Hello, welcome to the Monday, February 18th, 2019 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Last week I mentioned the vulnerability in the snappy packet manager that is distributed by Canonical, the company Bied Hein

Ubuntu, and of course it is used by Ubuntu but the listener pointed out that

yes it's used by other distributions too. It can install it pretty much on any

distribution you choose to. Now patches are now available not, not just for Ubuntu, but also for other

distributions. So double check and make sure that you applied this patch. And in the show notes,

you will find a link to the Ubuntu page that has references to patches for different

distributions.

And for all the reverse engineers out there, based on some reader feedback,

DDE updated his famous OLLI Dumb tool in order to also find PowerShell commands hidden in

a property alternative text so if you're

interested in this over the weekend DDA published diary explaining how this

works and also a video with a little walk through through this latest

version of his tool and the Salesforce team is added again with releasing some pretty neat security tools.

The latest one that they released was ProSysmon and they now have a nice blog post, how to set it all up

and how to also integrate it with their SSL fingerprinting libraries like JA3.

Now, what Pro-Sysmon really does is it uses data from SISMON.

SISMON is an add-on tool for Windows that you can use to, for example,

monitor outbound network connections, among other things.

And the way sort of a pro or seek

feeds in there is that it would be nice to know which particular program on a Windows host did

...