Feb 07 2021 This Week's Read List - 31 JAN 2021-06 FEB 2021

TWRL - A new variant of Pro-Ocean malware discovered; Phantom malware - hiding by imitating user activity; A collection of EDR bypass methods; Kobalos malware targets HPCs; New method for cross-site leaks disclosed; CinaRAT analysis; Malchive - a collection of malware analysis tools; SerialStudio - a for visualizing serial data; What2Log - a guide to logging; Hunting using Sysmon CallTrace; Simple trend analysis and anomaly detectin with SQL; ScareCrow - a payload generator; ProcDOT - a graph-based visual malware analysis tool; OpenBullet - a plugin-based web testing framework; Docker Security guide; Regular Expressions for Editors; and Tamper-evident logs.

Jan 30 2021 This Week's Read List - 24-30 JAN 2021

TWRL - CISA's Malware Analsyis Report on SUPERNOVE; CheckPoint Research analyzes the second phase of the SolarWinds breach; Extracting an Emotet payload from a maldoc; Telegram and WOFF used for communications in phishing campaign; Abuse of the `finger` command on Windows; CISA's specifications for a threat hunting platform; How the Emotet module developed by law-enforcement works to take down Emotet; APT-Hunter tool for Windows logs; Building YARA rules from a maldoc; LogoKit to build web pages for phishing campaigns; ThreatConnect and ANY.Run partnership; and PacketSifter for extracting information from PCAPs.

Jan 24 2021 This Week's Read List - 17-23 JAN 2021

TWRL - SolarWinds analysis of SUNBURST, TEARDROP, RAINDROP and actions in O365 and Azure environments; Flaws identified in dnsmasq dubbed DNSspooq; Analysis of binaries for authorship attribution; vulnerability in Windows NTLM; Analysis of Shellcode attributed to the Lazurus group; Snort 3 is released; Emulation rootkits with Speakeasy; Finding subdomains using Subfinder.

Jan 16 2021 This Week's Read List - 10-16 JAN 2021

TWRL - SolarWinds; new Chinese malware; abusing cloud services; Project Zero In-the-Wild series; Mimecast certificate compromise; Cloud hunting lateral movement; Reversing AppleScripts; Darkside Ransomware decryption tool; Oski Stealer credential stealer; TeamTNT Docker and Kubernetes credential theft; Exploiting browsers using named pipes; Bumblebee backdoor; DNS over HTTPs advisory; Securing cloud services advisory; Securing containers with seccomp; Executing unsigned code; New messaging applications and protocols; Sysmon release; Microsoft Defender for Endpoint - Linux; Karton malware analysis pipeline; Melody internet sensor; USBQ Toolkit; LogMine log pattern recognition; OpenLearn E-books; Algorithms book; Embedded systems course; MDSEC Insights blog; OpenBase for opensource reviews; Elastic changes to SSPL.

Jan 09 2021 This Week's Read List - 03-09 JAN 2021

TWRL SUMMARY: SolarWinds stories, analysis and alerts; DevSecOps best practices; malware using WiFi to identify victims; popular malware and C2 frameworks; Operation Kremlin; Ezuri Golang Crypter; spam bypass tool on the darknet; the C2 matrix; building a malware analysis lab; a reverse engineering course; vulnerable malware samples; Panther SIEM; PCAP Monkey analysis tool; eliminating obsolete protocols; a new cybersecurity bureau; using OSINT for network defense; the disclose.io project; and books for developers.