赞助内容

Salesloft-Drift泄露事件内幕：对SaaS与身份安全的影响 在本环节中，Permiso的CTO将探讨：

• 攻击者如何利用被盗的OAuth令牌从GitHub转移到AWS，再进入Salesforce。
• 为何这种“全自动化”攻击为SaaS供应链和NHI（非人类身份）敲响了警钟。
• 在您的环境中检测和遏制类似威胁的实用步骤。

观看视频播客 (由 Permiso 赞助)

一如既往，感谢那些提供支持的朋友们！

取证分析

• Erik Pistelli at Cerbero
  • Memory Challenge 5: DumpMe
  • Memory Challenge 6: Injector
• Christopher Eng at Ogmini
  • BelkaCTF 7 – AAR Metamorphosis
  • BelkaCTF 7 – AAR Radars
  • Homelab – Windows Answer files (unattend.xml/autounattend.xml)
  • Windows Notepad – Windows 25H2 – Version 11.2507.26.0
  • Zeltser Challenge – Tenth Month Accomplishments
• Forensafe
  • Android Calendar
• Adam Hachem at Hexordia
  • Using Open Source Forensic Tools: Compiling from Code and Python Scripts
• Justin De Luna at ‘The DFIR Spot’
  • Utilizing QELP for Rapid ESXi Analysis

