Hello, welcome to the Wednesday, June 20th, 2018 edition of the Sands and Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Xavier came across an interesting PowerShell script that disables logging. One of the standard techniques, how you defend against Militius'

PowerShell scripts is to log all PowerShell

and then to check and review PowerShell commands executed for malicious payloads.

In this particular case, a trick is used that allows an attacker to disable the script block logging without actually

being administrator. Now, one annoying problem with antivirus that we have talked about a number

of times in the past is false positives. Now, you would hope that Anavirus vendors have procedures

in place to avoid them, but of course it's very difficult for them to test every single piece

of software that's not malicious. Virus Total now offers a new paid service to help with that.

If you are a software publisher, you may upload

your software collection to Virus Total and have Virus Total automatically alert you whenever

your software triggers false positive. Now of course it could also happen that your software actually uses a malicious component.

We have seen this quite often with Bitcoin miners and the like and you probably still want

to know that.

So it's nice to have Virus Total alert you in this case as well.

Now you say okay I can already do this for free with Virus Total.

I just upload my software and then keep checking for updated scan results.

The real nice thing of this paid version is that it actually provides an API that you can

then integrate in your development pipeline.

Which then allows you to recognize any false

positives before you even publish your software.

The next news item, again, no big surprise, turns out a lot of systems used to manage cloud

...