Hello and welcome to the Friday, June 13th, 2025 edition of the Sands Internet Storm Centers. Stormcast,

my name is Johannes Ulrich, and this episode brought you by the Sands.edu undergraduate certificate

program in cybersecurity fundamentals is recorded in Jacksonville, Florida.

William Diaries today, we have yet another diary by one of our undercredit interns.

This time William Constantino is looking into scripts that he wrote in order to summarize

data from the DeShield Honeypot. Of course, we have shown scripts like

this before, and when you're looking at the diary, I don't want you to look at it with sort of

the lens where you say, hey, how am I using the script for myself? I think what's sometimes more

useful is to look at it. How could I create a script like this and which ideas from

Williams script may actually apply to my particular use case? So look at what kind of data William

extracted from the honey pot here. Is this useful to you or not? And then also how some of the details

were implemented in these scripts.

And that's, I think, a better way to look at it.

Creating these scripts yourself sometimes has a real great educational value,

not just with respect to learning how to script,

but also sifting through a data yourself,

looking at some of the oddities in the data and such,

you're really becoming way more familiar with the data as a result,

and as a result also better in actually extracting useful artifacts from these logs.

Well, and thanks to AIM security, we do have a great write-up about zero-click vulnerability

in Microsoft 365 copilot.

One of the key issues with Microsoft 365 copilot is that it's not just a large language

...