Hello, welcome to the Thursday, October 19th, 2017 edition of the Santernet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Singapore.

Renato today published a little script that helped him recently in dealing with an incident. The problem here was that he had a large number of identically configured cloud servers

and had to figure out if any of them were compromised.

So the little trick that he played was to try to compare the files across all of these servers and then create a list

of outliers.

This tool turned out to be very useful to him in this initial triage to figure out which

server to focus on first in particular and that's probably not all that uncommon that there wasn't really much else

installed to help them out on these servers of course ideally people think ahead and install things

like host-based intrusion detection systems and the like before the breach happens but we all know

sometimes you're stuck with whatever you're being

given in the case of an incident like this.

And a test script is now available for the crack attack.

It allows you to verify if a certain access point was patched.

Now, this is strictly a test script, not a proof of concept

exploit in that it does require WPA2 credentials to the access point in order to run the script.

The test script will essentially just check the replay attack and check if the replayed key will be installed by the access point.

If so, then it will consider it vulnerable.

And crypto coin miners are not going away.

Minerva Labs just found a miner that they call water miner. Instead of the more popular

Bitcoin water miner does mine Monero. We have seen Monero being used quite a bit, for example,

in these JavaScript miners, because it is designed to be effectively mined with commodity hardware.

Water miner appears to be mostly distributed as part of gaming mods.

...