Some interesting stuffs (blogs/articles/papers and useful resources) that I’ve read in Q1 2017.

January

Mac Malware of 2016
https://objective-see.com/blog/blog_0x16.html

Iran Leaks Censorship via BGP Hijacks
https://dyn.com/blog/iran-leaks-censorship-via-bgp-hijacks/

Summary of the latest ShadowBrokers release (+IOCs)
https://medium.com/@msuiche/summary-of-the-latest-shadowbrokers-released-iocs-2d0718841644

Practical OS X Malware Detection & Analysis
http://cyberforensicator.com/wp-content/uploads/2017/01/practical_os_x_malware_detection_analysis.compressed.pdf

Memory Forensics of Linux and Mac Systems
http://cyberforensicator.com/2017/01/05/memory-forensics-of-linux-and-mac-systems

MongoDB ransom
https://medium.com/@mbromileyDFIR/its-10pm-do-you-know-where-your-mongodb-is-a83b8a55ab12
https://medium.com/@mbromileyDFIR/mongodb-ransoms-part-2-de5252ce31a0
https://medium.com/@mbromileyDFIR/mongodb-ransoms-round-3-fc163b636f51

How to secure MongoDB on Linux or Unix production server
https://www.cyberciti.biz/faq/how-to-secure-mongodb-nosql-production-database/

Windows 10 PE for Digital Forensics
https://articles.forensicfocus.com/2017/01/06/windows-10-pe-for-digital-forensics/

PowerShell Remoting and Incident Response
https://www.linkedin.com/pulse/powershell-remoting-incident-response-matthew-green

Stopping Malware With a Fake Virtual Machine
https://securingtomorrow.mcafee.com/mcafee-labs/stopping-malware-fake-virtual-machine/

Cracking Android Pattern Lock in Five Attempts
http://www.lancaster.ac.uk/staff/wangz3/publications/ndss_17.pdf

Network Forensics Playbook – Banner Inspection and Client Origin
https://blog.packet-foo.com/2017/01/network-forensics-playbook-banner-inspection-and-client-origin/

Have Fun with Machine Learning: A Guide for Beginners
https://github.com/humphd/have-fun-with-machine-learning

Open-Sourcing Our Incident Response Documentation
https://www.pagerduty.com/blog/incident-response-documentation/

SANS 2016 Holiday Hack Challenge Writeup
https://techanarchy.net/2017/01/solving-the-sans-2016-holiday-hack-challenge/
http://ctfhacker.com/pwn/2017/01/05/sans-holidayhack-2016.html

The science of Westworld
https://blog.plan99.net/the-science-of-westworld-ec624585e47

Randomness in Linux
http://juho.tykkala.fi/Randomness-in-Linux

/r/netsec’s Q1 2017 Information Security Hiring Thread
https://www.reddit.com/r/netsec/comments/5ncpb8/rnetsecs_q1_2017_information_security_hiring/

Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes
https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/

Who is Anna-Senpai, the Mirai Worm Author?
https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

Windows Privilege Escalation Methods for Pentesters
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

The JTAG Interface: AN ATTACKER’S PERSPECTIVE
https://optivstorage.blob.core.windows.net/web/file/55e86eae3f04450d9bafcbb3a94559ca/JTAG.Whitepaper.pdf

Red Teamers Can Learn Secrets by Purple Teaming
https://www.alienvault.com/blogs/security-essentials/red-teamers-can-learn-secrets-by-purple-teaming

2016 Cyber Attacks Statistics
http://www.hackmageddon.com/2017/01/19/2016-cyber-attacks-statistics/

How to Tell Which Application Is Using Your Windows PC’s Webcam
https://www.howtogeek.com/289333/how-to-tell-which-application-is-using-your-windows-pcs-webcam/

A Brief Summary of Encryption Method Used in Widespread Ransomware
http://resources.infosecinstitute.com/a-brief-summary-of-encryption-method-used-in-widespread-ransomware/

