ISC StormCast for Thursday, July 14th 2016
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 14 July 2016
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, July 14th, 2016 edition of the Sansonet Storms and a stormcast. My name is Johannes Ulrich and today I'm recording from Jackson, Florida. With the big search and interest in threat intelligence, one part that often gets lost is how to make threat intelligence actually actionable. |
| 0:21.6 | So not just collect the data, but actually applied to hunt for infected systems into your environment. |
| 0:29.6 | Now, with the large amount of threat intelligence that's available, |
| 0:33.6 | it's sometimes tricky to actually then push out all these indicators of compromise and actually search through your systems for anything that may match. |
| 0:45.0 | Well, Xavier has an interesting script today that he posted about. |
| 0:49.6 | In this script, he uses MISP, which is actually a real great system in itself it does allow you to |
| 0:57.3 | collect and exchange threat intelligence with other organizations but Xavier really took |
| 1:04.6 | this a step further and created a script that will turn indicators collected by MISP into data that can then be used |
| 1:14.0 | with OSEC in order to hunt for infected systems. |
| 1:18.1 | OSEC has a feature that allows you to search for hashes in your environment and that's essentially |
| 1:24.6 | what he does. |
| 1:25.6 | He's just adapting MISP data into OSAC data. Pretty neat. So if you're already familiar with those two systems, that's a pretty straightforward and simple thing to do. |
| 1:37.9 | And well, if you're looking for compromised systems in your environment, why not start with your triple servers? And there is more reason to believe that they may be compromised because there are now a number of new |
| 1:50.0 | PHP arbitrary code execution vulnerabilities in add-ons commonly used with Truple. |
| 1:57.0 | So make sure you're not running any of the vulnerable add-ons here and well |
| 2:02.1 | maybe the commission that triple site while you're added. Tor is of course still the |
| 2:08.3 | number one way how people are trying to stay anonymous on the internet even though |
| 2:14.6 | over the last few years there have been a couple of cases where it has |
| 2:18.8 | been shown that this anonymity is not perfect in many cases the attack is actually |
| 2:24.1 | less against Tor but more against client systems for example by injecting |
| 2:29.4 | JavaScript at Tor endpoints but even the more sophisticated traffic analysis methods, |
| 2:37.0 | they all have in common that an attacker needs to have access to a good number of Tor notes and |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.