威胁情报/狩猎

• 0xMatheuZ
  • Evading Elastic Security: Linux Rootkit Detection Bypass
• 360 Threat Intelligence Centre
  • Recent Activity Analysis and Technological Evolution of APT-C-60 (False Hunter)
• Faan Rossouw at Active Countermeasures
  • Malware of the Day – Command and Control via Google Workspace APIs
• Akash Patel
  • Tracking Lateral Movement — Named Pipes, Scheduler, Services, Registry, and DCOM (Event IDs)
  • Tracking Lateral Movement: PowerShell Remoting, WMIC, Explicit Credentials, NTLM Relay Attacks…
  • Sublime Just Got Even Smarter: Automatic Calendar Event Deletion Is Here
• Any.Run
  • Major Cyber Attacks in October 2025: Phishing via Google Careers & ClickUp, Figma Abuse, LockBit 5.0, and TyKit
• ASEC
  • Analysis of Trigona Threat Actor’s Latest Attack Cases
  • The Beast Ransomware Hidden in the GUI
  • Analysis of Gunra Ransomware Using Vulnerable Random Number Generation Function (Distributed for Linux Environments in ELF Format)
  • September 2025 APT Group Trends
  • Distribution of Rhadamanthys Malware Disguised as a Game Developed with Ren’Py
  • Case of ActiveMQ Vulnerability Exploitation to Install Sharpire (Kinsing)
• Australian Cyber Security Centre
  • Don’t take BADCANDY from strangers – How your devices could be implanted and what to do about it
• Maria Vasilevskaya at Auth0
  • 8 Log Detections for Credential Stuffing and MFA Exploit Prevention
• Bart Blaze
  • Earth Estries alive and kicking
• Brian Krebs at ‘Krebs on Security’
  • Aisuru Botnet Shifts from DDoS to Residential Proxies
• CERT-AGID
  • In corso uno smishing ai danni di Autostrade per l’Italia
  • Sintesi riepilogativa delle campagne malevole nella settimana del 25 – 31 ottobre
• Chainalysis
  • Five Key Takeaways from MSMT’s Report on North Korean Cyber Operations
• Check Point
  • 27th October – Threat Intelligence Report
  • Hezi Rash: Rising Kurdish Hacktivist Group Targets Global Sites
• Takahiro Takeda, Jordyn Dunk, James Nutland, and Michael Szeliga at Cisco’s Talos
  • Uncovering Qilin attack methods exposed through multiple cases
• Corelight
  • No PoCs? No Problem: Hunting F5 Exploits When Details Are Sparse | Corelight
  • Announcing Corelight Threat Intelligence with CrowdStrike | Corelight
• CTF导航
  • APT追踪第一集：“神秘大象”APT组织攻击战术分析
• Cybereason
  • From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations
• Cyble
  • APT-C-60 Escalates SpyGlace Campaigns Targeting Japan with Evolved Malware, Advanced Evasion TTPs
  • Hacktivist Attacks on Critical Infrastructure Surge: Cyble Report
  • Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector
• Cyfirma
  • Weekly Intelligence Report – 31 October 2025
• Darktrace
  • Darktrace’s Analysis of Post-Exploitation Activities on CVE-2025-59287
• Kennedy Toomey at Datadog Security Labs
  • Learnings from recent npm supply chain compromises
• DebugPrivilege
  • Machines Gone Rogue
• Sergio Albea at Detect FYI
  • Threat Hunting over internal Devices via KQL Queries
• Disconinja
  • Weekly Threat Infrastructure Investigation(Week43)
• DomainTools Investigations
  • Inside the Great Firewall Part 1: The Dump
• Elastic
  • Elevating public sector cyber defense with AI-powered threat hunting | Elastic Blog
• Elastic Security Labs
  • TOR Exit Node Monitoring Overview
• Aaron Walton at Expel
  • Certified OysterLoader: Tracking Rhysida ransomware gang activity via code-signing certificates
• Eye Research
  • Battling Shadow AI: Prompt Injection for the Good
  • WSUS Deserialization Exploit in the Wild (CVE‑2025‑59287)
• Flashpoint
  • The Evolution of Data Extortion TTPs: From Exploiting Code to Exploiting People
• Fortinet
  • Stolen Credentials and Valid Account Abuse Remain Integral to Financially Motivated Intrusions
  • Cloud Abuse at Scale
• Gen
  • Decrypted: Midnight Ransomware
  • VibeScams: How AI website builders are shaping the internet
  • Gen Q3/2025 Threat Report
  • DPRK’s Playbook: Kimsuky’s HttpTroy and Lazarus’s New BLINDINGCAN Variant
• Genians
  • Qilin Ransomware 분석
• Bhavesh Dhake, Will Silverstone, Matthew Hitchcock, and Aaron Fletcher at Google Cloud Threat Intelligence
  • Keys to the Kingdom: A Defender’s Guide to Privileged Account Monitoring
• Group-IB
  • The Illusion of Wealth: Inside the Engineered Reality of Investment Scam Platforms
  • Detecting the NPM Supply Chain Compromise Before It Spread
• Paolo Coba and Lee Kirkpatrick at GuidePoint Security
  • Finding the Master Keys: How to Hunt Malicious Client Secrets in M365
• Hudson Rock
  • Logins.zip Leverages Chromium Zero-Day: Stealthy Infostealer Builder Promises 99% Credential Theft in Under 12 Seconds
  • Russian Authorities Bust Meduza Infostealer Developers: Young Hackers Detained in Major Cybercrime Crackdown
• Hunt IO
  • Multilingual ZIP Phishing Campaigns Targeting Financial and Government Organizations Across Asia
• Intrinsec
  • Global Group: ransomware rebranding stories
• Keisuke Shikano at JPCERT/CC
  • TSUBAME Report Overflow (Apr-Jun 2025)
• David at ØSecurity
  • A bit about timestomping
• Amy L. Robertson at MITRE ATT&CK
  • ATT&CK v18: Detection Strategies, More Adversary Insights,
• Oleg Skulkin at ‘Know Your Adversary’
  • 300. Same Name, Wrong Path
  • 301. Qilin Abuses Cyberduck for Exfiltration
  • 302. Hunting for CVE-2025-59287 Exploitation
  • 303. Hunting for Replication Through Removable Media
  • 304. Adversaries Abuse Microsoft Windows Resource Leak Diagnostic Tool for Dumping Memory
  • 305. BRONZE BUTLER Abuses Cloud Storage Services for Exfiltration
• OSINT Team
  • How Threat Hunters Think: The Mindset, Tools, and Methodology
  • Fileless Loaders Explained : How Attackers Run Code in Memory
  • MonsterV2 Malware-as-a-Service (MaaS) and the TA585 Threat Group’s Advanced ClickFix Campaigns…
• Dan Green at Push Security
  • New LinkedIn phishing campaign identified by Push Security
• Qi’anxin X Lab
  • Smoking Gun Uncovered: RPX Relay at PolarEdge’s Core Exposed
• SANS Internet Storm Center
  • Kaitai Struct WebIDE, (Sun, Oct 26th)
  • Bytes over DNS, (Mon, Oct 27th)
  • A phishing with invisible characters in the subject line, (Tue, Oct 28th)
  • How to collect memory-only filesystems on Linux systems, (Wed, Oct 29th)
  • X-Request-Purpose: Identifying “research” and bug bounty related scans?, (Thu, Oct 30th)
• Sojun Ryu and Omar Amin at Securelist
  • Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
• Sathwik Ram Prakki at Seqrite
  • Operation SkyCloak: Tor Campaign targets Military of Russia & Belarus
• Silent Push
  • Silent Push Unearths AdaptixC2’s Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads
• Socket
  • 10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester
  • Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
• Sophos
  • Phake phishing: Phundamental or pholly?
  • BRONZE BUTLER exploits Japanese asset management software vulnerability
• Stephan Berger
  • Today I learned: binfmt_misc
• Symantec Enterprise
  • Ukrainian organizations still heavily targeted by Russian attacks
• System Weakness
  • CSI: Linux – Hunting for Persistence in the Ironshade Room ️‍
  • Detection Engineering Training: Detecting Browser Credential Theft Attacks
  • Anatomy of a Phish: How We Got from the “Nigerian Prince” to Modern Scams
• Sydney Marrone at THOR Collective Dispatch
  • Dispatch Debrief: October 2025
• Trend Micro
  • Ransomware Spotlight: DragonForce
• Oddvar Moe at TrustedSec
  • Hack-cessibility: When DLL Hijacks Meet Windows Helpers
• Varonis
  • Meet Atroposia: The Stealthy Feature-Packed RAT
  • The Silent Attackers: Exploiting VPC Endpoints to Expose AWS Accounts of S3 Buckets Without a Trace
• Vasilis Orlof at Cyber Intelligence Insights
  • Intel Drops #4
• Vxdb
  • Infostealers Disguised as Free Video Game Cheats
• Iván Cabrera at White Knight Labs
  • Methodology of Reversing Vulnerable Killer Drivers
• Ben Powell (Sr. Web Content Writer) at ZScaler
  • Understanding the Threat Hunting Lifecycle
• Palo Alto Networks
  • Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated October 28)
  • Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack
  • When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems

