In Episode 262, Ben and Scott discuss a bug in one of the latest releases of Azure AD Connect and then talk about a new supported topology where you can synchronize accounts from on-premises to multiple Azure AD tenants. Sponsors Intelligink - We focus on the Microsoft Cloud so you Read More
Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/ Bypassing File Quarantine, Gatekeeper and Notarization Requirements https://objective-see.com/blog/blog_0x6A.html Spider-Miner: Trojanized Version of Spiderman No Way Home https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
Log4j/Log4Shell and Cloud Internal Meta Data Services https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/ https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/ Log4j/Log4Shell Pushing Crypto Miner https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/ Microsoft Vulnerable and Malicious Driver Reporting Center https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/ Azure Source Code Leak https://blog.wiz.io/azure-app-service-source-code-leak/
You can catch the podcast aired live every Sunday at 7pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Merch:Want a Remnant Gamer Jersey of your own? Head to https://www.remnantgamers.com/copy-of-events and pick out the style that suits you best!You can Read More
Episode 1 of this podcast was published on April 20, 2017. We've been recording and publishing weekly for almost 5 years. In that time, we've had the opportunity to talk to you about everything from Office 365 (when it was still called that) to Azure IaaS and PaaS services. Our Read More
PowerPoint Atachments: Agent Tesla and Code Reuse in Malware https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/ VMWare Workspace ONE Patch / log4j status https://www.vmware.com/security/advisories.html Attacks Against Building Automation https://limessecurity.com/en/knxlock/
Disaster Recovery Automation Using Public DNS APIs https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/ Office 2021: VBA Project Version https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/ Log4j Updates https://www.blumira.com/analysis-log4shell-local-trigger/ https://logging.apache.org/log4j/2.x/security.html
How the "Contact Forms" Campaign Tricks People https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/ Bluetooth Used to Extract WiFi Secrets https://arxiv.org/pdf/2112.05719.pdf Lenovo Privilege Escalation Vulnerability https://support.lenovo.com/cy/en/product_security/len-75210 https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/ Log4j Updates https://github.com/cisagov/log4j-affected-db https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 https://twitter.com/sans_isc/status/1471611522694717445
In Episode 260, Ben and Scott talk about how to get started with KQL, or Kusto Query Language across a number of Azure and Microsoft 365 services, including Azure Monitor, Azure Data Explorer, the Azure Resources Graph, and the Microsoft 365 audit log. Sponsors Intelligink - We focus on the Read More
Log4Shell Becoming Part of the Day to Day Grind https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ https://www.youtube.com/watch?v=oC2PZB5D3Ys Google Chrome Update https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Malicious PyPi Packages https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
In Episode 259, Ben and Scott discuss some of the latest announcements involving Azure AD, including new security features in Microsoft Authenticator and a new capability that allows Azure AD to issue Kerberos tickets which allows for SMB file shares in Azure Files to be accessed without line of sight Read More
December 2021 Forensic Challenge https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection Android Patch Day https://source.android.com/security/bulletin/2021-12-01?hl=en
