ISC StormCast for Monday, July 24th, 2023
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 24 July 2023
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Monday, July 24, 2023 edition of the Sansonet Storm Center's Stormcast. |
| 0:08.7 | My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:14.8 | In our data, I think we are now tracking about 30 different researchers, as we call them, organizations that are |
| 0:24.1 | scanning the internet for open ports, vulnerable systems, for research purposes, or to provide |
| 0:31.8 | data to customers. Well, the granddaddy of all of these systems, probably the most well-known one at this point, is shodan.io, and we have another blog about how to actually utilize the data. |
| 0:47.0 | Rob shows a quick example about how to inspect particular IP address using the Shodan API and how to get all kinds of information about that |
| 0:56.9 | IP address. |
| 0:57.9 | This is really helpful to look at your internal exposure. |
| 1:02.0 | And what's often also referred to as attack surface management, of course, some of the |
| 1:08.2 | other Shodan competitors and such also offer products around this type of data. |
| 1:15.4 | Now, Rob goes beyond some of the little and simple parts, the API, but also shows how you can |
| 1:21.4 | then further drill down into the data. |
| 1:24.9 | For example, if there is exposed RDP services, you can even get screenshots |
| 1:29.8 | and the like, which wouldn't necessarily replace sort of your own reconnaissance scans as part of |
| 1:35.6 | a penetration test or vulnerability assessment, but certainly it's a good part of it and, of course, |
| 1:43.1 | much faster in particular if you're looking at a larger network. |
| 1:48.7 | And cloud security company Whiz wrote a blog post diving a little bit deeper into what may have happened with Microsoft's Azure Active Directory signing key that was compromised led to the compromise of several Outlook 365 inboxes. |
| 2:10.0 | What they concluded was that it probably did not just affect Outlook 365. It may have affected other Microsoft application. |
| 2:22.7 | Hard to verify what's in the blog post. Of course, they're not having access to sort of any |
| 2:29.2 | internal logs or such at Microsoft. However, they are referring to the documentation provided by Microsoft, |
| 2:37.3 | as well as to some of the details like key fingerprints and such, being noted by Microsoft |
| 2:43.1 | in their disclosure. They also conclude that the problem was limited to multi-tenant applications. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.