Here is a collection of links from class discussions.

Links

• Metasploit 5: https://blog.rapid7.com/2019/01/10/metasploit-framework-5-0-released/
• SIGMA SIEM rule: @subtee is in your network
• LOLBINS: https://lolbas-project.github.io/#
• Malware with complex persistence: Kovter/Poweliks
  • Summary: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/kovter-an-evolving-malware-gone-fileless
  • Detailed analysis: https://blog.malwarebytes.com/threat-analysis/2016/07/untangling-kovter/
• interesting things on infosec twitter Wed NSM Day morning?
  • Possible RCE in Windows DHCP Server via MalwareTechBlog -> Accept MS EULA
  • HTTP request with “Content-Type:application/octect-stream.” via @ItsReallyNick: stvemillertime
• SANS Exam Study Tips: http://www.dfirnotes.net/exam-tips/

• Log Parser Studio: https://gallery.technet.microsoft.com/Log-Parser-Studio-cd458765

• Bayrob Crimeware group stopped after 9 years (?!)

  • https://www.bankinfosecurity.com/two-romanian-nationals-convicted-in-bayrob-malware-case-a-12375

• Amazon “Open Distro for Elasticsearch”:

  • https://aws.amazon.com/blogs/opensource/keeping-open-source-open-open-distro-for-elasticsearch/

• Microsoft preview of Windows Defender ATP for Macs:

  • https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Announcing-Microsoft-Defender-ATP-for-Mac/ba-p/378010

• Windows (etc) logging references:

  • Malware Archaeology: https://www.malwarearchaeology.com/cheat-sheets

  • Ultimate Windows Security: https://www.ultimatewindowssecurity.com/

  • NSA guide v2+ (2015): https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm

• impfuzzy (JP CERT): https://blogs.jpcert.or.jp/en/2016/05/classifying-mal-a988.html

​

Public Breach Reporting and Discussion

​

• Google Aurora

  • https://en.wikipedia.org/wiki/Operation_Aurora

• Retailers: TJX, Target, Home Depot

  • https://www.wired.com/2010/03/tjx-sentencing/

  • “Breaking the Target”, Xiaokui Shu, Ke Tian, Andrew Ciambrone and Danfeng (Daphne) Yao https://arxiv.org/pdf/1701.04940.pdf

  • Krebs articles on Target and THD https://krebsonsecurity.com/tag/target-data-breach/

• Software Supply Chain: Ukraine Taxes, Magecart, Asus / ShadowHammer

  • https://www.nytimes.com/2017/06/28/world/europe/ukraine-ransomware-cyberbomb-accountants-russia.html

  • https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/

  • https://securelist.com/operation-shadowhammer/89992/

• SuperMicro motherboard story (disputed):

  • https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

  • https://www.supermicro.com/newsroom/pressreleases/2018/press181004_Bloomberg.cfm

• Watering hole attack on developers:

  • https://threatpost.com/ios-developer-site-core-facebook-apple-watering-hole-attack-022013/77546/

Resources

• 10 Strategies, Carson Zimmerman and Mitre, from Mitre

  • http://www.mitre.org/publications/all/ten-strategies-of-a-world-class-cybersecurity-operations-center

• _PoC

  GTFO_ non work safe excellent journal of software engineering, weird machines, file format shenanigans, and cool hacks

  • https://www.alchemistowl.org/pocorgtfo/

• CyberChef: Free and opensource offline analysis automation tool

  • https://github.com/gchq/CyberChef

• OWASP Core Rules for ModSecurity WAF:

  • https://www.modsecurity.org/crs/

​

Book recommendations

• D–y, Crime and Punishment
• Michael Moorcock historical fiction
• Cloud Atlas
• The Three Body Problem by Chichin Liu, Existence by David Brin
• Hot Zone, Brandon Sanderson novels, Lies of Locke Lamorra by Scott Lynch
• Ready Player One by Ernest Cline

Powered by Project Jupyter Notebook: http://jupyter.org