes: Enduring from home: COVID-19’s impact on business security
- ZDNet: FBI warns of email forwarding rules being abused in recent hacks
- Aspen Institute: A National Cybersecurity Agenda for Resilient Digital Infrastructure
- The Wall Street Journal: North Korean Hackers Are Said to Have Targeted Companies Working on Covid-19 Vaccines
- SANS: SANS Virtual Summits FREE in 2021
- PhishLabs: APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS
Threat Research
- Eclypsium: TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit
- Sucui: Obfuscation Techniques in MARIJUANA Shell “Bypass”
- RiskIQ: ‘Shadow Academy’ Targets 20 Universities Worldwide
- Recorded Future: Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot
- eset: Turla Crutch: Keeping the “back door” open
- Kaspersky: What did DeathStalker hide between two ferns?
- Cisco Talos: Xanthe – Docker aware miner
- GData: IceRat evades antivirus by running PHP on Java VM
- Sentinel Labs: APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique
- zscaler: Among Us Imposter on Google Play
Tools and Tips
- CISA: Commonly Exploited Protocols: Remote Desktop Protocol (RDP)
- SANS ISC: Traffic Analysis Quiz: Mr Natural
- Red canary: How to detect Yellow Cockatoo remote access trojan
- Expel: Evilginx-ing into the cloud: How we detected a red team attack in AWS
- FirreEye: Using Speakeasy Emulation Framework Programmatically to Unpack Malware
- Falcon Force: FalconFriday — RPC service creation & SharpRDP — 0xFF08
- F-Secure: sysdiag-who?
- pat_h/to/file: Hunting Koadic Pt. 2 – JARM Fingerprinting
- redhead0ntherun: Utilizing Conditional Logic to Differentiate between High Fidelity Alarms & Low Fidelity Alerts
- BrownInfoSecGuy: Active Directory Lab Setup Tool
- Microsoft: Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
- 0xf0x: #10 Stack Memory (Practical Malware Analysis)
- Kryptos Logic: Automated string de-gobfuscation
- DFIR Madness: Case 001 AutoRuns Analysis
- BlackFr0g: [Reverse Engineering Tips] — Setup Kernel Debugging on Windows 10
- Humble Bundle: Hacking 101 by No Starch Press
Breaches, Government, and Law Enforcement
- Johns Hopkins: New Cyber Defense Feed Protects Government Systems in Live Trial Across Four States
- ZDNet: Ransomware attack cripples Vancouver public transportation agency
- Krebs: IRS to Make ID Protection PIN Open to All
- US DOJ: U.S. Law Enforcement Takes Action Against Approximately 2,300 Money Mules In Global Crackdown On Money Laundering
Vulnerabilities and Exploits
- Project Zero: An iOS zero-click radio proximity exploit odyssey
- Fortinet: Leaking Browser URL/Protocol Handlers
- Cisco Talos: Vulnerability Spotlight: Multiple vulnerabilities in WebKit
- CISA: Vulnerability Summary for the Week of November 23, 2020 | CISA
- CyberArk: A Modern Exploration of Windows Memory Corruption Exploits – Part I: Stack Overflows
2 comments / Add your comment below