Some interesting stuffs (blogs/articles/papers and useful resources) that I’ve read in Q2 2017.

April

8 cyber security professionals share their essential reads
https://medium.com/threat-intel/essential-cybersecurity-books-32ce92c24c47

Infosec Newbie
https://www.sneakymonkey.net/2017/04/23/infosec-newbie/

Ransomware Prevention
https://bartblaze.blogspot.com/p/ransomware-prevention.html

Wiki to collect Red Team infrastructure hardening resources
https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki

Using APT tactics and techniques in your pentests
http://infosecaddicts.com/apt-tactics-techniques-pentests/

Shadow Brokers EQGRP Lost in Translation resources
https://gist.github.com/iam1980/0155d277b03ec535291a1b0a788b3812

The Shadow Brokers-Leaked Equation Group’s Hacking Tools: A Lab-Demo Analysis
https://www.nopsec.com/blog/shadow-broker-leaked-equation-groups-hacking-tools-lab-demo-analysis/

Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon, Win Event Logs, and ELK
https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html
https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html
https://cyberwardog.blogspot.com/2017/04/chronicles-of-threat-hunter-hunting-for.html

Stuxnet drivers: detailed analysis
https://artemonsecurity.blogspot.com/2017/04/stuxnet-drivers-detailed-analysis.html

Pegasus for Android: the other side of the story emerges
https://blog.lookout.com/pegasus-android
https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html

MOONLIGHT MAZE – The Dawn of Nation-State Digital Espionage
https://www.wired.com/2017/04/russian-hackers-used-backdoor-two-decades/
https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_PDF_eng.pdf

Technical details on the Lazarus Group and the SWIFT bank attacks
https://securelist.com/files/2017/04/Lazarus_Under_The_Hood_PDF_final.pdf

iOS Dualboot
https://nyansatan.github.io/dualboot/

Android Applications Reversing 101
https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/

Setting a custom FileVault (macOS FDE) passphrase
https://blog.filippo.io/filevault-2-custom-passphrase/

New Apple Filesystem (APFS) Reverse Engineered
https://blog.cugu.eu/post/apfs/

HTTP/2 is not the future, it’s present
http://blog.eleven-labs.com/en/http2-future-present/

Phishing with Unicode Domains
https://www.xudongz.com/blog/2017/idn-phishing/

All Your Cards Are Belong To Us: Understanding Online Carding Forums
https://www.slideshare.net/jonaolapo/all-your-cards-are-belong-to-us-understanding-online-carding-forums

We are ex-NSA crypto/mathematicians working to help keep the internet secure before quantum computers render most crypto obsolete!
https://www.reddit.com/r/IAmA/comments/67wsur/we_are_exnsa_cryptomathematicians_working_to_help/

A Comparison of Encryption Tools for Disk Data Storage from Digital Forensics Point of View
http://cyberforensicator.com/2017/04/21/a-comparison-of-encryption-tools-for-disk-data-storage-from-digital-forensics-point-of-view/

What convolutional neural networks look at when they see nudity
https://dev.to/clarifai/what-convolutional-neural-networks-look-at-when-they-see-nudity

Making a Simple Neural Network
https://becominghuman.ai/making-a-simple-neural-network-2ea1de81ec20

Windows 10 Security Wiki
https://www.peerlyst.com/posts/windows-10-security-wiki-guurhart

From Engineer to Manager: keeping your technical skills
https://hackernoon.com/from-engineer-to-manager-keeping-your-technical-skills-40579cc8ea00

A Healthy Programmer is a Happy Programmer
http://devcrew.io/2017/03/29/a-healthy-programmer-a-happy-programmer/

May

WannaCry Ransomware
https://blog.malwarebytes.com/cybercrime/2017/05/wanna-cry-some-more-ransomware-roundup-special-edition/
https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
https://securelist.com/wannacry-mistakes-that-can-help-you-restore-files-after-infection/78609/
https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
https://b0n1.blogspot.com/2017/05/wannacry-ransomware-picture-collection_17.html

Notes about smb vuln ms17 010
https://github.com/cldrn/nmap-nse-scripts/wiki/Notes-about-smb-vuln-ms17-010

A guide to journalists interviewing infosec specialists and hackers
https://medium.com/@tiagoalexandrecaetanohenriques/a-guide-to-journalists-interviewing-infosec-specialists-and-hackers-75ed05fb3eb5

HTTPS on Stack Overflow: The End of a Long Road
https://nickcraver.com/blog/2017/05/22/https-on-stack-overflow/

How Snowden distributed copies of his cache in parcels delivered through the US Postal Service
https://harpers.org/archive/2017/05/snowdens-box/

Digital Forensics – Automotive Infotainment and Telematics Systems
https://digital-forensics.sans.org/blog/2017/05/01/digital-forensics-automotive-infotainment-and-telematics-systems-2

