Links from Class
Here is a collection of links from class discussions.
Links
- Metasploit 5: https://blog.rapid7.com/2019/01/10/metasploit-framework-5-0-released/
- SIGMA SIEM rule: @subtee is in your network
- LOLBINS: https://lolbas-project.github.io/#
- Malware with complex persistence: Kovter/Poweliks
- Summary: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/kovter-an-evolving-malware-gone-fileless
- Detailed analysis: https://blog.malwarebytes.com/threat-analysis/2016/07/untangling-kovter/
- interesting things on infosec twitter
WedNSM Day morning?- Possible RCE in Windows DHCP Server via MalwareTechBlog -> Accept MS EULA
- HTTP request with “Content-Type:application/octect-stream.” via @ItsReallyNick: stvemillertime
- SANS Exam Study Tips: http://www.dfirnotes.net/exam-tips/
-
Log Parser Studio: https://gallery.technet.microsoft.com/Log-Parser-Studio-cd458765
-
Bayrob Crimeware group stopped after 9 years (?!)
- https://www.bankinfosecurity.com/two-romanian-nationals-convicted-in-bayrob-malware-case-a-12375
-
Amazon “Open Distro for Elasticsearch”:
- https://aws.amazon.com/blogs/opensource/keeping-open-source-open-open-distro-for-elasticsearch/
-
Microsoft preview of
WindowsDefender ATP for Macs:- https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Announcing-Microsoft-Defender-ATP-for-Mac/ba-p/378010
-
Windows (etc) logging references:
-
Malware Archaeology: https://www.malwarearchaeology.com/cheat-sheets
-
Ultimate Windows Security: https://www.ultimatewindowssecurity.com/
-
NSA guide v2+ (2015): https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm
-
- impfuzzy (JP CERT): https://blogs.jpcert.or.jp/en/2016/05/classifying-mal-a988.html
Public Breach Reporting and Discussion
-
Google Aurora
- https://en.wikipedia.org/wiki/Operation_Aurora
-
Retailers: TJX, Target, Home Depot
-
https://www.wired.com/2010/03/tjx-sentencing/
-
“Breaking the Target”, Xiaokui Shu, Ke Tian, Andrew Ciambrone and Danfeng (Daphne) Yao https://arxiv.org/pdf/1701.04940.pdf
-
Krebs articles on Target and THD https://krebsonsecurity.com/tag/target-data-breach/
-
-
Software Supply Chain: Ukraine Taxes, Magecart, Asus / ShadowHammer
-
https://www.nytimes.com/2017/06/28/world/europe/ukraine-ransomware-cyberbomb-accountants-russia.html
-
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
-
https://securelist.com/operation-shadowhammer/89992/
-
-
SuperMicro motherboard story (disputed):
-
https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom
-
https://www.supermicro.com/newsroom/pressreleases/2018/press181004_Bloomberg.cfm
-
-
Watering hole attack on developers:
- https://threatpost.com/ios-developer-site-core-facebook-apple-watering-hole-attack-022013/77546/
Resources
-
10 Strategies, Carson Zimmerman and Mitre, from Mitre
- http://www.mitre.org/publications/all/ten-strategies-of-a-world-class-cybersecurity-operations-center
-
_PoC GTFO_ non work safe excellent journal of software engineering, weird machines, file format shenanigans, and cool hacks - https://www.alchemistowl.org/pocorgtfo/
-
CyberChef: Free and opensource offline analysis automation tool
- https://github.com/gchq/CyberChef
-
OWASP Core Rules for ModSecurity WAF:
- https://www.modsecurity.org/crs/
Book recommendations
- D–y, Crime and Punishment
- Michael Moorcock historical fiction
- Cloud Atlas
- The Three Body Problem by Chichin Liu, Existence by David Brin
- Hot Zone, Brandon Sanderson novels, Lies of Locke Lamorra by Scott Lynch
- Ready Player One by Ernest Cline
Powered by Project Jupyter Notebook: http://jupyter.org