With Release of Windows 10, Questions About BitLocker Arise Again
https://securingtomorrow.mcafee.com/mcafee-labs/release-windows-10-questions-bitlocker-arise/

The Twitter Activist Security
https://medium.com/@thegrugq/twitter-activist-security-7c806bae9cb0

You will be surprised by what your Tweets may reveal about you and your habits
https://blog.0day.rocks/you-will-be-surprised-by-what-your-tweets-may-reveal-about-you-and-your-habits-3bc907688bc8

Everything you need to know about HTTP security headers
https://blog.appcanary.com/2017/http-security-headers.html

I am Mikko Hypponen. I hunt hackers. I’m here to answer your questions for Data Privacy Day. AMA!
https://www.reddit.com/r/IAmA/comments/5qgrm0/i_am_mikko_hypponen_i_hunt_hackers_im_here_to/

February

Printer Security
https://web-in-security.blogspot.de/2017/01/printer-security.html

Analyzing a malicious document with a mac-specific payload
https://objective-see.com/blog/blog_0x17.html

Enhanced Analysis of GRIZZLY STEPPE Activity
https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf

Cloudbleed
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://www.reddit.com/r/netsec/comments/5vu52h/cloudflare_reverse_proxies_are_dumping/

Announcing the first SHA1 collision
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
https://www.reddit.com/r/netsec/comments/5vq9lr/announcing_the_first_sha1_collision/

Prominent Human Rights Activists in Egypt Targeted by Sophisticated Hacking Attacks
https://theintercept.com/2017/02/02/egyptian-rights-activists-are-targeted-by-sophisticated-hacking-attacks/
https://citizenlab.org/2017/02/nilephish-report/

OS X as a Forensic Platform
https://www.sans.org/reading-room/whitepapers/apple/os-forensic-platform-37637

A Journey into NTFS
https://medium.com/@mbromileyDFIR/a-journey-into-ntfs-part-1-e2ac6a6367ec
https://medium.com/@mbromileyDFIR/ntfs-series-2b3b91faaf21
https://medium.com/@mbromileyDFIR/a-journey-into-ntfs-part-3-5e197a0cab58
https://medium.com/@mbromileyDFIR/a-journey-into-ntfs-part-4-f2865c39ac83
https://medium.com/@mbromileyDFIR/ntfs-part-5-13e20588af59
https://medium.com/@mbromileyDFIR/ntfs-part-6-43a50fad89f3
https://medium.com/@mbromileyDFIR/ntfs-part-7-an-ntfs-story-caf42565855b

Are hardware write blockers more reliable than software ones
https://github.com/msuhanov/Linux-write-blocker/blob/master/research/2017-01_Write_blockers.pdf

Accessing & Copying Volume Shadow Copy Contents From Live Remote Systems
http://www.4n6k.com/2017/02/forensics-quickie-accessing-copying.html

Ransomware And The Boot Process
https://blog.fortinet.com/2017/02/01/ransomware-and-the-boot-process

Blocking Malicious PowerShell Downloads
https://www.crowdstrike.com/blog/blocking-malicious-powershell-downloads/

Detailed threat analysis of Shamoon 2.0 Malware
http://www.vinransomware.com/blog/detailed-threat-analysis-of-shamoon-2-0-malware

Hardening Win7 x64 on VirtualBox for Malware Analysis
https://byte-atlas.blogspot.com/2017/02/hardening-vbox-win7x64.html

OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility
http://ponderthebits.com/2017/02/osx-mac-memory-acquisition-and-analysis-using-osxpmem-and-volatility/

The Effect of Encryption on Lawful Access to Communications and Data
https://assets.documentcloud.org/documents/3457647/170203-Lewis-EffectOfEncryption-Web.pdf

How to Hack Your Office – Before Someone Else Does
https://safeandsavvy.f-secure.com/2017/02/14/how-to-hack-your-office-before-someone-else-does/

Running Executables on macOS From Memory
https://www.cylance.com/running-executables-on-macos-from-memory

A guide for journalists covering protests
https://muckrack.com/daily/2017/02/02/a-guide-for-journalists-covering-protests/

