Hello, welcome to the Friday, June 18th, 2021 edition of the Sandcented Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

In today's diary by Daniel, you'll learn how to do network forensics in Microsoft Asia.

The trickier is, of course, that unlike in an on-premise

network, you don't really have sort of access to switches and you aren't really able to

deploy span ports. But Microsoft has a couple of different options for you. First of all,

there's network watcher. Network Watcher actually delivers

full P-Caps, but only five hours at a time, and then you have to restart this feature.

The second option is flow logs. Flowlogs or NetFlow is of course always great to look for anomalies

or search for indicators of compromise if you're into that.

The problem, of course, is no payload.

On the other hand, not that hard to throw net flow logs into some kind of log management system like Elasticsearch or Splunk, as Daniel points out. And on Friday,

so by the time you listen to this, it may be available. Daniel will post a second diary talking

about Asia Minor Insights and how to use it to keep track of your network traffic.

And customers of Ledger, a company that is making hardware cryptocurrency wallets,

are apparently being targeted by some relatively sophisticated scams.

July last year, Ledger suffered a preach, and as part of this preach, about a quarter million

different customer records were leaked. In December of last year, these customer records were

actually also made public, and since then, there was a number of attempts to take advantage of these customers.

Now, note that the breach did not really affect the security of the existing ledger wallets.

The data did include personal details like names, mailing addresses, and the like of these customers.

In the latest scam, customers from this breach are receiving what looks like a modified or tampered

...