Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Taxpayers Oppose Local Governments Paying Hackers in Ransomware Attacks
- Purple Teaming ICS Networks: Part 3 of 3
- YouTube hit with $170M fine over children’s privacy
- Who is Salty Spider (Sality)?
- Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment
- Week in OSINT #2019–35
- Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
- Using Threat data in your vulnerability management strategy with MISP
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- JSWorm: The 4th Version of the Infamous Ransomware
- Pardot CRM Attack
- FunkyBot: A New Android Malware Family Targeting Japan
- Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion
- UPSynergy: Chinese-American Spy vs. Spy Story
- Malspam using password-protected Word docs to push Remcos RAT
- Seems Phishy: Back to School Lures Target University Students and Staff
- PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module
- Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader
- TrickBot Modifications Target U.S. Mobile Users
- https://inquest.net/blog/2019/08/30/YARA-For-Everyone-Rules-Will-Be-Rules
Tools and Tips
- Malware Classification with ‘Graph Hash,’ Applied to the Orca Cyberespionage Campaign
- GhIDA: Ghidra decompiler for IDA Pro
- SharPersist: Windows Persistence Toolkit in C#
- YARA For Everyone:Rules Will Be Rules
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels
- Awesome Asset Discovery
- Sysmon 10.4 release
Breaches, Government, and Law Enforcement
- Increased Funding Proposed for the DHS: Lawmakers offer bill to shore up federal cybersecurity
- XKCD forums breached
- Manager at energy firm loses £200,000 after fraudsters use AI to impersonate his boss’s voice
- Leader of new NSA Cybersecurity Directorate outlines threats, objectives
Vulnerabilities and Exploits
- A Vulnerability in Exim Could Allow for Remote Command Execution
- Metasploit team releases BlueKeep exploit
- The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue
- Supermicro Bug Could Let ‘Virtual USBs’ Take Over Corporate Servers