Android gives apps full access to your network activity
https://hackernoon.com/android-gives-apps-full-access-to-your-network-activity-f0fd92ee1824

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
https://github.com/MHaggis/sysmon-dfir

Password managers: attacks and defenses
https://blog.acolyer.org/2017/02/06/password-managers-attacks-and-defenses/

Mirai – Inside of an IoT Botnet
https://www.nanog.org/sites/default/files/1_Winward_Mirai_The_Rise_v1.pdf

Here are 250 Ivy League courses you can take online right now for free
https://medium.freecodecamp.com/ivy-league-free-online-courses-a0d7ae675869

Hacking WordPress 4.7.0 – a step-by-step guide
http://blog.websecurify.com/2017/02/hacking-wordpress-4-7-0-1.html

Threat Hunting with Sysmon
https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow

How to Encrypt Your Windows System Drive With VeraCrypt
https://www.howtogeek.com/howto/6169/use-truecrypt-to-secure-your-data/

I’m Kevin Mitnick, The World’s Most Famous Hacker. AMA AMA!
https://www.reddit.com/r/IAmA/comments/5uo7he/im_kevin_mitnick_the_worlds_most_famous_hacker/

Adventures in /usr/bin and the likes
https://ablagoev.github.io/linux/adventures/commands/2017/02/19/adventures-in-usr-bin.html

Hacking Android phone. How deep the rabbit hole goes.
https://hackernoon.com/hacking-android-phone-how-deep-the-rabbit-hole-goes-18b62ad65727

Spam and phishing in 2016
https://securelist.com/analysis/kaspersky-security-bulletin/77483/kaspersky-security-bulletin-spam-and-phishing-in-2016/

Beginner’s Guide to Open Source Incident Response Tools and Resources
https://www.alienvault.com/blogs/security-essentials/beginners-guide-to-open-source-incident-response-tools-and-resources

How to Run a Rogue Government Twitter Account With an Anonymous Email Address and a Burner Phone
https://theintercept.com/2017/02/20/how-to-run-a-rogue-government-twitter-account-with-an-anonymous-email-address-and-a-burner-phone/

How DNS Works in Tor & ITs Anonymity Implications
https://drive.google.com/file/d/0B5gNT4RRJ0xPcC1mT3Y2T2hJUVk/view

How SHA-1 Collisions Can Affect Us in Real-World Attacks
https://www.cylance.com/en_us/blog/how-sha-1-collisions-can-affect-us-in-real-world-attacks.html

OSCP-like Vulnhub VMs
http://www.abatchy.com/2017/02/oscp-like-vulnhub-vms.html

The Collapse of the UNIX Philosophy
https://kukuruku.co/post/the-collapse-of-the-unix-philosophy/

Setting up a Pentesting… I mean, a Threat Hunting Lab
https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat.html

March

Vault 7 Megathread – Technical Analysis & Commentary of the CIA Hacking Tools Leak
https://www.reddit.com/r/netsec/comments/5y1pag/vault_7_megathread_technical_analysis_commentary/

Remote Code Execution (RCE) Attacks on Apache Struts
https://www.imperva.com/blog/2017/01/remote-code-execution-rce-attacks-apache-struts/
http://www.threatgeek.com/2017/03/widespread-exploitation-attempts-using-cve-2017-5638.html
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
https://www.immun.io/blog/will-it-pwn-cve-2017-5638-remote-code-execution-in-apache-struts-2
https://f5.com/labs/articles/threat-intelligence/malware/from-ddos-to-server-ransomware-apache-struts-2-cve-2017-5638-campaign-25922

Yahoo Hack
https://krebsonsecurity.com/2017/03/four-men-charged-with-hacking-500m-yahoo-accounts/
https://medium.com/@chrismcnab/alexseys-ttps-1204d9050551

HTTPS Interception Weakens TLS Security
https://www.us-cert.gov/ncas/alerts/TA17-075A

Blue Team Basics – PCAP File Extraction
https://www.sneakymonkey.net/2017/03/03/pcap-file-extraction/

