meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, October 21st, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 21 October 2022

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Value of Prefetch; Win 10 TLS Fix; ScubaGear released; HTTP/3 Contamination;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Friday, October 21st, 22 edition of the Sansonet Storm Center's Stormcast.

0:09.7

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

0:15.4

Today we have a guest diary by Logan Fluke and Logan writes about how to use prefetch files in forensics

0:24.1

investigations. Great article for those who are not yet that familiar with some of the

0:30.9

details of Windows forensics. Prefax files are meant to serve as a cache file for the operating system, but the real value for forensics is that it tells you what the software was actually run.

0:47.1

And it can't even tell you, for example, some of the files that this software may have opened.

0:56.3

So if you want to start with Windows forensics,

1:01.6

that's the write-up kind of to introduce you to some of the tools that also help you analyze these Brayfetch files. Microsoft this week released an update to Windows 10 that

1:10.2

isn't exactly a security update,

1:13.1

but I think still worth mentioning the update Microsoft released fixes an issue with TLS connections failing.

1:21.8

And apparently this is something that was introduced with the October patches. It looks like some versions of Windows 11 are affected as well,

1:32.7

by this point there is only a fix for Windows 10. If you have the issue and if this fix doesn't

1:42.2

help or you're running Windows 11, then your only other option is to undo the October patch.

1:51.3

And if you're using Microsoft 365's cloud offering, well, auditing your configuration can be a little bit tedious.

2:00.6

So to help SISA now released a tool in the form of PowerShell scripts that will verify

2:07.7

if a configuration complies with the Scuba minimum viable security configuration baseline.

2:16.5

The tool was released to a GitHub. It's called Scuba Gear,

2:21.3

kind of based on that acronym Scuba, which actually stands for secure cloud business applications.

2:29.4

Scuba is a set of baseline configurations developed for the US federal government, but of course others

2:36.3

may find them helpful as well.

2:39.1

And with that, you may also want to take a look at this tool to help you audit against these

2:47.0

baselines.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.