Hello, welcome to the Thursday, August 22nd, 2019 edition of the Sansonet Storms,

and this Stormcast, my name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Today we got a great diary by Russ. He did one of his Plute Team versus Rec Team diaries. What he did here is he used

Commando VM. Commando VM is the complete mandian offensive VM. A sort of

competitor maybe to Kali Linux but commandVM is actually all in Windows.

So for pen testers that prefer Windows, they can use Commando VM.

Then he used Commando VM to launch attacks.

And the second tool called the Krull artifact passer and extractor, Cape by Eric Zimmerman,

in order to analyze these attacks and see what evidence he could find.

If you're interested in this fourth and back between these two tools, definitely check out his

diary. Great write-up and a little bit too much here to really sort of do it justice within this

podcast.

And a couple of entities, including the German cert Bund, have reported about an increase of attacks against Sphinx servers.

If you're not familiar with Sphinx, Sphinx is a search engine.

It allows you to index large SQL and no SQL databases,

and then you can write full-text queries against these data collections and come up with

fairly relevant results according to the Sphinx about page. But on the bad side, Sphinx does not come with any kind of authentication.

So if you are leaving Sphinx exposed to the internet, then you give anybody access to all of your data.

Typically Sphinx listens on port 9,306 as well as 9,312.

So those are the two ports to scan your network to make sure that you don't have Sphinx exposed.

The usual recommendation is don't allow untrusted hosts in your network to connect to your Sphinx servers and the queries sent to the server should

be validated and access controlled before they reach the server.

...