Extracting data from damaged NTFS drives
https://eforensicsmag.com/extracting-data-damaged-ntfs-drives-andrea-lazzarotto/

Getting Physical With USB Type-C : Windows 10 RAM Forensics and UEFI Attacks
http://alex-ionescu.com/publications/Recon/recon2017-bru.pdf

iOS Security – iOS 10
https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Android Security 2016 Year in Review
https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf

Secure computing for journalists
https://blog.cryptographyengineering.com/2017/03/05/secure-computing-for-journalists/

Learning from the field : Vulnhub
https://bitvijays.github.io/LFFVulnhub.html

Powershell Exploit Analyzed Line-by-Line
https://www.invincea.com/2017/03/powershell-exploit-analyzed-line-by-line/

Spora Ransomware: Understanding the HTA Infection Vector
https://www.linkedin.com/pulse/spora-ransomware-understanding-hta-infection-vector-kevin-douglas

Some notes on malware
https://securityblog.gr/4261/some-notes-on-malware-part-1/
https://securityblog.gr/4271/some-notes-on-malware-part-2/

Essential PowerShell Resources
http://jdhitsolutions.com/blog/essential-powershell-resources/

PowerShell obfuscation techniques
https://www.slideshare.net/DanielBohannon2/invokeobfuscation-nullcon-2017

Pincodes, Passcodes, & TouchID on iOS – An Introduction to the Aggregate Dictionary Database (ADDataStore.sqlite)
https://www.mac4n6.com/blog/2017/3/12/introduction-to-the-aggregate-dictionary-database-addatastoresqlite

Recovering BitLocker Keys on Windows 8.1 and 10
https://tribalchicken.io/recovering-bitlocker-keys-on-windows-8-1-and-10/

A look at inner workings of Joycon and Nintendo Switch
https://github.com/dekuNukem/Nintendo_Switch_Reverse_Engineering

Attacking RDP – How to Eavesdrop on Poorly Secured RDP Connections
https://www.exploit-db.com/docs/41621.pdf

The State of Internet Censorship in Thailand
https://ooni.torproject.org/post/thailand-internet-censorship/

How Cyber Criminal Marketplaces Operate: Carding and Reshipping
https://blog.cyber4sight.com/2017/03/how-cyber-criminal-marketplaces-operate/

Roadmap to becoming a web developer in 2017
https://github.com/kamranahmedse/developer-roadmap

Mobile Security Research – Recap 2016
http://www.virqdroid.com/2017/03/mobile-security-research-recap-2016.html

Exploring North Korea’s Surveillance Technology
https://www.ernw.de/download/exploring_north_koreas_survelliance_technology_troopers17.pdf

A Red Teamer’s guide to pivoting
https://artkond.com/2017/03/23/pivoting-guide/

The Non-Technical Guide to Machine Learning & Artificial Intelligence
https://machinelearnings.co/a-humans-guide-to-machine-learning-e179f43b67a0

Linux Malware Analysis using Limon Sandbox
https://cysinfo.com/10th-meetup-linux-malware-analysis/

Red Team Penetration Testing
https://blog.anitian.com/red-team-testing-anything-goes-part1/
https://blog.anitian.com/red-team-testing-going-all-the-way-part2/
https://blog.anitian.com/httpsblog-anitian-comred-team-testing-fallout-part3/

gargoyle : a memory scanning evasion technique for Windows
https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html

What happens when you swipe a credit card?
https://tech.affirm.com/deep-dive-payments-60f5d17f6c71

Understanding HTTP Authentication Basic and Digest
http://www.hackingarticles.in/understanding-http-authentication-basic-digest/

Better living through online security & encryption
https://docs.google.com/document/d/1xOJu-BrRmEg8NYbfPslwz-MRPnrvlB07c-Z_WrcPF8I/edit#

Secure configuration for devices running Windows 10 1607 “Anniversary Edition”
https://www.ncsc.gov.uk/guidance/eud-security-guidance-windows-10-1

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s