Hello and welcome to the Friday, July 25th, 2025 edition of the Sands.

And then at Storm Center's Stormcast, my name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought to you by the Sands.edu undercredit certificate program in cybersecurity fundamentals.

Jim's diary today is about a new tool that he wrote.

Well, it's really sort of a rewrite of an older tool.

There used to be a tool and while it's still around, F-check.

It's a simple file integrity check tool.

The only problem with it is, well, it's old, but it's also written in Pearl.

And sadly, Pearl is fading away a little bit,

and this tool did no longer run well in modern Linux distributions. Now, instead of spending

the time on fixing the older tool, which again relies on Pearl, Jim decided to take a more modern approach and rewrite the tool in Python.

It works fast, it performs well, and it still uses the old configuration file, so it should be a pretty

simple drop-in replacement. File integrity checking, of course, is always an important part of incident response and also

of detection.

There are lots of other tools.

Tripwire is one of the original commercial tools here.

Eight is in a lot of Linux distributions, OSEC, and with that, tools like Vazu also do file integrity checks,

but sometimes nice to have sort of a little Python script like this to just drop it on a system,

do some quick investigation, maybe excluding some files during an investigation by determining

that they have not been altered if you have a good configuration file for that particular system.

Well, and then a quick update on SharePoint, nothing really fundamentally new or different here.

The one thing that's happening now that we're seeing in our honeypots is that more and more

...