Hello and welcome to the Monday, January 23rd, 2023 edition of the Sands and its Storms Centers, Stormcast.

My name is Johannes Ulrich, and I am recording from Jacksonville, Florida.

Friday we got a diary by Boyan.

Boyan does a ton of pen tests and is summarizing some of the lessons that he learned from

these pen tests. One critical one being that you must configure proper signing in your Windows

of the occasion. Otherwise, you will be vulnerable to relaying attacks. And he's sort of going over a couple of ways how you can figure out easily if you have signing enabled in your environment.

Starting with EnMAP, which will help you doing that.

But then also for HTTP and for the Active Directory Certificate

Services Server, how you make sure that the HTTP headers are configured correctly.

It's a brief post, but still extremely useful, and like I said, that's something that he

runs into all the time as part of his

pentesting practice.

So this is a very common configuration weakness, not really always that easy to fix throughout

a larger network.

MailChimp, a company that is maintaining mailing lists for various organizations was breached last week,

and I didn't cover this.

Usually I don't really cover breaches here unless there's sort of a wider lesson here.

And well, that wider lesson now comes into play when it comes to MailChimp because Fandual online sports

betting website has disclosed that as part of the Mailchimp breach, one of its mailing lists

was breached.

Now the information isn't really all that super critical, it's email addresses and names, no

passwords or anything like this.

...