— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- AppSec Advisor: Injection Attacks
- Executives Beware! Individual Impersonation Now Comprises Nearly a Quarter of All BEC Scams
- Wrap Up: 2019 National Cybersecurity Awareness Month
- TrendMircro: 2019 Midyear Security Roundup – Evasive Threats, Pervasive Effects
- Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
- The commoditization of mobile espionage software
- New cyberattacks targeting sporting and anti-doping organizations
- US-CERT Malware Analysis Report (AR19-304A) – North Korean Trojan: HOPLIGHT
- Week in OSINT #2019–43
- Visualising common patterns using MISP and ATT&CK data
- MITRE ATT&CKCon 2019 – Recap
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
- MESSAGETAP: Who’s Reading Your Text Messages?
- CertUtil Qualms: They Came to Drop FOMBs
- Hiding in Plain Sight: New Adwind jRAT Variant Uses Normal Java Commands to Mask its Behavior
- Top 10 Malware September 2019
- Fileless malware campaign roundup
- Current and Future Hacks and Attacks that Threaten Esports
- Office 365 Users Targeted by Voicemail Scam Pages
- Anti-Virtualization Malware – Malware Evasion Techniques Part 2
- Calypso APT: new group attacking state institutions
Tools and Tips
- Covenant: Developing Custom C2 Communication Protocols
- Cloud Storage Acquisition from Endpoint Devices
- Using scdbg to Find Shellcode
- Resources for Measuring Cybersecurity (PDF)
- Emotet_ioc_extractor
- Quickpost: ExifTool, OLE Files and FlashPix Files
- WatchAD – Active Diretory Security Intrusion Detection System
- dfir_ntfs: an NTFS parser for digital forensics & incident response
Breaches, Government, and Law Enforcement
- Assessment of Reported Malware Infection at Nuclear Facility
- Georgia hit by massive cyber-attack
- Breaches at NetworkSolutions, Register.com, and Web.com
Vulnerabilities and Exploits
- BlueKeep attacks are happening, but it’s not a worm
- Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
- Vulnerability Spotlight: Denial-of-service in VMWare Fusion 11
- Vulnerability Summary for the Week of October 21, 2019