ISC StormCast for Tuesday, December 5th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 5 December 2017
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, December 5th, 2017 edition of the Sandstone Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida. |
| 0:12.6 | If you're working in a sock, then you probably have heard of the term of orchestration. It usually refers to writing scripts and somewhat automating |
| 0:24.6 | how you respond to certain events. Now Tom today wrote a blog about just such a tool, |
| 0:31.6 | the Hive project, actually the cortex part of it is what I sort of would classify somewhat as orchestration here. |
| 0:40.9 | But what this all comes down to is to essentially have a better ticketing system for your sock. |
| 0:48.6 | The hive can receive events from your SIM, email or other sources also integrates with MISP to track your indicators |
| 0:58.3 | of compromise and the like, but then with Cortex, you can, for example, take a file and then run |
| 1:04.9 | it through different analyzers and it does support a quite nice and diverse set of pre-written analyzers. |
| 1:15.0 | Certainly enough to get started and give the project a try to see if it will simplify your |
| 1:21.1 | work and let us know if you like tools like this or if you found any particular tricks or so to apply these tools to your work. |
| 1:31.3 | Now, talking about open source tools, I just came across thanks to a Reddit post, to an extension for one of my favorite open source tools, and that's Scapey. |
| 1:43.3 | Scapey allows you to create pretty much arbitrary |
| 1:46.7 | network packets. Now, the extension I just found appears to be actually around for a while, but |
| 1:52.8 | never really seen it before. It does allow you to extend Scapey's capability to S.S.L and TLS. I remember a couple times looking |
| 2:04.5 | for just such an extension and nice to see that it's now available. And Apple today |
| 2:12.4 | released TVOS 11.2 after releasing iOS 11.2 over the weekend. Now, I mentioned yesterday that there has so far |
| 2:23.5 | been no security details available about iOS 11.2. That's still the case as I record this. |
| 2:31.4 | Also, no security details about TVOS 11.2. |
| 2:36.4 | And this year we had a number of different reports about vulnerabilities and problems with |
| 2:42.8 | the Intel management engine or M.E. Well, it looks like a number of vendors are now shipping, in particular, laptops with |
| 2:54.5 | Intel M.E, disabled by the vendor. |
| 2:59.0 | Dell and System 76 both made announcements that they at least provide an option to ship |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.