Hello, welcome to the Thursday, April 16th, 2020 edition of the Santernut Storms,

and I'm a song, I'm a recording, from Jacksonville, Florida. Office documents with malicious

macros, well, one of the probably most common ways how organizations are being compromised these days.

So always interesting to look for new ways to figure out who in the organization has them

sitting on their system.

Rob came up with a real neat PowerShell script that you can use to hunt for these office documents in your network.

Now, in a couple things it does.

It first of all looks for office files that have macros in them, but then it can also check

if this particular document was downloaded from the internet.

It's sometimes referred to as the mark of the web, but documents,

files in Windows and actually other operating systems too like macOS have a marker that will

tell you whether this came from the local machine, the local intranet, a trusted site, or the

internet. So this is a great way then to figure out whether or not a file with a macro was downloaded

from the internet.

A third parameter that Rob can look for is Cerabyte Office files, but anyway, he wrote a pretty

nice and well documented PowerShell script that will look through all your files that you can use to actually spider your network for files that match these criteria.

He said he had quite a bit of success with this, not just to find actual malware, but also, well, users that just keep downloading

macro documents from the internet, whether they're being malicious or not, probably still a good

way to sort of look at these user systems to see if anything odd is happening.

And then we had today two unrelated events that caused outages, apparently, for a number

of different websites, or at least slow responses.

Well, let me head today two unrelated events that caused some outages for a number of websites. First of all, the last few days,

...