即将举行的活动

• Black Hills Information Security: Talkin’ Bout [infosec] News 2025-11-03 #infosec #news
• Brett Shavers: Fighting City Hall: DF/IR Lessons from a Pro Se Plaintiff. One judgment, two years saved, half a million reasons it was worth it.
• Cellebrite: Cellebrite + Corellium: Where Digital Forensics Meets Mobile Security
• Cybersecurity mentors podcast: Lessons Learned From the Australian National University Breach w/Suthagar Seevaratnam P2 | CMP S5 E4
• Simply Defensive: Balancing Education and Real-World Cybersecurity with a SOC Analyst Student | Simply Defensive S5 E4
• Magnet Forensics
  • Legal Unpacked E2: Beyond the app icon: Drafting mobile device warrants that reflect how data is really stored
  • Smarter mobile investigations: Tools for today’s forensic service providers
• SANS: SANS Difference Makers Awards 2025
• Silent Push
  • Workshop – Detection Strengthening Integrations for Preemptive Cyber Defense: SIEM Edition
  • Webinar – Unlocking the Power of Domain Search & PADNS-based Preemptive Detection – Silent Push
• Sygnia: Surviving the Breach: Lessons Learned From Past Breaches

演示文稿/播客

• AhmedS Kasmani: Cobalt Strike Loader Internals: From Loader to Shellcode Execution
• Alexis Brignoni: Digital Forensics Now Podcast S3 – 1
• Cloud Security Podcast by Google: EP249 Data First: What Really Makes Your SOC ‘AI Ready’?
• Cyber Social Hub: A.I. vs. Human Intuition
• InfoSec_Bret: Challenge – Hidden Backdoor
• John Dwyer: Malware analysis walkthrough – JavaScript Infostealer
• Kevin Pagano at Stark 4N6: Truth in Data Podcast Feature – CTFs
• Magnet Forensics: Mobile Unpacked S3:E10 // Picking apart the passcodes: Determining the method of unlock on devices
• Monolith Forensics: Adding a Contact to a Case in Monolith
• MSAB: #MSABMonday – XAMN Pro Context
• MyDFIR: SOC Alert Triage Explained: What Most Beginners Get Wrong
• Off By One Security
  • ReVault! Compromised by your Secure SoC with Philippe Laulheret
  • Scaling LLM-Based Vulnerability Research via Static Analysis and Document Ranking
• Parsing the Truth: One Byte at a Time: More with Larry on the Thing About Pam
• Permiso Security: Permiso Demo Webinar | October 30th, 2025
• Richard Davis at 13Cubed: The Easy Way to Analyze Linux Memory
• SANS Cloud Security: 2025 SANS CloudSecNext Summit
• Security BSides Dublin: Security BSides Dublin 2025
• The Cyber Mentor
  • LIVE: HTB Sherlocks! | Cybersecurity | Blue Team
  • Intro to PowerShell: Hunting Network Activity.
• Three Buddy Problem: OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs

