ISC StormCast for Tuesday, January 19th, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 19 January 2021
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, January 19th, 2021 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:14.1 | And again, we got a great reverse engineering diary by the DA. This time he walks us through the analysis of a Word |
| 0:22.5 | document that then actually leads to an RTF document and finally triggers a download for |
| 0:30.2 | an executable. The nice thing about this diary is he really walks you through the different |
| 0:35.4 | steps that he undertakes in analyzing this malware. |
| 0:39.5 | Also, some of the dead ends basically commands that didn't lead to any results. |
| 0:45.3 | So you get a little bit of more systematic view of how to analyze these documents and hopefully |
| 0:51.9 | something that you're able to reproduce with documents that you may come across. |
| 1:00.4 | And Rob Vandenpring, one of our Internet Storm Center handlers, finished his Center for Internet Security, Cisco NXOS benchmark. If you're not familiar with the Center for Internet Security, Cisco NXOS benchmark. |
| 1:11.6 | If you're not familiar with the Center for Internet Security, |
| 1:14.2 | they literally publish dozens of benchmarks that you can download from their sites. |
| 1:20.8 | These benchmarks, well, they're typically PDFs that basically tell you everything |
| 1:25.5 | that you could possibly configure more securely from operating systems to software, like, for example, Apache, including cloud providers, and yes, now also for Cisco NXOS. |
| 1:40.7 | One neat thing I like about these benchmarks is that every single step you typically do have a small snippet of the command line and how to implement the particular benchmark. |
| 1:53.0 | They're often also either from the center of internet security or third parties, tools like scripts and such that will help you perform these tasks, |
| 2:02.6 | or audit the task. |
| 2:04.6 | Just keep in mind that like any of these benchmarks, it's essentially a list of everything |
| 2:09.6 | that you may secure or configure more securely doesn't mean it's necessarily appropriate |
| 2:15.6 | in your environment. |
| 2:17.5 | So what you typically end up doing is select a subset of the controls and apply them to your systems. |
| 2:26.0 | And while I don't see this particular benchmark listed on the Center for Internet Security |
| 2:30.5 | website yet, if you just sign up to receive any of the benchmarks, you'll actually get |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.