meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, May 29th 2019

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 29 May 2019

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BASE64 Encoded Powershell; #BlueKeep Census; MSFT DHCP Client Vuln Analysis; @sensepost @ErrataRob @0xdf_

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, May 29th, 2019 edition of the Santernat Storm Center's Stormcast.

0:07.0

My name is Johannes Ulrich, and today I'm recording from San Antonio, Texas.

0:12.0

It's always great to have readers submit malvers samples to us even better if the reader then published a blog post with some additional

0:23.6

analysis of the sample. So we do have two posts actually here to refer to. The first one is by

0:30.7

DDS, part of our diary, where he goes over how to extract the PowerShell script that was Base 64 encoded in this particular office document that the reader submitted.

0:44.2

The reader himself then went from there and did additional analysis.

0:48.1

As part of the show notes, you'll find two links.

0:50.2

One is to DDA's diary entry and one is to the blog published by the reader submitting this sample.

1:00.0

Well, it looks like we still have to talk about the RDP vulnerability Blue Keep or CVE 2019-07-08.

1:09.0

Well, it's about two weeks since we got a patch for this vulnerability.

1:15.0

The latest news here is an internet-wide scan by Robert Cram.

1:20.1

Now, he's a reputation of doing these type of scans quite diligently.

1:25.9

He first just scanned for IP address that have port 3,389 listening.

1:32.3

Well, 7.6 million results came back.

1:36.3

However, turned out that only half of them were running remote desktop.

1:41.3

He did an additional scan using RDP scan. That's a scanner for the

1:46.5

vulnerability that he wrote and actually it is open sourced so you can use it yourself against

1:52.7

your network if you wish to do so. And in the end he ended up with a little bit less than a

1:59.9

million, about 923,000 vulnerable hosts that are exposed to the Internet.

2:07.4

So about a third of the RP servers that are exposed to the Internet are vulnerable.

2:13.7

Now I guess you can conjecture here that if people are exposing RDP to the internet, then there's a good chance, like a one in three chance, they're not patching either, which sort of could imply that if RDP is exposed to the internet, well, that's the real problem that you need to address.

2:32.3

And it's probably just an indicator there of other basic sort of network hygiene and so not really being in place.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.