Hello and welcome to the Friday, February 3rd, 2023 edition of the Sansanet Storm Center's

Stormcast. My name is Johannes Ulrich and today I'm a recording from Jacksonville, Florida.

In diaries, we got a diary by Jesse describing how to keep a rotating set of files with packet captures with PFSense.

PF Sense is the rather capable open source firewall distribution.

And yes, of course, with all these BSD Linux and the like systems,

TZB dump is the obvious solution here to capture packets.

It also easily allows you to keep this rotating set of files.

You can specify how big you want each file to get and how many of them to keep.

So the second part of this diary post describes how to actually keep TCPR dump running like this in PFSense.

PFSense, of course, uses a web-based admin interface,

and it's nice, of course, to be able to use that interface to schedule this TCPDump command.

Well, Jesse walks you through this and explains how to actually then get TCPDump to automatically keep running

and also run after reboot without you having to intervene.

And in a blog post by abnormal security, some details of what they're calling the Fire Brick

ostrich group are being laid out. This group is particularly interested in business email compromise scams.

The basic idea of business email compromise is that an attacker impersonates someone either

in the business itself or in this case that is described the blog post at a vendor and

then tricks the victim into directing payments to the wrong account.

The blog post does a pretty good job in walking you through some of the components of these

scams, including like the money mules that are being used to receive the initial payment

and then forward it to the attacker.

Overall, I don't think this particular attack via vendors that they're describing here is

...