Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- How The U.S. Hacked ISIS
- Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework
- CyberPeace Institute fills a critical need for cyberattack victims
- Azure Sentinel, Microsoft’s cloud-based SIEM, hits general availability
- Mapping the connections inside Russia’s APT Ecosystem
- The Consumer Guide to Shopping Safely in the Age of Magecart
- The State of Malware Analysis: Advice from the Trenches (MP3 audio)
- 2019 Flare-On Challenge Solutions
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- APT or not APT? What’s Behind the Aggah Campaign
- New WhiteShadow downloader uses Microsoft SQL to retrieve malware
- LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
- Magecart Looks to Injecting Code into L7 Routers, not just Websites (PDF)
- New Fancy Bear Campaigns targeting Embassies
- REvil/Sodinokibi Ransomware
- Phishing attacks abusing appspot.com and web.app domains on Google Cloud
- Arcane Stealer V and its Maker
- TrickBot or Treat – Knocking on the Door and Trying to Enter
- Hello! My name is Dtrack
- Divergent: “Fileless” NodeJS Malware Burrows Deep Within the Host
- Reawakening of Emotet: An Analysis of its JavaScript Downloader
- Emotet malspam campaign uses Snowden’s new book as lure
- A deeper look inside one of the new Emotet Malware Docs
Tools and Tips
- Microsoft Exchange – Preventing Cyber Attacks
- Bypassing MacOS Privacy Controls
- Setting up dionaea & cowrie with mhn
- CentOS Linux 8 released: New Features and Download
- Microsoft Azure Sentinel: not your daddy’s Splunk
- Understanding and getting started with Azure Sentinel
- mihari is a sidekick tool for TheHive for monitoring malicious hosts continuously
- A Pivot Cheatsheet for Pentesters
- Benefits of running your own MISP instance
- How to Detect Malware Remnants – Intro to Incident Response Triage (Part 8) in 2019
- Zeek IDS Installation on Raspberry PI Part 1
- …WON’T YOU BACK THAT THING UP: A GLIMPSE OF IOS 13 ARTIFACTS
Breaches, Government, and Law Enforcement
- Data of Nearly 5 million DoorDash Users was Accessed
- Critical Infrastructure Report from the Government Accountability Office (GA): Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid (PDF)
- Russian Hacker Pleads Guilty For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies
- Former Intelligence Officer Convicted of Attempted Espionage Sentenced to 10 Years in Federal Prison
Vulnerabilities and Exploits
- A Vulnerability in PHP Could Allow for Arbitrary Code Execution
- Microsoft releases out-of-band security update to fix IE zero-day & Defender bug
- VMware ESXi Command Injection Vulnerability
- Bulletin (SB19-266): Vulnerability Summary for the Week of September 16, 2019
- Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites