ISC StormCast for Tuesday, November 24th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 24 November 2020
⏱️ 4 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, November 24, 2020 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida. The year today has a quick diary showing one of his new tools, 1768. 1768, well, that number happens to be the |
| 0:26.3 | melting point in Kelvin for Cobalt, and the tool that he's introducing here helps you |
| 0:33.8 | analyze Cobalt Strike beacons. Given, of course course the ubiquity of Cobalt Strike in somewhat more sophisticated attacks |
| 0:42.2 | these days, this is certainly a new tool to speed up the reverse engineering of these |
| 0:49.0 | beacons. |
| 0:50.5 | Now Cobalt Strike, of course, is a commercial tool. |
| 0:53.8 | It's used for pen testers, but yes, bad guys, of course, have gotten their hands on it to and are using it to compromise networks. |
| 1:04.1 | But it looks like attacks against domain registrars are back, and the latest registrar to facilitate these attacks is GoDaddy. |
| 1:12.6 | A number of crypto coin currency related sites were essentially compromised by an attacker socially engineering GoDaddy |
| 1:22.6 | and using access to the victim's domains to then, for example, change MX records, intercept |
| 1:31.0 | email, and use that for password resets. This is an attack that keeps coming back, and of course, |
| 1:38.1 | it's difficult to defend against because really the attack is totally external to your organization. |
| 1:45.0 | It's just really between the attacker and the domain registrar. |
| 1:50.0 | Best you can probably do is monitor your DNS records, |
| 1:55.0 | make sure that you are alerted if any unauthorized change is made. |
| 2:00.0 | And of course, yes, you should do your best to |
| 2:02.7 | secure any credentials and enable to factor authentication, but against this social engineering |
| 2:09.7 | attack, this would not necessarily protect you. So having detective controls in place is certainly |
| 2:16.5 | important. |
| 2:24.8 | And talking about various mischief being done with domain names, the FBI is warning that they're seeing an increase in spoofed FBI domains. |
| 2:29.6 | Essentially what the attacker is doing here is just registering a domain with the letters FBI in the domain name, |
| 2:37.5 | and then using that to full victims into believing that this is the actual FBI or an FBI-related |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.