In Episode 213, Ben and Scott discuss some preview capabilities which are available to let you unpack your Canvas apps in PowerApps and make changes outside of Power Apps Studio, new connectors for Power Automate, and the transition of Azure Automation runbook samples to GitHub. Sponsors Sperry Software – Powerful Outlook Read More
SolarWinds Updates https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ Cisco Advisories https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html Oracle Business Intelligence Enterprise Edition XSS https://www.exploit-db.com/exploits/49444
Doc And RTF Malicious Document https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/ Center for Internet Security Cisco NX-OS Benchmark https://www.cisecurity.org/cis-benchmarks/ Exploit for Shazam Geolocation Vulnerablity https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 Voice Phishing and Internal Messaging Systems Used to Escalate Privileges https://www.ic3.gov/Media/News/2021/210115.pdf
Scans for DNS over HTTPs https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/ https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments Netlogon Domain Controller Enforcement Mode Starting February 9th https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/ Apple Removing ContentFilterExclusionList https://www.patreon.com/posts/46179028
In Episode 212, Ben and Scott discuss an issue Ben has been having with moving files between SharePoint sites as well as some of the SharePoint limits when it comes to moving these fields.
Hancitor Activity Resumes After a Holiday Break https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/ Intel Hardware-Enabled Ransomware Protections https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses Making Clouds Rain: RCE in Microsoft Office 365 https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1 SAP Security Patch Day https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
Using the NVD Database API Part 3/3 https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/ Sysinternals Update https://docs.microsoft.com/en-us/sysinternals/ Ubiquiti Breach https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/ Run-Only AppleScript Reversing https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
Using the NIST Database and API to Keep Up with Vulnerabilities https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ Titan Security Key https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf The Great Suspender Google Chrome Extension https://www.theregister.com/2021/01/07/great_suspender_malware/ Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
In Episode 211, Ben and Scott kick off 2021 (we made it!) with a discussion around What-If support being GA'd for Azure Resource Manager template deployments and how to configure and manage sensitivity labels for Microsoft Teams and Microsoft 365/Office 365 Groups. Sponsors Sperry Software – Powerful Outlook Add-ins developed to Read More
Netfox Detective: An Alternative Open-Source Packet Analysis Tool https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/ ElectroRAT Drains Cryptocurrency Accounts https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/ Chrome Will Prefer HTTPS over HTTP By Default https://chromium-review.googlesource.com/c/chromium/src/+/2568448 Android January Patch Day https://source.android.com/security/bulletin/2021-01-01 Telegram Publishes Users' Locations Online https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
From a Small BAT File to Mass Logger Infostealer https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/ Citrix Releases Updates Addressing DTLS Flaw https://support.citrix.com/article/CTX289674 Zend Framework Deserialization Flaw https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007 https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
Traffic Analysis Quiz https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/ Zyxel Backdoor https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html Microsoft Source Code Accessed As a Result of SolarWinds Backdoor https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
In Episode 210, Ben and Scott lament a broken Green Egg, discuss upcoming changes to the certification renewal process for Microsoft's role-based certifications, and some upcoming name changes that may impact your advanced hunting queries in Microsoft 365 Defender. Sponsors ShareGate - ShareGate's industry-leading products help IT professionals worldwide migrate Read More
Accessing Restricted Directory Listings via Your AV Solution https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/ Coin Miner Malware Written in Go https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ AutoHotKey Credential Stealer https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
