meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, October 15th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 15 October 2021

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Port Forward; SMTP Brute Forcing; Fake Ad Blocker; Romance Crypto Coin Scam; Sysmon4Linux; VMWare/Foxit Updates

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, October 15th, 2021 edition of the Santernet Storm Center's Stormcast.

0:08.5

My name is Johannes Ulrich, and today I'm recording from Riyadh, Saudi Arabia.

0:14.3

One of the ways how Azage is often used is to forward ports, and that's, of course, quite a useful feature. For example, you have some

0:22.8

admin console. It only listens on loopback, and you need to access it remotely. But in particular,

0:30.3

on Windows systems, you don't necessarily have SSH enabled. And Xavier has written a quick diary with an interesting workaround here and that's the use of

0:41.7

a net shell. Net shell of course the command to configure various network properties on

0:48.9

Windows and it has an interesting property here the port proxy that can be used, sort of like SSH, to forward connections.

1:00.6

One big difference, of course, SSAH also encrypts the data.

1:05.0

This does not encrypt the data, but for a quick debugging or maybe as part of Penn test or so this may suffice and of course a lot simpler than having to install S-H on the particular system.

1:20.1

And for the exact command line, of course, refer to Xavier's diary.

1:25.8

And on Wednesday I did write a quick diary about these ubiquitous prud force attempts against

1:31.5

mail servers that are really all not that dangerous.

1:35.3

So, well, a little bit sarcasm here, of course.

1:38.1

I focused more on how to improve the brute forcing tool than how to defend against it.

1:43.0

Defending against these kind of tools should be relatively straightforward.

1:47.3

Well, audit your passwords and, of course, try to use two-factor authentication.

1:52.4

In the case of email servers, two-factor authentication doesn't always work that great,

1:59.5

so you may need some application-specific password or so

2:03.4

that's system generated in order to avoid users creating weak passwords. The password lists and

2:12.3

the username lists commonly used by these tools are fairly straightforward, fairly simple,

2:18.9

and that's of course another thing that you can do is audit your users' passwords to make sure they're not using

2:24.5

a password that's on the list. Ad blockers in browsers are very popular because, well,

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.