Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Coming to a City or Town Near You: Ransomware (Podcast)
- Assessing the impact of protection from web miners
- Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
- Ransomware Increases the Back-to-School Blues
- Fileless Malware 101: Understanding Non-malware Attacks
- Proofpoint Q2 2019 Threat Report – Emotet’s hiatus, mainstream impostor techniques, and more
- APWG Phishing Activity Trends Report – Q2 2019
- 5 tips for writing a cybersecurity policy that doesn’t suck
- Process Injection and Manipulation
- Week in OSINT #2019–37
- A key performance indicator for infosec organizations
- New Wheels on the CAR: Updates to the Cyber Analytics Repository
- Unusual Journeys into Infosec Featuring Phillip Wylie
- HP to Buy Bromium
- LNK: A perfect vector for living-off-the-land attacks
- Service Accounts – Weakest Link in the Chain?
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign
- Emotet Malicious Phishing Campaigns Return in Force
- The Kittens Are Back in Town: Charming Kitten Campaign Against Academic Researchers
- Old Magecart Domains are Being Bought Up for Monetization
- Nemty Ransomware 1.0: A Threat in its Early Stage
- Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
- Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
- Emotet is back after a summer break
- Emotet malspam is back
- Changes to Emotet in September 2019
- Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
- Emotet is back: botnet springs back to life with new spam campaign
Tools and Tips
- You Can Run, But You Can’t Hide — Detecting Process Reimaging Behavior
- Investigating Gaps in your Windows Event Logs
- Windows Forensics Analysis — Windows Artifacts (Part I)
- Windows Forensics Analysis — Tools And Resources
- PurpleSharp – is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
- Bloodhound Cypher Cheatsheet
- Getting Started With Azure DevOps
- Threat Hunting with ETW events and HELK — Part 1: Installing SilkETW
- Malware Analysis 101 – Basic Static Analysis
- Mitaka – A Browser Extension for OSINT Search
- Search Open File Shares For Potentially Sensitive info
Breaches, Government, and Law Enforcement
- Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
- The Law & Politics of Cyberattack Attribution
- Twitter removes new batch of state-backed accounts
Vulnerabilities and Exploits
- 2019 CWE Top 25 Most Dangerous Software Errors
- LastPass bug leaks credentials from previous site
- Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
- Testing Linux Heap exploits on different Glibc version