Hello, welcome to the Thursday, September 14th, 2017 edition of the Sandinert Storm Center's Stormcast.

My name is Johannes Ulrich, and the time recording from Las Vegas Levada.

Rob is covering today one of my favorite topics in his diary, and that's IPV6, in particular networks that believe that they are not using IPV6.

Most modern operating systems have IPV6 enabled by default, which means that you may not have

any infrastructure providing IPV6 connectivity, but your operating systems are almost always set up for IPV6.

So all NetHacker, or in Rob's case, a pentester has to do is provide that infrastructure for you,

and they're now able to move around your network, pretty much unimpeded by any of your security devices.

So whenever you have an assumption like that you're not using IPV6, always back it up by actually

making sure that you detect any rogue IPV6 traffic.

And Rob also provides some advice in how to configure switches and the like in order,

for example, to prevent rogue routers from offering IPV6 addresses.

Probably the most serious vulnerability was addressed in Microsoft's Patch Tuesday this week

was CVE 2017-8759.

This was the dot-net soap parser vulnerability that was exploited by Finn Fisher.

If you remember, Finn Fisher is an APT campaign that was described by Fire Eye,

and the exploit arrived as a VIRD document. Well, we now have a detailed tutorial about how

to exploit this particular vulnerability.

Turns out it's actually pretty straightforward to create a malicious RTF document

that will exploit this vulnerability.

Again, the RTF document and VERT is really just a delivery vector.

The actual vulnerability was in the dot net component that parses

the malicious file. Given these instructions and the easy exploitability, this is definitely a must-patch

...