Hello and welcome to the Wednesday, January 18th, 2020,

edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

In Diaries today, we got a real nice hands-on one by Rob about the PowerShell script

that you can use to actually find certain

group policies in your organization. The challenge here is that you often have many,

many different, if not hundreds, thousands of group policy objects, and then of course trying

to find a particular one that may not even be

named very obviously can be challenging so rob has a power shell script here for you to help

with that task starting with representing these group policy objects in XML and then actually finding what you're looking for in the resulting XML document.

A pretty nice PowerShell script here that Rob put together and I hope you'll find that handy.

And the open source technology improvement fund OSF, sponsored source code audit of Git by security company X-41.

They released their report now, and with that they also released details regarding two vulnerabilities that they uncovered as part of the audit.

Git is, of course, the ubiquitous source code management tool, kind of a vulnerability.

Git is sort of your ultimate supply chain vulnerability in some ways, and always interesting

to see what they find.

One of the fundamental issues with Git has been in the past that there are certain

circumstances where you actually would like Git to execute some code that is part of

the repository like hooks and such that are automatically being executed as you're

committing or retrieving a code from a Git repository. So some of these vulnerabilities in

Git have really been applicable if you are dealing with untrusted repositories. The vulnerability

uncovered here are a little bit different.

...