Hi there:)
It's Monday which means it’s time for another newsletter of things i have come across of interest since the last one, the last one sadly had to be cancelled due to lack of time getting around to it in time, turns out, applying for jobs, properly, takes up a lot of your time unfortunately.
This release also may not have a lot of content, but as i have already mentioned before, while previously i tried keeping to a minimum of 10 things each release, that was neither good for my time or physical/mental health, so now, with the changes, it is more in-line with why i started the newsletter in the first place, to highlight things i come across which i found particular worth sharing with others.
Due to this, there will be less time-sensitive news and a shorter newsletter, but in return it should be easier to keep a more consistent weekly schedule than before and take less time to write which is a good thing:)
~Kazu
FLOSS Version 2.0 is out
https://www.mandiant.com/resources/floss-version-2
Kazu: FLOSS, A tool which Obfuscated strings in malwares(and non-malware) which have been used by many analysts for years have just announced they released version 2.0 of the tool which include new string deobfuscation algorithm as well as improved the reliability and performance of existing identification and emulation algorithms.
If you are someone who regularly uses FLOSS, then this update may be something that may interest you and hopefully should improve your speed and capabilities..
Tags: Tool, Reversing, deobfuscation, malware
Another Exercise In Encoding Reversing
https://blog.didierstevens.com/2022/06/20/another-exercise-in-encoding-reversing/
Kazu: in this blog post by Didier steven, he shows you how to go about decoding encoded payloads as well as how to use some of his many tools and it's highly recommended read for anyone who are doing statistical analysis and working with malware analysis or just want to know how to reverse encoded stuff.
Tags: Reversing, Tools, Decoding, Hex, tutorial
WELA (Windows Event Log Analyzer)
https://github.com/Yamato-Security/WELA
Kazu: While there's already quite a bit of different tools out there for Windows DFIR, i found this one interesting and decided to highlight it, according to it's readme, WELA aims to be the Swiss Army knife for Windows event logs with easy-to-analyse logon timeline for fast forensics and incident response as currently it's greatest functionality.
I have not personally had a chance to test it yet and I have no idea how it stacks up against other tools, but I found it interesting and worth noting.
Tags: Tool, DFIR, Windows, Event Logs, Analyzer, GitHub.
Paul Tol's Notes:introduction to colour schemes
http://personal.sron.nl/~pault/
Kazu: Anyone who knows me, knows that I love colors and will use any opportunity to use such where possible. but not everyone sees colors the same way and with around 8% of the world's population(based on quick google search) suffering from color blindness of various degrees it can be extra challenging for them.
But by being aware of it and making a conscious effort to try to use color schemes that are more color-blind safe, then that goes a long way to make sure everyone understands what you are trying to show and communicate, which in the end benefits everyone and is important both within and outside technology and infosec..
Tags: colors, Design, data visualization, Information
NoMoreRansom: A possible solution when ransomware strikes
https://www.nomoreransom.org/
Kazu: In today's world, ransomware attacks are more and more common and while the big ones are usually the ones that get targeted most by such, they can happen to anyone and anywhere. and while often there's little to do other than either pay up or restore from an offline backup(you did remember creating an updated offline backup right?), there exist sites out there such as "NoMoreRansom.org'' which is dedicated to trying to help decrypt your files again without having to pay the ransom.
With that said, NoMoreRansom can not help with all types of ransomware and if your files got stolen as well as encrypted, then it may not help that much, but it's certainly something to keep in mind next time you come across a ransomware.
Tags: ransomware, Decryption, Tools