Hello, welcome to the Friday, April 17th, 2020 edition of the Santernat Storm Center's Stormcast.

My name is Johannes Ulrich, and I am recording from Jacksonville, Florida.

In the past on Fridays, I often had SDI students here for an interview about their recent research projects. Well, I tried

something different today. David Brown, he is an SDI student that recently finished a really neat

paper that talks about how to use App Locker to successfully defend against living off

the land attacks.

Well, instead of having him here for an interview, we actually did record a little video

where he gets to demonstrate how his improved app locker rules work.

The basic trick here is that he made the app locker rules user specific. So

users, regular users, are even more restricted into what they can execute versus an administrator.

By default, app locker does allow all the standard Windows software to operate,

which of course is exactly what sort of living off the land attacks are all about.

But David's rules make that quite a bit more difficult.

So check it out.

Links will be in the show notes and also on the Internet Storm Center website.

If you go to Thursday's Diary diary you'll see the video and a link to his paper and chihoo 360 is reporting about uh seraday currently being used

to build a botnet using netlink Gipon routers.

Gpon stands for gigabit passive optical networks, often used sort of in home installations

and some of these fiber to the home setups.

And in order to use the exploit, you actually need two stages or two different exploits that

have to be executed.

The second one of these exploits is already public, but it doesn't really work without the

...