meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, August 8th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 8 August 2023

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Research Scan IPs; OpenBullet Malware; Cloudflare Tunnel Abuse;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, August 8, 2020,

0:04.0

3 edition of the Santernet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm

0:10.5

recording from Jacksonville, Florida. Today, I did a little bit of cleanup of our data in particular

0:17.8

when it comes to researchers scanning the internet.

0:29.8

So I took the opportunity to put together a quick diary explaining what the different groups are that we are tracking here.

0:40.0

About 28,000 IP addresses are part of that list, and we track 30 different entities that are scanning the internet for more or less research purposes. The hard part, of course, always what's sort of defined as

0:45.5

legitimate research. Personally, I include IP address or groups in this list that identify

0:53.2

themselves as researchers, So essentially, I take

0:56.5

their word for it. And of course, I expect them to do port scans and the like, but not to

1:02.4

exploit any actual vulnerabilities. Not all of these research efforts are academic in nature. Some

1:09.8

are commercial and often, for example,

1:12.6

for monitoring of attack surfaces, that's sort of one service that a lot of them are offering,

1:19.2

but also some of them are offering based out of a scoring system where you can check up

1:24.9

which companies have how many systems exposed to the internet and how many

1:29.5

of them are vulnerable. For more details, see the diary or just, well, take a look at our API

1:36.4

where you can retrieve these IP addresses. And researchers from Kasada did document an interesting set of events where, well, the bad guys are sort of going after each other.

1:51.1

Now, while this is something to not be too concerned about, of course, the problem here is also that the tool they are exploiting is a calmly used open source penetration testing tool, Open Bullet.

2:06.7

Open Bullet is, well, essentially a way to automate brute forcing, credential stuffing attacks.

2:13.1

It interfaces with headless browsers to get a more realistic interaction with websites.

2:20.4

It even has some tricks and such in order to bypass some catch us.

2:26.7

The trick here is that in order to use Open Bullet, you do need a configuration file,

2:31.6

which essentially is a script that describes how to test a particular website.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.