恶意软件

• Arctic Wolf: UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities
• Bobby Rauch: Breaking Down a Google Drive Phishing Scam — Total Security or Total Scam?
• Abdallah Elnoty at eln0ty: SpyNote C2 Emulator
• ReversingLabs
  • Evaluating YARA Rules for macOS Malware Hunting in Spectra Analyze
  • Tracking an evolving Discord-based RAT family
• John Tuckner at Secure Annex: Who’s that Pokemon? It’s Monero!
• John Tuckner at Secure Annex: SleepyDuck malware invades Cursor through Open VSX
• Security Onion: Spooky malware analysis!
• Shubho57: Analysis of Latrodectus variant(msi installer)
• The Reverser’s Draft: The PEB Walk Anatomy
• ThreatFabric: New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
• Jeffrey Francis Bonaobra, Joe Soares, and Emmanuel Panopio at Trend Micro: Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C
• Wordfence
  • 100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin
  • Rogue WordPress Plugin Conceals Multi-Tiered Credit Card Skimmers in Fake PNG Files
  • Attackers Actively Exploiting Critical Vulnerability in WP Freeio Plugin
• YUCA: Malops Challenge 9:Katz Stealer Write Up

杂项

• Cellebrite
  • Actor, Host, Artist and Anti-Human Trafficking Advocate Terry Crews to Headline Cellebrite C2C User Summit 2026
  • Find Your Investigative Path
  • Sharing is Caring: Shifting the Paradigm of Digital Investigations Workflows
  • Unlock the Strategic Advantage of AI in Digital Investigations
  • Endpoint Inspector: A Modern, Flexible and User-Friendly Solution for Your Organization
• CyberBoo
  • Microsoft Defender for Endpoint Part 3: Alert Management & Investigation Fundamentals
  • Microsoft Defender for Endpoint Part 4: Incident Management & Attack Story Analysis
• Josibel Mendoza at DFIR Dominican: DFIR Jobs Update – 10/27/25
• Forensic Focus
  • Digital Forensics Jobs Round-Up, October 27 2025
  • Oxygen Tech Bytes In September 2025
  • Digital Forensics Round-Up, October 29 2025
  • MSAB Whitepaper – Investigating RAM In A Mobile Device
  • GMDSOFT Tech Letter Vol 15. Analyzing Anti-Forensic Traces Left By Location Spoofing Apps
• HackTheBox: Scattered Spider: A 90-day recovery plan to build better resilience
• Iram Jack: Intro to Cold System Forensics
• Lykos Defence: Whitepaper: From Chaos to Capability
• Magnet Forensics
  • Simplified start and export in Magnet Witness 1.10
  • From seizure to verdict: Strengthening prosecutions with clear, admissible digital evidence
  • When the lab never sleeps
  • Protecting sensitive media evidence with cloud security you can verify
  • New! Magnet Certification Preparation
• Patrick Siewert at ‘The Philosophy of DFIR’: Selling the Science: Marketing of DF/IR Services
• Raymond Roethof: Microsoft Defender for Identity Recommended Actions: GPO can be modified by unprivileged accounts

软件更新

• Arkime: v5.8.2
• Arsenal Recon: Quick Tour Of New Features In Arsenal Image Mounter v3.12.331
• Didier Stevens: Update: dnsresolver.py Version 0.0.4
• Digital Detective: NetAnalysis® v4.1 – Decrypting Firefox v144
• Digital Sleuth: winfor-salt v2025.12.1
• Maxim Suhanov: dfir_ntfs file system parser 1.1.20
• OpenCTI: 6.8.10
• Sigma: 2025-11-01
• Vound: Intella 3.0.1 Release Notes
• Xways
  • X-Ways Forensics 21.7 Preview
  • X-Ways Forensics 21.6 SR-1
  • X-Ways Forensics 21.5 SR-10
  • Viewer Component
• YARA: YARA v4.5.5

本周内容到此结束！如果您认为我遗漏了什么，或者希望我特别报道某些内容，请通过联系页面或社交平台与我联系！

使用代码 PM15 或点击此链接，可在您的下一门 Hexordia 课程中享受 15% 的折扣。参加我的课程！ 使用折扣码 thisweekin4n6，可在 Cyber5w 的任何课程中享受 15% 的折扣。