Introduction to few anti-forensics and unpacking techniques
https://alexandreborgesbrazil.files.wordpress.com/2017/05/bsides_2017_b_version.pdf

PowerShell for Practical Purple Teaming
https://www.slideshare.net/nikhil_mittal/powershell-for-practical-purple-teaming

Blockchains from the ground up
http://johnmathews.eu/blockchain-introduction.html

Why mail() is dangerous in PHP
https://www.ripstech.com/blog/2017/why-mail-is-dangerous-in-php/

DOUBLEPULSAR Usermode Analysis: Generic Reflective DLL Loader
https://countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/

An Analysis of Criminal Communications Strategies
https://forensicfocus.files.wordpress.com/2017/05/flashpoint_cybercrime_economy.pdf

State-sponsored attack scenario on WhatsApp
http://rnnlab.com/blog/index.php/2017/05/18/state-sponsored-attack-scenario-on-whatsapp/

Wicked malware persistence methods
https://speakerdeck.com/hshrzd/wicked-malware-persistence-methods

How to build your own VPN if you’re (rightfully) wary of commercial options
https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/

Under The Hood Of Google’s TPU2 Machine Learning Clusters
https://www.nextplatform.com/2017/05/22/hood-googles-tpu2-machine-learning-clusters/

Why you don’t need 27 different passwords
https://blog.malwarebytes.com/101/2017/05/dont-need-27-different-passwords/

Why SHA-3 should probably not be used
https://www.imperialviolet.org/2017/05/31/skipsha3.html

June

The Journey to Hijacking a Country’s TLD – The Hidden Risks of Domain Extensions
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html

The Principles of a Subdomain Takeover
https://blog.sweepatic.com/subdomain-takeover-principles/

Memory forensics of Eternalblue
http://markus.co/memory-forensics/2017/06/04/eternalblue-smb.html

Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html
https://github.com/firstlookmedia/pdf-redact-tools

Winning the debate on encryption — a 101 guide for politicians
https://medium.com/privacy-international/winning-the-debate-on-encryption-a-101-guide-for-politicians-4ff4353d427

Machine Learning Cheat Sheets
https://startupsventurecapital.com/essential-cheat-sheets-for-machine-learning-and-deep-learning-researchers-efb6a8ebd2e5
https://unsupervisedmethods.com/cheat-sheet-of-machine-learning-and-python-and-math-cheat-sheets-a4afe4e791b6

Security in Docker: More than containers
http://slides.com/artssec/security-in-docker-more-than-containers#/

Set up your own malware analysis lab with VirtualBox, INetSim and Burp
https://blog.christophetd.fr/set-up-your-own-malware-analysis-lab-with-virtualbox-inetsim-and-burp/

Malware Lab Setup
https://struppigel.blogspot.de/2017/06/malware-lab-setup-for-static-analysis.html
https://struppigel.blogspot.de/2017/06/malware-lab-setup-for-dynamic-analysis.html

10 tough security interview questions, and how to answer them
http://www.csoonline.com/article/2121343/it-strategy/10-tough-security-interview-questions-and-how-to-answer-them.html

List of all products where vendor states SMB1 required.
https://aka.ms/stillneedssmb1

War driving for IMSI catchers
https://seaglass.cs.washington.edu/

Tracking US Navy nuclear submarines using publicly available information
http://www.vesselofinterest.com/2017/06/tracking-us-navy-nuclear-submarines.html

A Security Review of Freelance Web Development
https://www.tripwire.com/state-of-security/featured/vert-research-security-review-freelance-web-development/

A Method For Verifying Integrity And Authenticating Digital Media
https://articles.forensicfocus.com/2017/06/09/a-method-for-verifying-integrity-and-authenticating-digital-media/

The collection of Red Teaming Tips by @vysecurity
https://threatintel.eu/2017/06/03/red-teaming-tips-by-vincent-yiu/

Detecting Lateral Movement through Tracking Event Logs
https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf

Securing your laptop for travel to China
https://mricon.com/i/travel-laptop-setup.html

Detect the undetectable with Sysinternals Sysmon and Powershell logs
https://securitylogsdotorg.files.wordpress.com/2017/06/bsides-athens-sysmon-final.pdf

Tweak your sandbox to make it harder for malware to detect that it’s being analyzed – Cheat sheet PDF
http://unprotect.tdgt.org/images/2/23/Sandbox-Cheatsheet-1.1.pdf

NTFS Forensics Malware and vulnerabilities
https://drive.google.com/file/d/0B3P18M-shbwrM1E2V24tTVFUU3M/view

RAM Forensic Analysis
https://articles.forensicfocus.com/2017/06/26/ram-forensic-analysis/

Petya Ransomware
https://gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759
https://blogs.technet.microsoft.com/mmpc/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/

Petya: easily disabling access to psexec
https://guyrleech.wordpress.com/2017/06/28/petya-easily-disabling-access-to-psexec/

Ransomware Chronicle
http://privacy-pc.com/articles/ransomware-chronicle.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s