— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Proofpoint Q3 2019 Threat Report — Emotet’s return, RATs reign supreme, and more
- Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks
- What Fraud Teams Need to Know About Joker’s Stash
- VB2019 paper: DNS on fire
- DarkUniverse – the mysterious APT framework #27
- Titanium: the Platinum group strikes again
- Debriefing ATT&CKcon 2.0: Five great talks at MITRE’s ATT&CK conference
- Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks
- First full version of the Cyber Security Body of Knowledge published
- FireEye Cyber Trendscape Report – Key Insights for 2020 Planning (registration required)
- Week in OSINT #2019–44
- How to Make Better Infosec Presentation Slides
- The Conflicting Duties of IT Vendors in an Age of Cyber Conflict
- What’s the Difference Between a URI and a URL?
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- German Dridex spam campaign is unfashionably large
- Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
- New Exploit Kit Capesand Reuses Old and New Public Exploits and Tools, Blockchain Ruse
- Inside the Hacking Community Market – Reselling RIG EK Services
- How adversaries use politics for compromise
- Spanish MSSP Targeted by BitPaymer Ransomware
- Double Loaded Zip File Delivers Nanocore
Tools and Tips
- Protecting SMS messages used in critical business processes
- How to Detect System Configuration Changes – Intro to Incident Response Triage (Part 9) in 2019
- ‘VPN Rotator’ – tool that analysts can use to manage their VPN connections
- DeTTECT: Latest version (1.2.3) Updated to support the ATT&CK Navigator layer version 2.2
- Windows Event Monitoring Guidance
- 7 habits of highly effective SOCs
- Measure and Improve the Maturity of Your Incident Response Team
- How insights from system attestation and advanced hunting can improve enterprise security
- Part 2: Living Off The Land
- Bypassing GitHub’s OAuth flow
- ꓘamerka GUI — Ultimate Internet of Things/Industrial Control Systems reconnaissance tool
- Threat Hunter Playbook ⚔ + Mordor Datasets 📜 + BinderHub 🌎 = Open Infrastructure 🏗 for Open Hunts 🏹
- Understanding Ransomware: General Techniques
Breaches, Government, and Law Enforcement
- Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers
- Chinese police arrest operators of 200,000-strong DDoS botnet
- US and Taiwan hold first joint cyber-war exercise
- Two former Twitter employees accused of spying for Saudi Arabia
- Breach at DNA-Test Firm Veritas Exposed Customer Information
Vulnerabilities and Exploits
- Microsoft works with researchers to detect and protect against new RDP exploits
- Multiple Vulnerabilities in Cisco WebEx Network Recording Player and Cisco Webex Player Could Allow for Arbitrary Code Execution
- ConnectWise warns of ongoing ransomware attacks targeting its customers
- Anatomy of Scalable Vector Graphics (SVG) Attack Surface on the Web
- rConfig Install Directory Remote Code Execution Vulnerability Exploited
- US-Cert Bulletin (SB19-308): Vulnerability Summary for the Week of October 28, 2019
- New CIS Benchmarks and CIS Hardened Images for Windows Server 2019, Red Hat 8, and More
- Microsoft Office for Mac cannot properly disable XLM macros
- New libarchive use after free vulnerability
- Amid NSA warning, attacks on Confluence have risen in recent weeks