Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ZDNet: Pastebin adds ‘Burn After Read’ and ‘Password Protected Pastes’ to the dismay of the infosec community
- Business Wire: CrowdStrike to Acquire Preempt Security to Offer Customers Enhanced Zero Trust Security Capabilities
- CrowdStrike: Ransomware + Data Leak Extortion: Origins and Adversaries, Pt. 1
- Tim MalcomVetter: Adversary Emulation vs. Bad Copycats
Threat Research
- CISA: LokiBot Malware
- Microsoft: Microsoft Security—detecting empires in the cloud
- GroupiB: Big Game Hunting: Now in Russia
- Kaspersky: Looking for sophisticated malware in IoT devices
- Reversing Labs: Taidoor – a truly persistent threat
- 360 Security: APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries
- Paloalto Unit42: Case Study: Emotet Thread Hijacking, an Email Attack Technique
- WMC Global: Netflix-Branded Mobile Phishing Campaigns in August
- Click All the Things!: dridex maldoc: The unholy union of VBA and XLM
- F-Secure: Catching Lazarus: Threat Intelligence to Real Detection Logic – Part One
Tools and Tips
- SpecterOps: Are You Docking Kidding Me?. .LNK persistence on macOS?
- Google: Introducing Chronicle Detect. Modern detection for modern threats
- Dragos: Preparing for Incident Handling and Response in ICS
- SANS ISC: Securing Exchange Online
- SANS ISC: Party in Ibiza with PowerShell
- red canary: Nothing to hide: seeking out rootkits on enterprise systems
- Fireeye: Fuzzing Image Parsing in Windows, Part One: Color Profiles
- Open Source DFIR: Testing digital forensic data processing tools
- Olaf Hartong: Sysmon 12.0 — EventID 24.
- Security-tzu: Hunting for techniques used by APT41
- D20 Forensics: Tracking App Clips in iOS 14
- 0xf0x: How to Manually Unpack Emotet Malware (video)
- BrownInfoSecGuy: PowerShell ForEach Enumerator vs ForEach-Object Cmdlet
- Center for Threat Informed Defense: An open library of adversary emulation plans
- NetSec Focus: TJnull’s guide to building a Home Lab
- EFF: Introducing “YAYA”, a New Threat Hunting Tool From EFF Threat Lab
- DFIR Madness: BUILDING A DFIR FORT KICKASS
Breaches, Government, and Law Enforcement
- US DOJ: Founder And CEO Of Cyberfraud Prevention Company Arrested And Charged With Securities Fraud Scheme
- US-CERT: Federal Agency Compromised by Malicious Cyber Actor | CISA
- Bleeping Computer: The Week in Ransomware – September 25th 2020 – A Modern-Day Gold Rush
- The Hacker News: Microsoft Windows XP Source Code Reportedly Leaked Online
- US DHS: Emergency Directive 20-04
- Reuters: Putin says Russia and U.S. should agree not to meddle in each other’s elections
Vulnerabilities and Exploits
- Cisco: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
- Checkpoint: #Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS – Check Point Research
- US CERT: Vulnerability Summary for the Week of September 14, 2020
- Trustwave: SAP ASE Information Leaks: CVE-2020-6295 and CVE-2020-6317
- Sprocket Security: How to exploit Zerologon (CVE-2020-1472)
- Zsec: ZeroLogon(CVE-2020-1472) – Attacking & Defending
1 comment / Add your comment below