Hello, welcome to the Monday, June 21st, 2021 edition of the Sand Center at Storm Center's

Stormcast. My name is Johannes Ulrich. And then I'm recording from Jacksonville, Florida.

Got a couple of nice diaries this weekend. First of all, Daniel wrote the second part of his network

forensics on your VM's diary.

The second part covers your monitor insights, which actually allows you to combine and link

network traffic to processes running within the virtual machine.

That's actually a quite common problem where you're trying

to figure out which particular process is responsible for particular network traffic.

In a second diary on Friday, Daniel wrote about two open redirects within Google's ecosystem

that are currently actively being exploited for fishing.

First one, meet.govil.com and the second one, Hangouts.com.

These two URLs can be used to redirect an unsuspecting victim to any website.

Of course, when they're clicking on the link, they'll see the Google URL and likely

trust it, for example, with their Google credentials.

And because these URLs are so popular, it's really hard kind of to rein them in and to, for example, block them or filter

for them in emails because, yes, they're sadly also used legitimately.

Never wondered for a good set of non-malicious software hashes.

Well, that always existed. The reference data set published by NIST.

Access to it hasn't been difficult, but usually with artwork you had to download entire ISO files

with these hashes.

Circle the Luxembourg cert is now making these hashes available as a DNS service, so that should make it a lot easier to look them up.

You can also look them up via a simple HTTP service.

...