Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- C-Suite in the Hot Seat – Execs’ Responsibility Regarding Digital Security
- Pervasive Social Engineering Characterizes the Threat Landscape: Proofpoint Releases the Human Factor 2019 Report
- Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
- Process Injection and Manipulation: Malware Evasion Techniques Part 1
- The Rise of New Tactics in Business Email Compromise
- Week in OSINT #2019–36
- Mirai Botnet Continues to Plague IoT Space
- Clarifying ProtonMail and Huawei
- Automated incident response in Office 365 ATP now generally available
- The Five Stages of the DFIR Career Grief Cycle
- Does Your Incident Evidence Really Lead to Better Intelligence?
- Decaying of Indicators – MISP improved model to expire indicators based on custom models
- The Curious Case of Edward Snowden
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Dissecting the 10k Lines of the new TrickBot Dropper
- InnfiRAT: A new RAT aiming for your cryptocurrency and more
- ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group
- Gluptedba Expands Operation and Toolkit with LOLBINS and Cyptominer
- Rig Exploit Kit Delivering VBScript
- Threat Spotlight: TrickBot Infostealer Malware
- Malware Analysis Report (AR19-252A) – North Korean Trojan: BADCALL
- COBALT DICKENS Goes Back to School…Again
Tools and Tips
- Using Docker to Do Machine Learning at Scale
- iOS Location Mapping with APOLLO Part 1: I Know Where You Were Today, Yesterday, Last Month, and Years Ago!
- Following the CloudTrail: Generating strong AWS security signals with Sumo Logic
- How to build an incident response playbook
- Open Sourcing StringSifter
- How to Detect Running Malware – Intro to Incident Response Triage (Part 7)
- Malware Analysis Techniques — Basic Static Analysis
- TaHiTI Threat Hunting Methodology – Version 1.0
- Windows Forensics Analysis — Windows Artifacts (Part I)
- BLUF: The Military Standard That Can Make Your Writing More Powerful
- pixload — Image Payload Creating tools
- Inhale – is a malware analysis and classification tool that is capable of automating and scaling many static analysis operations.
Breaches, Government, and Law Enforcement
- Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups
- Scammer behind sextortion campaigns arrested in France
- Arizona Schools Ransomware Attack: Recovery Update
- 281 Arrested Worldwide in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes
- FIN7’s IT admin pleads guilty for role in billion-dollar cybercrime crew
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
- The Art of Patch Management
- Another Local Privilege Escalation Vulnerability Using Process Creation Impersonation
- From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-2019-1208 in Internet Explorer
- Watchbog and the Importance of Patching
- Microsoft September 2019 Patch Tuesday
- BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)